Is it ethical to use other people's unsecured wifi?
October 25, 2004 8:23 PM   Subscribe

So, please tell me why I should never ever ever connect to any of these strangers' networks.

They can log everything you do. That includes many forms of encrypted traffic which can be logged plaintext, such as HTTPS and SSH1.

Is it more dishonest than stealing cable?

No. I think you're free to assume if they don't put up even the slightest barrier (WEP), they want it public. That being said, if you live in one of those backwards countries where people pay by the byte for bandwidth, unless the access point is obviously meant to be free, you are kinda raising the guy's bills. That's not nice, and is probably regarded by some as "stealing".

Would I get caught within five minutes?

Anyone who is using 802.11 without WEP or tunneling is either a moron (+99% chance of being correct) or is running a honeypot to jack credit card numbers, etc (-1% chance of being correct).

In the former case, if you abuse it by downloading lots of big files and make their internet slow, or start to download pirate stuff and get them in trouble, then they'll notice. But they probably still won't know it's you. Maybe.

In the latter case, they'll know instantly. That's kinda the point!

If you're worried about this, use a wireless card that you can change the MAC on. Note that if you do get in trouble, doing this weakens your case that you thought it was free internet.

Am I endangering my new laptop to evil infections?

No less than just hooking it up directly to the internet unless the person running the WAP is malicious and is running a transparent proxy that inserts virii (*) into files as they pass through their network. Then you're at +++++ greater chances of problems. EXTRAORDIARIALY unlikely that the people at your apartment building are like that.

Or is there a way to do it that would not be so illegal, immoral or fattenning?

Ask the owners of the WAP first. :-)

I don't know about the law in your country, but using their WAP without permission *might* be illegal in your country. I don't know.

(*) - Argue with me on this word and I will remind you english is a living language. Deal with it.
posted by shepd at 8:40 PM on October 25, 2004

Randy Cohen, a/k/a "The Ethicist," had a column on this in the Times Magazine. His verdict: not a problem from an honesty perspective.

''If you're driving around town and someone's left a node open and you pop on and use it just to download some e-mail, feel free,'' advises Mike Godwin, senior technology counsel for Public Knowledge, a public interest group in Washington concerned with technology and intellectual property.

Godwin is persuasive. The person who opened up access to you is unlikely even to know, let alone mind, that you've used it. If he does object, there's easy recourse: nearly all wireless setups offer password protection. And while the failure to lock a door may indicate carelessness, not consent, in this case it does suggest indifference. Godwin does warn of the tragedy of the commons, however, which here means you have an obligation not to use too much bandwidth -- by downloading massive music files, for example, which would inconvenience other users.

posted by PrinceValium at 8:41 PM on October 25, 2004

I find myself using wireless more and more. Can someone here recommend a good starting point for ways to: a) keep my Airport station under password when I'd like it closed, and b) use free wireless points without excessive information being able to be logged (I understand that there are always some privacy issues, but I'd rather keep them to a minimum when possible).
posted by fionab at 8:53 PM on October 25, 2004

we had an argument on this a while back. i was one of the few (the only?) arguing it was wrong.

fast forward a few months and i'm posting this from a hotel in pasadena using a random SSID that accepted my connection.

i can't deny the hypocrisy. BUT, i'd still ask around if i lived here (indeed, i googled for the SSID, since it's kind of unique, in the hope of finding an email contact).

so i'd say it's nicer to ask and offer to share costs, but i'm shifting (as well as squirming uncomfortably) on this. downloading a pile of child pron or continually streaming large files probably still isn't so cool, though.
posted by andrew cooke at 8:55 PM on October 25, 2004

They can log everything you do. That includes many forms of encrypted traffic which can be logged plaintext, such as HTTPS and SSH1.

this is misleading. you'd get a warning from your browser if they tried to log https (saying that the certificate was incorrect) and ssh would also print a warning if you'd used the same host before.

