Topic: EFF Open Wireless Movement (Read 2467 times)
Diving into my wireless router, I find that there are options built into it for a 'captive portal' like one would encounter in a public hotspot. Wifidog seems to be able to supply my needs fine, with just a splash clickthrough screen and copious logging and stats. However, it seems to require an outside server for the spash and clickthrough portion. Does anyone know of a cheap/free solution for this? I want users to see the disclaimer, references to the EFF open wireless movement, and notice of logging of activities. I do have a linux machine on the same intranet, using the same router but wired, so that might be a solution.
I didn't think that WPA2 suffered from such flaws. This is surprising.
Edit: Apparently WPA2 using TKIP is vulnerable, but WPA2 using AES is not vulnerable. That is probably what they're referring to. At least I hope so.
Edit: Apparently WPA2 using TKIP is vulnerable, but WPA2 using AES is not vulnerable. That is probably what they're referring to. At least I hope so.
AES is still vulnerable. It's a problem with key exchange. During the initial handshake, the session key is generated by hashing the pre-shared key concatenated with a random number that is transmitted from the AP to the client unencrypted. Anyone who intercepts the random number can generate the session key if they also have the pre-shared key.
EFF proposes doing the key exchange using public-key cryptography, which would be secure as long as you know the AP's public key. If you don't know the AP's public key, then it's not any more secure.
I didn't think that WPA2 suffered from such flaws. This is surprising.
Edit: Apparently WPA2 using TKIP is vulnerable, but WPA2 using AES is not vulnerable. That is probably what they're referring to. At least I hope so.
Edit: Apparently WPA2 using TKIP is vulnerable, but WPA2 using AES is not vulnerable. That is probably what they're referring to. At least I hope so.
My network is open, and I use one of the neighbours open networks when my own network is down. I expect my neighbours to do the same. Why not? We couldn't do that if everyone encrypted their networks. In practice I can in most cases, because people use stupid passwords or even WEP, but it would be more hassle to do so.
If some random passer by wants to use my network, that's OK as well. Why not? I'm not going to demand anything back. Unused bandwidth isn't worth anything to me.
Your network isn't degraded with normal use, unless you still use a modem or something. If someone abuses my wireless network, I can easily block that client out, but I never had to. The sinner has always turned out to be in my own house, or someone attacking my network from the internet. Since wireless bandwidth degrades with obstacles and distance from the router, it is unlikely that a neighbour would be able to saturate my internet line.
And what if they don't? Or what if they decide to just not buy internet (I know plenty of people that did).If some random passer by wants to use my network, that's OK as well. Why not? I'm not going to demand anything back. Unused bandwidth isn't worth anything to me.
Your network isn't degraded with normal use, unless you still use a modem or something. If someone abuses my wireless network, I can easily block that client out, but I never had to. The sinner has always turned out to be in my own house, or someone attacking my network from the internet. Since wireless bandwidth degrades with obstacles and distance from the router, it is unlikely that a neighbour would be able to saturate my internet line.
Quote
My connection will degrade if too many people try to connect to high bandwidth sites at the same time. I have a download limit per month. Why would I share that, just in the hopes I can get it from someone else?
So far I haven't seen my internet degraded due to other people using my line, but I can easily throw them off if they do. And I don't think any broadbrand provider around here offer download limits. I would certainly not buy it. :-) Is WPA not widely used by smartphones, then? Where is the downside to WPA that the EFF makes the complaint without mentioning this?
Under WPA2 all the users on the network can calculate each others' session keys and eavesdrop on each other. With our suggested design, that would cease to be possible.
This attack is more difficult than the article implies, but it is possible.
A public, Starbucks-type access point using EFF's PKC scheme would not be much more secure than "open" WPA, since most users would still be vulnerable at the initial handshake to a MITM attack. However, it would be a great improvement on home networks where you connect to the same AP a lot.
Because the problem that they are trying to solve in privacy for the individual surfer, and if everyone knows the password, anyone can still see everyone else's packets. Tor is a good solution, but so is a private VPN to connect to. These are good practices anyway.
WPA uses separate encryption keys for everyone, so you can give out a password without allowing people to snoop on your traffic.
