Coffeehouse Thread

57 posts

Using just any unsecured WiFi - stealing?

Back to Forum: Coffeehouse
  • User profile image
    ScanIAm

    , brian.​shapiro wrote

    At any rate, there's also a wider definition of stealing which has no moral context to it. Consider expressions like "I stole a glimpse", "I stole the gift into the house," etc. which just means to take surreptitiously. 

    I stole a glimpse seems much more apt of a description than 'stealing wifi'.  If I can see into your house or hear a conversation you're having through an open window, how is that different than detecting a wifi signal?

    This will only get further muddled when Wifi is available across larger areas if/when some of the TV bandwidth is given out for public use.

    I think that blowdart's original point, however, was valid: If you are getting wifi from a router that isn't yours and they don't know you are on it, it's kinda hard to debug a connection issue.

     

  • User profile image
    Bass

    , ryanb wrote

    It's pretty black and white.  If you are using someone else's wireless connection (whether secure or insecure) without their knowledge and permission, than you are in the wrong both morally and, in most places, legally as well.  Even with the owner's permission you are still not in the clear.  Many large service providers, like Comcast, explicitly prohibit any sharing of the network connection in their terms of service.  Most service providers also do have bandwidth caps or variable cost plans.  Throw in liability concerns, risk of infections or data theft, etc., and it's just a bad idea.

    It's not black and white at all, otherwise everyone using Wifi in a coffee shop would be arrested. How do you know they intended you to use it? There is no formal way to obtain "authorization", that's the problem with making this black and white. That's why we in legal systems we have ideas like "intent".

  • User profile image
    evildictait​or

    , Bass wrote

    It's not black and white at all, otherwise everyone using Wifi in a coffee shop would be arrested. How do you know they intended you to use it? There is no formal way to obtain "authorization", that's the problem with making this black and white. That's why we in legal systems we have ideas like "intent".

    It's pretty easy. If they have a sign like this:

    Generic Forum Image

    You can use their wifi.

    Otherwise you can't.

  • User profile image
    magicalclick

    Going thru someone's network? Even if https is supposed to deal with MITM attack, but, I am still worried.

    Leaving WM on 5/2018 if no apps, no dedicated billboards where I drive, no Store name.
    Last modified
  • User profile image
    kettch

    @magicalclick:

    Long story short: Never run an unsecured router, and never use an unsecured router without explicit permission.

  • User profile image
    cheong

    I'd regard the boardband router protected area inside a home network a part of the "home".

    If you found such WiFi connection unsecured and try to connect, it's equivalent to walk pass someone else's home and found the door unlocked, then go inside the house.

    It doesn't really matter if the house owner intentionally leave it open or not. If you'd not asked and there's no sign inviting you to walk in (I'll consider having "open" or "free" as a part of SSID equivalent of "welcome in" in this sense), you're doing it wrong.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    Bass

    , evildictait​or wrote

    *snip*

    It's pretty easy. If they have a sign like this:

    You can use their wifi.

    Otherwise you can't.

    So as long as I travel with a piece of paper that says "free wifi" and put in on my table, I can use free wifi everywhere? Prove that the establishment didn't put it there.

  • User profile image
    evildictait​or

    , Bass wrote

    *snip*

    So as long as I travel with a piece of paper that says "free wifi" and put in on my table, I can use free wifi everywhere? Prove that the establishment didn't put it there.

    Tell me how that works out for you in front of a judge.

  • User profile image
    ScanIAm

    , cheong wrote

    I'd regard the boardband router protected area inside a home network a part of the "home".

    If you found such WiFi connection unsecured and try to connect, it's equivalent to walk pass someone else's home and found the door unlocked, then go inside the house.

    It doesn't really matter if the house owner intentionally leave it open or not. If you'd not asked and there's no sign inviting you to walk in (I'll consider having "open" or "free" as a part of SSID equivalent of "welcome in" in this sense), you're doing it wrong.

    Really?  Because I didn't, actually, go inside the house.  I interacted with the radio signal that you were broadcasting at such a high level that I could hear it well outside of your domicile.

    It may have been possible to confuse the issue such that this analogy seemed logical to an untechnical judge, but it isn't logical to someone who knows how electromagnetic waves work.

    If you turn on your stereo loud enough that I can hear it outside, am I 'stealing' from you by listening to the fine quality tunes you are playing?

    If your ham-radio tower broacasts on the same channel as I happen to be speaking, am I stealing from you?

    Or, more to the point, if you have a promiscuous unsecured wireless router that passes any connection from any device right through to your ISP, how is that theft? 

    It isn't, and frankly, the ISP has more of a case against the router owner than the person who connected.

  • User profile image
    Bass

    , evildictait​or wrote

    *snip*

    Tell me how that works out for you in front of a judge.

    And the judge has magic powers of repudiation?

  • User profile image
    evildictait​or

    , Bass wrote

    And the judge has magic powers of repudiation?

    No. But he has magic powers of deciding whether you're guilty beyond all reasonable doubt.

  • User profile image
    Bass

    , evildictait​or wrote

    *snip*

    No. But he has magic powers of deciding whether you're guilty beyond all reasonable doubt.

    How? I got out of traffic tickets that were more determinable.

