Slashdot Mirror
Safe and Insecure?
JoeCotellese writes "Can making your network insecure actually improve your security? That's the question asked in this story running in Salon. The author makes the case that by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.'"
Bacon grease cures heart disease!
Unknown host pong.
"Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it."
I'd have read the whole thing, but I was morally repelled by the salon.com ad policy. Anyway, this concept seems to be some perverted cousin of "security by obscurity" -- only this has less to do with protecting your security and more to do with having a way out when someone comes knocking on your door.
Unfortunately, I think this only applies when you *don't do it on purpose*. From my point of view, if you design a network solely for the purpose of relieving yourself of responsibility for what traverses your network, you are pretty much screwed once you get to court. This reeks of the "I accidentally did it on purpose" defense, and isn't likely to fly with any judge that has even a portion of a clue.
dmiessler.com -- grep understanding knowledge
That's not improving your security. That's improving your privacy (via anonymity) at the expense of your security.
Or am I the only one who has terms and conditions which say that I am responsible for everything that passes over my connection?
Wishing something doesn't make it so.
Somebody forgot to read the TOS of their ISP... because absolutely ever ISP out there has something to this effect in thier TOS: As the person who pays the bill, you're responsible for keeping the Internet connection you're buying to yourself and people who you trust with it. The reason why they're warning you to do that is because if you allow your connection to fall into "enemy hands", the usage that goes over your wire will be
By choosing to run the "notoriously vulnerable technology", as the author admited in his confession letter, he admitted that he knowingly chose a piece of technology that could be exploited yielding his internet equipment making a request on behalf of somebody unknown. That's nice... you just gave that unknown person the gift of a liability shield at your expense.
As I just posted last thread, annonymity these days is really achieved by somebody else who had the chance to know who you are intentionally failing notice or promising not to tell. The thing is, that other person is taking on the liablity for what you do.
How nice of you to pay his MPAA/RIAA verdict bill for him, you'll be a hero to copyright pirates everwhere. I'm sure they'll be excited to learn there's still people dumb enough to fall for this trick still out there.
If you make it insecure people might think there's nothing there worth looking at. That's the only reason I can think that could work.
that's an attempt to create plausible deniability...
in other words the article blurb is either not funny or just stupid.
You also have no idea what kind of FTP server your computer has become, what kind of child porn people are downloading, how much spam you're forwarding. This doesn't seem like a very good idea to me.
Karma: pi (Mostly due to circular reasoning in posts).
'kid' quite likely being the active word...
People replying to my sig annoy me. That's why I change it all the time.
Not guilty on copyright infringement. Guilty of aiding a felony. Brilliant.
Safe and insecure
I opened up my wireless home network to the world, and I've never felt more comfortable.
- - - - - - - - - - - -
By Micah Joel
May 18, 2004 | Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear. Now, anyone with a wireless card and a sniffer who happens by can use my connection to access the Internet. And with DHCP logging turned off, there's really no way to know who's using it.
What's wrong with me? Haven't I heard about how malicious wardrivers can use my connection from across the street to stage their hacking operations? How my neighbors can steal my bandwidth so they don't have to pay for their own? How I'm exposing my home network to attacks from the inside? Yup.
So why am I doing this? In a word, privacy. By making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.
In mid-April, Comcast sent letters to some of its subscribers claiming that their IP addresses had been used to download copyrighted movies. Since Comcast is not likely to improve customer satisfaction and retention with this strategy, it's probable the letter was a result of pressure from the Motion Picture Association of America or one of its members. And to Comcast's credit, it stopped short of direct accusation; instead it gives users an out. Says the letter, "If you believe in good faith that the allegedly infringing works have been removed or blocked by mistake or misidentification, then you may send a counter notification to Comcast."
That's good enough for me. I've already composed my reply in case I receive one of these letters someday. "Dear Comcast, I am so sorry. I had no idea that copyrighted works were being downloaded via my IP address; I have a wireless router at home and it's possible that someone may have been using my connection at the time. I will do my best to secure this notoriously vulnerable technology, but I can make no guarantee that hackers will not exploit my network in the future."
If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker's crimes? If that were the case, we'd all be liable for the Blaster worm's denial of service attacks against Microsoft last year.
Don't get me wrong. I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it. That's no different from the millions of people who haven't installed anti-virus software and the millions more who don't keep theirs up to date. Yes, their vulnerabilities allow viruses to spread more quickly, but that's their choice, right?