Is WPA not widely used by smartphones, then? Where is the downside to WPA that the EFF makes the complaint without mentioning this?
Because the problem that they are trying to solve in privacy for the individual surfer, and if everyone knows the password, anyone can still see everyone else's packets. Tor is a good solution, but so is a private VPN to connect to. These are good practices anyway.
WPA uses separate encryption keys for everyone, so you can give out a password without allowing people to snoop on your traffic.
This is not the case for WEP.
Since it seems relevant to the discussion:
http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/
http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/
(just registering to this thread)
Regarding open, but encrypted, why not just set the name of the network to something like "free internet, password is password" and set the password to, well password (or something sensible)?
Because the problem that they are trying to solve in privacy for the individual surfer, and if everyone knows the password, anyone can still see everyone else's packets. Tor is a good solution, but so is a private VPN to connect to. These are good practices anyway.
Regarding open, but encrypted, why not just set the name of the network to something like "free internet, password is password" and set the password to, well password (or something sensible)?
If I knew more about networking and messing with routers, that's what I'd do. But also prioritizing my computers and limiting other people's download. Oh, and I'd also want to make sure my computers were secure and stuff. Oh I wish I knew more about that stuff (and was smart enough to understand it...)
Yes I've heard of all the systems you can get that allow you to replace router firmware. I even took apart my router the other day to find out what chips it had. But I'm not game enough to mess with it.
If I knew more about networking and messing with routers, that's what I'd do. But also prioritizing my computers and limiting other people's download. Oh, and I'd also want to make sure my computers were secure and stuff. Oh I wish I knew more about that stuff (and was smart enough to understand it...)
Yes I've heard of all the systems you can get that allow you to replace router firmware. I even took apart my router the other day to find out what chips it had. But I'm not game enough to mess with it.
2) the user pays directly with, say, Bitcoins in a wallet system designed for this purpose. This may sound like a chicken-and-egg problem since normally, regular Internet is required for exchanging Bitcoins, but I can think of ways that are secure for both parties. It could be as simple as the user having an encrypted wallet available on the web, and giving the WiFi owner the URL and password.
Or simply an open hotspot that is blocked for all ports except for bitcoin's, and any users' attempts to go online redirect them to a webpage to send the hotspot owner a bitnickel for access for that day, which then opens up that mac address to the Internet for 24 hours. (or the month for a full bitcoin?) If you live within a line of sight of anyplace that people congregate on a regular basis, such as a major bus stop, or a public park without many trees, something along these lines might just be a fine business model. But for the concept of the project, it's still too restrictive. I might be willing to redirect the users to a bitcoin donations page the first time each day that they connect with any particular mac address, but I wouldn't be willing to require any payment.
For it to work, there has to be something that the WiFi network owner gains from the user in exchange for the bandwidth he gives up. I can think of two ways this could be done (there are probably others):
1) the user types up a few lines of text from part of a scanned document; if the document is valuable in textual form, then the WiFi owner could profit from this.
2) the user pays directly with, say, Bitcoins in a wallet system designed for this purpose. This may sound like a chicken-and-egg problem since normally, regular Internet is required for exchanging Bitcoins, but I can think of ways that are secure for both parties. It could be as simple as the user having an encrypted wallet available on the web, and giving the WiFi owner the URL and password.
1) the user types up a few lines of text from part of a scanned document; if the document is valuable in textual form, then the WiFi owner could profit from this.
2) the user pays directly with, say, Bitcoins in a wallet system designed for this purpose. This may sound like a chicken-and-egg problem since normally, regular Internet is required for exchanging Bitcoins, but I can think of ways that are secure for both parties. It could be as simple as the user having an encrypted wallet available on the web, and giving the WiFi owner the URL and password.
This is tragedy of the commons all over again.
Unlike previous analysis I've seen on this forum concerning certain aspects of Bitcoin's system, I actually agree that mutual wireless bandwidth sharing is a commons situation. Honestly, I don't care. I know full well that there will be people who freeload off of my network. That is, after all, the point of it all. Certainly there will be people who do not open their networks in kind, and as a result I'll be places that I cannot get an Internet connection.
Let randoms use my internet and degrade my connection because maybe they will let me use theirs? LOL.