  • User profile image
    cheong

    , ScanIAm wrote

    *snip*

    Really?  Because I didn't, actually, go inside the house.  I interacted with the radio signal that you were broadcasting at such a high level that I could hear it well outside of your domicile.

    It may have been possible to confuse the issue such that this analogy seemed logical to an untechnical judge, but it isn't logical to someone who knows how electromagnetic waves work.

    If you turn on your stereo loud enough that I can hear it outside, am I 'stealing' from you by listening to the fine quality tunes you are playing?

    If your ham-radio tower broacasts on the same channel as I happen to be speaking, am I stealing from you?

    What does matter is that whether you passively receive it or actively using tools (i.e.: you wireless NIC) to get it. Here I'll try to provide another analogy.

    In Hong Kong, our building have public satellite receiver at the roof that if a resident agree to pay their share of maintenance fee, they can use it to enjoy satellite TV channels. Although in theory it only provide access to those who pay, the workers actually wired the line toward each door of each floor and provide open socket there. So if you really want, you can draw a line from your TV and plug it there to the socket outside your flat, and chances are there that noone will notice.

    Now if you don't pay but people find out you're using it and want to sue you, at what chance the judge will side with you?

    Or, more to the point, if you have a promiscuous unsecured wireless router that passes any connection from any device right through to your ISP, how is that theft? 

    It isn't, and frankly, the ISP has more of a case against the router owner than the person who connected.

    That'll be different matter, as it clearly violates wiretapping law here.

    Like what I said, whether you're liable is decided by whether you're actively using a tool to accquire it.

    Recent Achievement unlocked: Code Avenger Tier 4/6: You see dead program. A lot!
    Last modified
  • User profile image
    Craig_​Matthews

    So, when I intentionally set my router to broadcast an open wifi signal, the sole purpose of which is to broadcast its existence to everyone within range and offer a connection, and then provide one without question, the person using it needs my permission? I thought I just gave them that by handing them my wifi.

    These aren't electrical extension cords, these aren't unlocked doors in front of people's houses, and they aren't cars with the keys in the ignition. These are routers, configured by their owners, to say "Hello, here is a Wifi connection for you to use" to any device in range.

     

  • User profile image
    kettch

    @Craig_Matthews: How do you tell the difference between an intentionally open router, and an unintentionally open router? If I was to offer free wifi to all within range, I would set the network name to "FREE INTERWEBS RIGHT HERE" or something, but if it's called "LINKSYS1000" and it's open, that just seems like it's an accident.

    Or you could do what a friend of mine did, and set up a router with a huge antenna, and a paypal page. He sold access to several of his neighbors for just enough under the local ISP's rate to make it worthwhile for the email and facebook crowd. Obviously it was probably illegal and definitely against the ISP's usage agreement, but he's that kind of guy.

  • User profile image
    Craig_​Matthews

    , kettch wrote

    @Craig_Matthews: How do you tell the difference between an intentionally open router, and an unintentionally open router?

    Because, in my opinion, if someone configured their router to broadcast a wifi signal, offer it to devices, and then connect those devices without question, the intent of the router owner is clear -- at least clear enough to my ability to ascertain as the person utilizing it. Granted -- just my opinion.

  • User profile image
    Sven Groot

    , Craig_​Matthews wrote

    *snip*

    Because, in my opinion, if someone configured their router to broadcast a wifi signal, offer it to devices, and then connect those devices without question, the intent of the router owner is clear -- at least clear enough to my ability to ascertain as the person utilizing it. Granted -- just my opinion.

    Except that I'm pretty damn certain that 99% of unsecured networks are that way because that's the default configuration of the router and the person who set it up didn't know any better. That's even more likely if they're using the router's default SSID.

    These people didn't deliberately configure their router to let anyone connect. The problem is that these people didn't really configure their router at all.

  • User profile image
    Craig_​Matthews

    , Sven Groot wrote

    *snip*

    Except that I'm pretty damn certain that 99% of unsecured networks are that way because that's the default configuration of the router and the person who set it up didn't know any better. That's even more likely if they're using the router's default SSID.

    These people didn't deliberately configure their router to let anyone connect. The problem is that these people didn't really configure their router at all.

    Fair enough point and I'll also concede that the owners of the routers generally aren't given enough information by the router manufacturer to make an informed decision as to how to configure their router as well as having insecure defaults.

    Fortunately, ISPs, at least with the wireless devices they provide, have for the most part moved toward installation with secure defaults, which unambiguously declare the intent, at least of those ISPs, that the Wifi is not available to public use, forcing the customer to take affirmative steps to make it available to the public, declaring his intention. With customer supplied routers, it sucks that the out of box defaults on those may or may not be secure, so the owner's intent is ambiguous. I think any wifi access point/wifi router sold in the US should be required to default to a secure setup.

    I'm working from the point of view of one overriding truth: In a WiFi environment, where the signal can pass through walls, propagate in any direction, be repeated, and requires specialized equipment to determine the source, the only effective way to determine the identity of the signal's source and that identity's intent is by examining the signal itself. That signal provides us with a network name and what type of security it has -- in my opinion a one to one mapping to source identity and that identity's intent. 

    I don't know which structure, if there even is one associated with a particular hotspot, that I should be looking for a sign on.

Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.