What about the security of my home network? A determined hacker may be able to crack my passwords or exploit weaknesses in the operating system that I never even thought of, but how is that different from before? There's no system that's completely secure, so whether hackers are inside or outside my firewall will make little difference. I'm willing to trade a little security for privacy.
It feels strange to be opening up my network after years of vigorously protecting it, and it's not without a tinge of anxiety that I do so. But there's also a sense of liberation, of sticking it to the Man, that's undeniable, as well as an odd sense of community. It seems there's safety in numbers after all, even among strangers.
Let me get this straight...
I won't get hacked because I leave my computers open to hackers?
Interesting...I wonder if this works in real life, too! Maybe if I leave my door open when I'm not home, I won't get robbed! And if I leave my car unlocked with the keys inside, it won't get stolen!
this should be "it's funny, laugh" don't you think?
if you violate the terms of service by allowing others to use your connection, your ISP will disconnect service. Certainly *no* service is more secure, but then you won't be able to visit grannygash.com and hotdonkeyanus.org any more!
Oh, and wait until somebody spams, downloads child porn, or plots a terrorist attack through your open connection! The laughs will come a mile a minute! yuk yuk yuk!!!
Sounds like a Zen master was smoking some weed and found a network administrator manual to read to pass the time while his friend ran down to the 7-11 for munchies.
until the MPAA/RIAA just point out that it's your name on the bill therefore it's your ass getting the lawsuit. If you intentionally leave your network open to all then you are responcible for what happens.
On that same note, if some spammer used your node to send out 1000000 emails I'll be hunting you down with my trusty LART.
superman runs linux
Since it will only be a short time before everyone stops accepting email traffic from your server, you can be sure that no spammer or hacker will want to take control of it. Makes sense. Kind of like cutting off your hand to be sure nobody steals your rings.
It's simple: I demand prosecution for torture.
I never know who might get shot or when! And the police would never find out if it was me doing the shooting!!
This is brilliant. I'm in total awe.
...on absolutely nothing.
The only thing he is doing is helping to spread the worms and viruses. not to mention wasting his isps bandwidth for not good reason
did you forget to take your meds?
opening your wireless network up just so others can use it? I have one in my apartment at school and it stays open so that the people downstairs and across the hall can use it. I keep personal firewalls running on the computers on the network. I appreciate it when others allow me to use their networks, so why not give back a little?
Your ISP would shut you down in a heart beat for purposely abusing their services.
(\_/)
(O.o) This is Bunny. Add Bunny to your signature
(> <) to help him achieve world domination.
It is doubtful you could qualify as a type of common carrier. If anything, you may increase your odds of being liable because you may be held responsible for what others do on your connection.
It would be interesting to see how this would play out. The closest analogy I can think of would be automobiles. If you allowed someone else to use your car, you may be held liable for damages they cause while they are driving it. As far a criminal activity, you may be targetted if your car is identified as taking part in a crime, though you have a pretty good chance of being found innocent if you can prove you weren't driving the car.
Not perfect, but close. The idea sounds good though.
. 62,400 repetitions make one truth -- Brave New World, Aldous Huxley
First: great link! I get to see some awesome 30 second PBS commercial.
Second: stupid f'en idea
In a word, privacy. By making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.
But since you're liable for everything that goes through your connection, you're fucked if something really bad does happen from your IP. That whole article sounds like it was written by some 14 year old. God... the logic employed in that article is truly amazing!
Casual Games/Downloads
http://slashdot.org/~salon.com/journal/71826
I'm kind of wondering about the security through obscurity idea. Maybe run Redhat 5.2 or Open BSD 3.0, you know something that isn't being tracked on Bugtraq anymore.
This guy is way out there
If it's your connection, it's you who is downloading whatever. Even if you don't. You pay for the connection. Your name is on the bill. It's YOUR account. Your job to keep other people out and from using it for illegal purposes.
Sorry, charlie. No dice.
Not a Twitter sockpuppet... but I wish I was.
Yeah, but the author does so fully aware of the potential consequences, thereby not really being an ignorant victim.
Put another way: If you open your house to all who come, including fugitives, are you going to be charged with aiding and abetting? What if you do so fully aware of what's going on except you ask no questions because you don't want to hear the answers? My guess is you're liable anyway.
So, anyone want to be the test case in court?
Nice to know that that the article gets modded as a troll...
Is to run a public AP. /. does the same thing, they refuse to log so that the logs cannot be used to incriminate people.