My network is open, and I use one of the neighbours open networks when my own network is down. I expect my neighbours to do the same. Why not? We couldn't do that if everyone encrypted their networks. In practice I can in most cases, because people use stupid passwords or even WEP, but it would be more hassle to do so.If some random passer by wants to use my network, that's OK as well. Why not? I'm not going to demand anything back. Unused bandwidth isn't worth anything to me.
Your network isn't degraded with normal use, unless you still use a modem or something. If someone abuses my wireless network, I can easily block that client out, but I never had to. The sinner has always turned out to be in my own house, or someone attacking my network from the internet. Since wireless bandwidth degrades with obstacles and distance from the router, it is unlikely that a neighbour would be able to saturate my internet line.
And what if they don't? Or what if they decide to just not buy internet (I know plenty of people that did).
This is tragedy of the commons all over again.
My connection will degrade if too many people try to connect to high bandwidth sites at the same time. I have a download limit per month. Why would I share that, just in the hopes I can get it from someone else?
If I were to run a Tor exit node, it would only allow outgoing access on port 443 and a couple of other SSL-only ports. No port 80, no 25, no 110 or 143. You get the idea. I don't want to know.
The worrisome part for me is that current laws and especially law enforcement practices make it risky to do anything reasonable.
You could end up in a court room because some jerk-off downloaded kiddy porn over your network, but you could end up there because you share a name with someone on a watch list. At least you could log your connections, but changing your name doesn't help because by the time you know about the problem, you're already looking at the judge.
Perhaps some kind of hotspot managment system, that requires users to acknowledge that, although access is free, illegal use violates the terms that grant the random user permission to use the network in the first place. And simply notifying users that connections are logged is probably enough to compel the freaks from using your wifi network for illegal activities.
Or how about a nanny filter running directly on the wifi router, such as Dansguardian?
The answer is in that eff blog: We need WiFi that is open and encrypted at the same time! So I want to be able set my wireless router to be open only to people who are routing through the TOR network. This solves the concern about being sentenced because your sicko neighbor who downloads kiddy porn.
Let randoms use my internet and degrade my connection because maybe they will let me use theirs? LOL.
It's called pay-it-forward. It's pretty popular, so a lot of people will do it, even if you don't. According to the eff blog post, your concerned could be solved by allowing your router to prioritize packets coming from your own computers with your mac address.
The worrisome part for me is that current laws and especially law enforcement practices make it risky to do anything reasonable.
You could end up in a court room because some jerk-off downloaded kiddy porn over your network, but you could end up there because you share a name with someone on a watch list. At least you could log your connections, but changing your name doesn't help because by the time you know about the problem, you're already looking at the judge.
Perhaps some kind of hotspot managment system, that requires users to acknowledge that, although access is free, illegal use violates the terms that grant the random user permission to use the network in the first place. And simply notifying users that connections are logged is probably enough to compel the freaks from using your wifi network for illegal activities.
Or how about a nanny filter running directly on the wifi router, such as Dansguardian?
I really like EFF's suggested changes. A secure protocol so people connected to the same AP can't easily eavesdrop on each other and a way to allocate a certain amount of bandwidth for sharing. If you read their arguments about spectrum efficiency and utility it's a reasonable suggestion.
The worrisome part for me is that current laws and especially law enforcement practices make it risky to do anything reasonable.
The worrisome part for me is that current laws and especially law enforcement practices make it risky to do anything reasonable.
Let randoms use my internet and degrade my connection because maybe they will let me use theirs? LOL.
My network is open, and I use one of the neighbours open networks when my own network is down. I expect my neighbours to do the same. Why not? We couldn't do that if everyone encrypted their networks. In practice I can in most cases, because people use stupid passwords or even WEP, but it would be more hassle to do so.If some random passer by wants to use my network, that's OK as well. Why not? I'm not going to demand anything back. Unused bandwidth isn't worth anything to me.
Your network isn't degraded with normal use, unless you still use a modem or something. If someone abuses my wireless network, I can easily block that client out, but I never had to. The sinner has always turned out to be in my own house, or someone attacking my network from the internet. Since wireless bandwidth degrades with obstacles and distance from the router, it is unlikely that a neighbour would be able to saturate my internet line.
Jump to: