risks of borrowing other's wifi
January 24, 2010 7:53 PM   Subscribe

2 mac questions. 1. in a new location, I pick up a neighbor's signal...it may be free, but am I at any kind of vulnerability? Can I protect myself? 2. I have an old snowball. But do not remember the password or name. Any ideas?
posted by ebesan to Computers & Internet (11 answers total) 2 users marked this as a favorite
Using someone else's wireless is not secure. Sites delivered entirely over https are probably fine, but there are so many caveats it's not even worth exploring. Sooner or later they'll notice and put a password on the access point.

2. Snowball?

You can use a Mac OSX installation CD to reset the password. Put the disc in, hold down the C key and start the computer. Select a language and then pick Reset Password from the Utilities menu at the top of the screen.
posted by odinsdream at 8:03 PM on January 24, 2010

You might want to clarify "snowball." I've been an avid Mac follower/geek for well over a decade and I'm not sure I know what you mean by that.
posted by The Potate at 8:27 PM on January 24, 2010

It might be that ebesan is referring to the "Snow" AirPort Base Station. In that case, Apple's Resetting an AirPort Base Station or Time Capsule FAQ has instructions on how to perform a hard or factory default reset, which will put the base station's settings back to its default values, which are listed in the article.
posted by esd at 8:55 PM on January 24, 2010

re: leeching neighbor's signal... Make sure you're not sharing your files/etc by going to the "sharing" tab in the System Preferences and make sure everything is unchecked so that your neighbor can't access your files or share your screen.
posted by birdherder at 9:36 PM on January 24, 2010

If your Mac is a recent one, be aware that the version of Airport Admin Utility that can administer Snow Airport base stations is incompatible with Snow Leopard. For more details click on the "Should I use AirPort Admin Utility or AirPort Utility?" section in the page esd linked to above.
posted by harkin banks at 11:14 PM on January 24, 2010

I use neighbor's or some random public wifi when surfing the internet, reading crap, but I' never log into anything that way. Not a work site, not a bank, not my e-mail, not even MetaFilter. Nothing. You have no way to know what's happening at the router.

When you use an untrusted access point, just assume everything you type is keylogged: that's close enough to the actual threat to be a good mental check.
posted by rokusan at 12:15 AM on January 25, 2010

I'm not quite sure what the original question about risk is. Risks when you don't use your neighbor's network? Really none (except that you might stumble onto it by accident, in which case the other answer applies).

Risks of sharing/stealing your neighbor's local network: Well, they're in control and connected to your network. They'll get to read all the traffic that traverses this network, such as files you copy. If the network is open (which I presume it is), so will everyone else who's close enough. That alone would be reason enough not to use it for me. Another practical consideration.

If you want to share/steal your neighbor's internet connection as well, they will get to impersonate you on all kinds of web sites and probably read your email (depending on technological details, but quite likely).

I'd also call it unethical and it's probably illegal in most places.

Even barring any of the above "active" threats, you still face questionable service guarantees - they will go on vacation and turn the thing off, upgrade the hardware or move it to a place where the signal suddenly doesn't propagate to your apartment at precisely the moment where it's insanely important that you have a working network.

Summary: I wouldn't.
posted by themel at 1:18 AM on January 25, 2010

If you really want to "use" your neighbors wifi, you should use a VPN or SSH tunnel. There are various VPN providers out there. I use Swiss VPN. But It might not be the fastest if you're in the US. Just look around for a VPN provider, but don't go with the cheapest provider. Keep in mind that they can read all your traffic, so you should go with a established company that you can trust.

The better solution is to set up your own VPN Tunnel Endpoint.
here is a tutorial for windows.
If you really use it a lot, you should set up a VPN Endpoint using a server running NetBSD or something similar.
Of course you need a server or a really good friend for this to work.

You should also disable everything in Preferences > Sharing, and make sure your OS X firewall is set up properly.

Of course, if you have the option, you might as well get your own broadband, which is way easier , probably cheaper, and morally right.
posted by kall at 3:16 AM on January 25, 2010

People often refer to the iMac G4 as the Snowball iMac. It makes me cringe deep inside.
posted by BryanPayne at 4:44 PM on January 25, 2010

"Risks" cited above are overblown. If you are logging into an SSL enabled website, such as that of any reputable bank, and the certificates are good, then everything between your browser and the server is encrypted. Yes, the router might be logging your traffic. But that is true all over the Internet, not just at the unsecured router that you're mooching off of. So what if somebody logs the traffic--they will get a bunch of gibberish. They will know that you went to the bank website, but so what?

Yeah, they can seal your Metafilter password (if I recall correctly, this site does not use SSL.) So what? Oh, no--they might pose as you and ask questions!!

They can know every site you visit. So does your ISP if you get your own connection. Does your neighbor care that you checked ESPN.com today? Okay, maybe if you're paranoid you think your neighbor will blackmail you with all the porn sites you visit.

There are all sorts of reasons not to mooch off your neighbor's network, but security hysteria is not one of them.
posted by massysett at 5:13 PM on January 25, 2010 [1 favorite]

massysett: Yes, full SSL sessions are not vulnerable. But most sites (Gmail used to be like this, not sure how it is now, Facebook, Amazon w/ One-Click) use SSL for the login process only and then rely on cookies for the rest of the process, which are trivially stolen by the person whose network you're using.

Yes, your ISP can do that as well, but usually doesn't have that much of an incentive or moral justification to do it compared to the guy whose Internet you're stealing.

Of course, the people running an open wireless network are usually incapable of really exploiting such vulnerabilities, but that doesn't mean these risks don't exist.
posted by themel at 1:37 AM on January 26, 2010

« Older Typeface used for "Parks and Recreation" titles?   |   How can I use orange-flavored olive oil? Newer »
This thread is closed to new comments.