they can log the source/destination addresses, but if you don't blindly click through warnings, they can't see the contents.
posted by andrew cooke at 8:58 PM on October 25, 2004

well, andrew cooke, that's true about the warnings, however, I have yet to see a user actually take the care to start inspecting things after they see such an alert. That includes me. Sadly.
posted by shepd at 9:04 PM on October 25, 2004

you'd get a warning from your browser if they tried to log https

I'm not so sure that's true, not if they were simply using a packet sniffer to record all the network traffic anyway. When I tested this on my own network to see what sorts of stuff I was sending flying out my window, no warnings of any type ever popped up, and I was amazed and the amount of info that was plainly visible in the data stream.
posted by spilon at 9:12 PM on October 25, 2004

I tend to assume that open APs are meant to be open.

The APs in my house are open, and accessible from a few public areas. I just use a firewall to prioritize the visitors traffic appropriately.

But yah, don't send cleartext passwords. If I wanted to be an asshole, I could snoop all the traffic.
posted by mosch at 9:18 PM on October 25, 2004

spilon - a packet sniffer wouldn't show plaintext (readable data) for https. they'd know who you connected to, when, and roughly the amount of data you downloaded, but not what the data actually was (unless they did a man-in-the middle attack, with a fake certificate, in which case you would get the warning).

i agree that the browser popups are easy to ignore, but the ssh warning is pretty fierce (if i remember correctly - i certainly had a warning once that made me go talk to sysadmin, and i think it was the standard ssh warning (they'd changed certs or something)).
posted by andrew cooke at 9:35 PM on October 25, 2004

tell me why I should never ever ever connect to any of these strangers' networks

Because you're using someone else's stuff -- their router -- without their consent. You don't get to borrow other people's stuff without their consent simply because it's easy to do.

Is it more dishonest than stealing cable?

Equally dishonest, which is pretty dishonest.

I'd except access points with ID's that indicate an intent to be open -- USEME or OPENWAP or something else that a reasonable person might construe as consent. Simply failing to lock it down isn't consent; that's just carelessness.
posted by ROU_Xenophobe at 10:29 PM on October 25, 2004

ROU, if I find a ball lying about outside and start playing with it, that's not dishonest, especially if I put it back.

WAPs aren't like cars. Cars have doors, and it's assumed if there's a door, permission is needed to use said item (even if it is implicit permission, like the washroom door at a restaurant). So, it might be somewhat morally wrong to use a WAP without permission, it's not "stealing cable" because you didn't break into the cable box, or break any explicit rules.

That all being said, I remind people with open WAPs of this and they usually end up fixed VERY quickly.

Which reminds me, using an open WAP in Canada without permission is illegal. Sorry.
posted by shepd at 11:09 PM on October 25, 2004

They can log everything you do. That includes many forms of encrypted traffic which can be logged plaintext, such as HTTPS and SSH1.

Andrew Cooke already said this, but was perhaps too polite: this statement is very misleading, to the point of being wrong. Encrypted traffic simply can't be logged in any way that is useful to the logger without performing a man-in-the-middle attack, and that is not a simple thing to do. Those who are equipped to do so (and actually make use of the information) are not going to be setting up wireless points to trap the unsuspecting public in small numbers - they are going to be (trying to be) breaking into routers that large amounts of traffic go through.


and here is what the SSH message looks like if someone has changed the host key:


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
10:df:97:df:6f:e7:69:ad:7f:82:97:3c:29:a4:2b:0d.
Please contact your system administrator.
Add correct host key in /Users/advil/.ssh/known_hosts to get rid of this message.
Offending key in /Users/advil/.ssh/known_hosts:20
RSA host key for 192.168.1.101 has changed and you have requested strict checking.
Host key verification failed.

posted by advil at 11:18 PM on October 25, 2004

Here was a monster post I made about this topic, the first time it came around (back when everyone assumed it was stealing except me and a few folks).
posted by mathowie at 12:04 AM on October 26, 2004

So, what's the difference between squatting in a vacant apartment and squatting on someone's AP?

If you think that living in a building without permission is ok, then I'm suprised that you have second thoughts about using an open AP..

Unless you didn't mean that kind of squatting, in which case I probably owe you an apology..

(I do have an open AP and I don't care if strangers use it as long as they behave themselves)
posted by mbell at 2:34 AM on October 26, 2004

I used to care "out of principle", then I just gave in and learned to embrace the ideal of open connectivity. I leave my WAP open these days. I occasionally find someone on it, but I've never noticed a slowdown because of it. If it gets to that point, I'll lock it down, but until then...
posted by mkultra at 3:30 AM on October 26, 2004

Dishonest? Dangerous?

Depends.

If you're just checking your email or browsing the web while piggybacking off of someone's connection you're OK.

If you're downloading full-DVD resolution pirated films off of someone else's connection, you're not OK.
posted by Civil_Disobedient at 4:00 AM on October 26, 2004

Pardon me for kinda threadjacking this question, but...say I have 2 fixed IP numbers. I could set up a closed WAP on one and an open one on the other, right? Would there be any reason not to? The hardware is cheap enough to buy two.
posted by adamrice at 5:58 AM on October 26, 2004

Here was a monster post I made about this topic

But you're spending most of that post arguing that people should leave their WAPs open. Which is fine, but doesn't really address the question of whether or not you should use an open WAP that ID's as "Linksys" or one of the other out-of-the-box ID's.


You think they were left open on purpose, as an invitation. I think they were left open through inattention, no more an invitation than an unlocked door. Absent some positive evidence of consent, a polite person wouldn't use someone else's stuff, at least not outside an emergency.
posted by ROU_Xenophobe at 6:02 AM on October 26, 2004

I agree with the killing machine: most people I've setup routers for view it as an appliance. The installation instructions for the most common routers do not mention security at all. Many people don't even know that you can secure these things. When you point it out to them, they'll want security of some sort, but doing so is beyond the level that most people are ready to go.

I assume that default-ssid network owners are unaware rather than willing to share. Even if it is "free" or marginal cost, it's still kind of skanky. You wouldn't use someone's cell without asking would you?
posted by bonehead at 6:22 AM on October 26, 2004

Actually, most people I know who have open APs didnt intend to leave them open and dont seem to care that others might be using them.

There's more apathy surrounding this issue than anything else. I also find it hard to believe that people "intend to make it public" when the thing has the default settings.
posted by skallas at 6:25 AM on October 26, 2004

If someone leaves their WAP open, I argue that it's fine to use it, but not okay to abuse it. Define "abuse" appropriately to the enviornment.

That's pretty much what I said last time.
posted by majick at 6:25 AM on October 26, 2004

Which reminds me, using an open WAP in Canada without permission is illegal. Sorry.

No, it isn't. Not as far as my google searching can find out, anyway. I'm certainly not going to take my legal advice on this matter from some ill-informed reporter who in the article you linked to describes it as "stealing internet signals", or from John Dvorak. Here is a slightly less alarmist article on the subject, also written after that little incident in Toronto, which says that whether its illegal is still untested. Do you have some evidence to show otherwise?

My WAP is wide open, for the benefit of the large majority of wi-fi users who are polite and law-abiding. If it ever gets abused, I'll have to limit its bandwidth... but it really pisses me off that the media is trying so damn hard to associate open wi-fi with spam and porn, rather than showing it for itself as the beautiful thing that it is.

I have discovered that, at the apartment building in which I am currently squatting, I am within range of several wireless networks

Normally I'd say you shouldn't be using other people's networks from your own home... you should be sharing your own connection from there. But if that isn't practical for some reason, just keep the bandwidth use to an absolute minimum to be polite.
posted by sfenders at 8:14 AM on October 26, 2004

I say "Bah" to all the scaremongering and moralism. I leave mine open specifically so that people will be able to use it. Please use it. The network ID says "open for all". As far as I can tell there are three or four neighbors who regularly check their email using my system. This makes me happy. I dream of a day when internet access is omnipresent and free, and citydwellers take it for granted that they can pop their laptops open just about anywhere and check their email.
posted by Mars Saxman at 9:00 AM on October 26, 2004

sfenders, you're going to make me link to the Canadian Criminal Code again, aren't you?

I think there should be a day school for people who enjoy reading that as a hobby. :-) No, IANAL.

Anyways, here you go:

326. (1) Every one commits theft who fraudulently, maliciously, or without colour of right,

(a) abstracts, consumes or uses electricity or gas or causes it to be wasted or diverted; or

(b) uses any telecommunication facility or obtains any telecommunication service.

(2) In this section and section 327, "telecommunication" means any transmission, emission or reception of signs, signals, writing, images or sounds or intelligence of any nature by wire, radio, visual or other electromagnetic system.

This may also be of interest.

The law might not pass the Charter litmus test. YMMV. A law this broad probably has plenty of common law precedence to ensure you have to be a REALLY malicious person to actually break it, and, as you might notice, telecommunications facilities are not computers. But, is a DSL connected WAP a telecommunications facility? Perhaps. It is connected to a phone line, after all.

Of course, to check if the Charter protects you, rather than common law, you have to break the law and gamble with your crimnal record. HAVE FUN!
posted by shepd at 11:29 AM on October 26, 2004

Every one commits theft who fraudulently, maliciously, or without colour of right, ... (b) uses any telecommunication facility or obtains any telecommunication service.

Well, I'd say it certainly should count as a telecommunication service. My use is never fraudulent or malicious, so it depends on "the colour of right". I have no idea what that means exactly, but like others have said, by default I assume that an open AP is most likely placed there for people to use, which IMO would lead to a reasonable expectation of the right to use it. I mean, there are many that I know for certain are intended for public use, such as the one in a local coffee house, and my own, neither of which are advertised or marked in any way to differentiate them as being intentionally public. Since there is no universal way to decide whether a given open AP is intended for public use, and since if it wasn't, it shouldn't be open, therefore I think there's a very good argument that if it isn't marked in any way as being private, and if it openly accepts connections from anyone, then it's acceptable to use it.

... from that link:

The addition of the concept “without a colour of right” (i.e., without an honest belief that one has a right) addresses the situation of the person who honestly, but erroneously, believes that he has the authority to use the computer system in the manner in which he actually used it.

ah... so there you go. If I have a reasonable belief that the right to use it has been granted, which I do, then it's legally kewl. Neither would any of the other laws mentioned in there apply, far as I can tell. Not illegal, IMO. Not that I want to be the one to test it in court.
posted by sfenders at 1:48 PM on October 26, 2004

I run an open AP. My neighbors run open APs. Lots of people in my metropolis run open APs. I am grateful, because this infrastructure brings us collectively a bit closer to the ideal of ubiquitous connectivity and massively shared resources.

Always use secure protocols. Use SSH, SCP, HTTPS, encrypted IMAP and SMTP. Use SSH tunneling when necessary. Don't use online services which don't offer a secure login. Stop and disconnect if you see evidence of spoofing on the AP you're connected to.

Don't abuse the open AP. Don't hog its bandwidth. Otherwise it's OK to use it.

Many free public projects, and many of those online, exist through abusable openness and collaboration of the same spirit as that of consciously keeping your AP open. Jaded nay-sayers like shepd don't consider it a good idea to offer your excess resources for free like that. The choice is yours.
posted by azazello at 1:49 PM on October 26, 2004

Hey, azazello, I didn't say it's a bad idea! :-)

Seriously, it's all nice you guys do this, and, in fact, at a time, I was working on a project for our shop's WAP to allow basic access to the internet (pretty much HTTP only) and insert an AD banner on webpages downloaded. :-)

I gave up when I came to my senses and realized that the only people using the coffee store next door to my shop worked building cars all day and really don't bring laptops or anything else like that to work.

I didn't make that law. I'm just letting you know about it. And as far as the risks I mentioned go, they're unlikely, but it's important (IMHO) to be aware of them when leeching free internet like that. Did I say leeching? I meant... uhhh... what does RMS say? Oh yeah. Right. "sharing".
posted by shepd at 7:32 PM on October 26, 2004

« Older Assume you're being chased thr...   |   In past presidental election n... Newer »

This thread is closed to new comments.