A public AP turns you into a transport provider instead of a liable agent. No one is going to go after the library for what offenses are caused there because they merely provide transit. Yeah your ISP will stil disconnect you but you will stay out of jail.
If you leave your front door wide open, you have a smaller chance of being robbed!
If you leave your keys in the car with the windows open, your car has a smaller chance of being stolen!
If you continue to make silly claims, some people might believe you!
Salon is talking about networks open by design, not insecure networks.
There's a huge difference in implimentation, and also when speaking of liability and your situation in the eyes of the law.
I'm not a lawyer, so I'll hold off from saying more.
RD
the intent behind this seems culpable. it's similar to leaving a gun in a public place and saying "if I use this, the cops won't be able to trace it back to me in a court of law!!!!"
it seems like the only real application is to infringe on others' ip without drawing a clear line back to yourself. and that seems a bit silly to me.. it's easier to just not steal things in the first place.
further, if you're doing this with intent (e.g. you know what you're doing when you remove the security features), isn't that like giving a loaded gun to a random guy and saying "I'm not responsible!"
The only difference is that on the internet (thankfully) nobody gets seriously hurt.
Too bad that has nothing to do with security or insecurity...more like stupidity.
Second, forgetting that your name is still on the bill for that ISP, and that in all likely hood (see your ISP TOS) that makes you liable for what happens over your line.
Here's what I do: Bitty Browser & Andromeda
I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it. That's no different from the millions of people who haven't installed anti-virus software and the millions more who don't keep theirs up to date.
But he IS deliberately opening his network to these people:
Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear.
If he didnt have them enabled in the first place, then I might have agreed with his statement, but this is nothing like the "millions of people who havent installed anti-virus software", or the "millions more who don't keep theirs up to date". Those people dont intentionally install said protection and then disable it.
And more important, my ISP has no way to be certain if it's me.
And how is this going to matter? The ISP is renting YOU the connection, so its arguably your own responsability for the traffic passing through it. Your landlord might have something to say if you left your front door open to all who might be passing, and drug dealers take up residence. Id love to see his line rentals terms and conditions, they will amost certainly forbid what this guy is doing (intentionally sharing his connection with third parties).
If it ever comes down to a lawsuit, who can be certain that I was the offender? And can the victim of hacking be held responsible for the hacker's crimes?
Theres no hacking (cracking) going on here, the networks wide open. And there are such laws as accessory to a crime, which if you are doing this wilfully, then Id almost certainly say you were.
I hope this guy took legal advice about this, and about his stance regarding correspondance with Comcast in the future, because from where I can see, he may be on the shakiest legal ground. This article is pretty lame imho.
But with WiFi probably going to be the next step for the Internet I'm sure there _will_ be a precedent.
Even if this were somehow excusable, do you really want anyone and everyone running free on your network? The longer you leave your node sitting out there, the greater the chance someone else is going to use it for something illegal. If you got caught pirating movies, you would have to convince not only your own ISP, but also the MPAA, that you weren't at fault. Hope you have a good lawyer...
I did something similar but with a home shooting range. I let anyone come over and shoot their weapons with no supervision or controls. The local authorities could never tell if it was my bullets whizzing through the neighborhood or some strangers, so they leave me alone.
and people wander in and out. So, it's not my fault that there are 12-year olds drinking 40s on the front porch. No way is it my fault someone's selling crack in the living room, or that someone drowned in the pool.
Ultimately, if you knowingly leave your computer open to mask your own poor behavior, you won't get off, you'll just get busted for all of it, and then get busted for knowingly providing a venue for this.
This might hold up if he were called on it. Where I live you're better off not shovelling your walk in winter rather than shovelling it imperfectly. If you let people trip and fall because you didn't shovel it's a natural condition and not on your property (the city ows the sidewalk). If you do shovel and an icy patch develops, you're liable because you created the dagerous conditions.
I shovel and salt to try to make it safer and damn the liability.
the major advances in civilization are processes which all but wreck the societies in which they occur - A.N. White
So the feds will have no way of knowing for sure if it was me or someone else downloading child porn...
You'll excuse me if I choose not to risk taking the fall for someone else's transgressions... I'll keep my networks closed, thank you very much.
Wanted: witty unique signature. Must be willing to relocate.
It work until a really malicious guy secure up your wireless access point, just before you get busted...
Thats not entirely true, look at the policy speakeasy has promoted in the past (I have not checked lately since they are not available here), where they actively encourage people to share connections over 802.11, etc. With the attitude that selling a shared connection is better than not making a sale at all.
Not only does he not have the courage to stand up for himself, he's causing trouble for the rest of us. People can use his connection to send out those penis-enlarging e-mails to the rest of us. And as mentioned above, the FBI isn't likely to be amused by his defense if he becomes the hub for a child-porn ring.
"Security through apathy". Yeah, right.
The concept of "stealthing" network ports is due for a retirement party. It was great as a young kid, but it aged at Internet time speed. Now it's overdue for a retirement party.
See, stealthing is the idea of simply not answering the door when somebody unwanted knocks on it, instead of answering "I'm here but I'm not letting you in." which is what happens when a port is "closed" instead.
It was a great idea when port scanners didn't expect it. The idea being if the first request for a connect never gets a negative reply, the scanner will assume there's no computer at that IP and move onto the next possible victim. It worked against the port scanning threats of the time.
However, today's worms aren't so nice. TCP, by its nature, attempts to retry when a connection request is ignored, figuring the packets got lost in the Internet cloud somewhere. However, if you send the "I don't accept that kind of traffic!" message, the attacking server hears that, and that sends the attacker on to its next potential victim with no further waste of your incoming bandwidth.
"Stealth" is the new "Closed". Yeah, it's one of those fashion things where what's cool to do is just what everybody else isn't doing at the moment. So, keep watching, eventually it'll flip back.
OK, now let's make a substitution:
"by making my gun available to any and all who happen upon it, I have no way to be certain who will be shot by other people using my gun. And more important, the police have no way to be certain if it's me."
Please help metamoderate.
At least follow some of the basics. Block Ports 25&110- don't allow spammers to come by and use your connection. Definately put up a firewall between your LAN and the Wireless AP- and block NetBios. Other than that, I agree with the previous posters- works for being a nice guy- would NOT hold up as a defense in a court of law.
SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
Yes, in the same way that lighting yourself on fire will (eventually) make you impervious to flames! The fact that you will be a smoking pile of ashes would be a drawback however.
I Am My Own Worst Enemy
that's unaccountability. IMO, it's also irresponsibility.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
It seems to be when I signed my contract for my internet, or by reading the TOS .. I'm seeing that *I am responsible for all that is done on my account*.. hrmm might want to turn WEP back on :)
Open or closed, your wireless access point has plausible deniability.
Keeping the connection open just makes it much more convienent to access for the vast majority of people who are doing nothing illegal.
I'm not sure if the author is just being tongue in cheek, or completely serious. The funny thing is that this is exactly what I was planning on doing when I set up the network in my new apartment come August.
Fat, drunk and stupid is no way to go through life, son.
Last week, I turned off all the security features of my wireless router. I removed WEP encryption, disabled MAC address filtering and made sure the SSID was being broadcast loud and clear
and then a few paragraphs later:
Don't get me wrong. I'm not deliberately opening my network to hackers and miscreants bent on downloading copyrighted material. I'm simply choosing not to secure it.
Clearly, the author contradicts himself when he first describes exactly how he went about disabling all those security features, and then later stating that he is not deliberately opening his network.
this is why i dont lock my car. one day i'll rob a bank, and they're never gonna be able to prove it was me in that getaway car.
http://ipod.fresh27.net/
Ah, Jon Katz, bathtub philosopher- we had almost forgotten about you.
Please help metamoderate.
This has got to be the most screwed up article I've read in a long time... I mean, where to begin?
Are people so desperate when it comes to computer security these days they're willing to commit suicide like this? His problem in the first place was with his ISP, so why not switch to a different one instead of applying his brand of twisted logic?
Seems like a pyrrhic victory if you ask me. He may be safe from lawsuits from his ISP, which he should have stopped using in the first place, but all the while his systems are open to whoever wants to use them for launching attacks, running little spam operations, you name it... It's not being smart, it's just being irresponsible and let the rest of us suffer the consequences.
This is a problem for Comcast, not us.
_ and_insecure/index.html | sendmail abuse@comcast.net
$ wget -O - http://www.salon.com/tech/feature/2004/05/18/safe
How are you "morally repelled" by their ad policy? Seriously.
It's their content. They paid for it. They pay for the servers. I don't see why they don't have every right to decide how to distribute it, whether it is banner ads, forced view ads, or paid subscription. They aren't compelled to provide free content any more than anyone else is.
If you don't want to view their ads, that's fine. Maybe their business model is stupid and doomed to fail. Maybe no one is willing to spend the time to view their ads for free content. That's the free market.
But to suggest that there is something "morally" wrong? That's just absurd.
Now I won't hold my breath that search warrents will never be issued, but in the normal civil cases, it will be hard to prove who did what in a case such as this, and as a result a judge "could/should" rule in favor of the defendent. But the defendent will still need to make a decent case about not having infringed on copyrighted materials. In civil suits "reasonable doubt" does not exist. But in this day and age where you can hack into a WiFi WEP64 or WEP128 secured system in 2-3 minutes, if you own a device like this, it shouldn't be hard to show a judge that not only is it possible, but very probable in a crowded area/neighborhood/apartment.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
..but is he really making his system any less secure than any of the morons who were talked into forking out money for wireless hardware by thier local Best Buy salesperson? Honestly, most of the laymans I know that have wireless have no idea how to secure it or what network security even is. So really he is no worse off than thousands of other users.
Think that they got their idea from an article posted here (http://yro.slashdot.org/yro/04/05/03/1315232.shtm l?tid=123&tid=158&tid=99) about a week ago?
first of all, that link to salon was really annoying as i couldn't read the article
opening your internet connection has nothing to do with opening your computer. and i'm not sure why the author was so fed up with his "security" that he felt the need to shut it all off... why not leave the firewall up?
Unfortunately, I think this only applies when you *don't do it on purpose*. From my point of view, if you design a network solely for the purpose of relieving yourself of responsibility for what traverses your network, you are pretty much screwed once you get to court.
The prosecution must prove that you committed a crime, not that you tried to make their job difficult. They can't convict you for something just because you tried to obsfuscate your actions or gain plausible deniability.
As the article title says, "safe and insecure." The author has decreased the risk he faces from lawsuits launched by the RIAA, MPAA, BSA, SPA, etc., in exchange for reduced network security.
Where he is in grave danger is from his ISP, which could cancel his account in a moment should they get a DMCA complaint, spam complaint, hacking complaint, DoS complaint, or virus complaint tied to his IP address. The courts have to give him due process. His ISP does not.
"...my ISP has no way to be certain if it's me.'"
But they will have no problem holding you accountable by the terms of usage agreement.
End of discussion.
The next remark is false. The previous remark is true.
This has everything to do with avoiding responsibility, and I won't go into it very deep as everyone else seems to have done a great job at that already.
Bottom line is your line, your responsibility. I don't care who _did_ it. This is like saying, "Well, I know it's my gun but I didn't do it. I just left it out where just anyone could get ahold of it."
Blech! What a horrible taste that left in my mouth!
-LoneWolf-
It is by will alone I set my mind in motion.
So that's where this all came from.
That has nothing to do with security, and may remove some protections you otherwise might have to keep people from breaking into your own computers.
You are looking for lawsuit immunity, which is very different than security. How well that might work is going to depend on when somebody is actually willing to go toe-to-toe against the **AA in court. So far it hasn't happened. They blackmail -- you pay. I don't expect if you just say, "Hey, I had an open Internet connection. Could have been anybody," is going to have them reply, "Oh, sorry, we're dropping our suit immediately." Their case might be weak in court since it would be very hard for them to prove it was actually you unless they served a search warrent against you, siezed your computers, and did forensic analysis on your hard drives and any CD/DVD - R/RW's they got along the way, but that's only after you get to court against their deep-pockets.
Besides, if you do open your connection intentionally, you are probably in violation of the terms of your ISP.
Your argument is essentially the same as any Freenet user has -- and that has yet to be tested as well.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
I think that we just found our second winner for (sure lets call it) the Spinder Award ("a person who makes a good effort at removing themselves from the Internet). I am sure that some Comcast tech is trying to track him down as I type. Can you say Terms Of Service, (I knew you could).
The grass is only greener, if you don't take care of your own lawn.
If you open all the doors on your router sure you could make the argument that that it wasnt you. However, in the U.S. if the crime is nasty enough as in the case of child porn or espionage, that will not stop you from haveing all your electronic equipment confiscated (possibly for many months) and landing your ass in a dark hole until you are proven guilt free. In fact, I'd go so far as to argue that in the current state of affairs in the USA it really doesnt pay to go to great lengths to hide your identity. It raises too many questions. How about an example?
You set your router so anyone can use it and some jerk comes along and sends terrorist oriented communications through your wifi connection. The CIA finds out. The next thing you know your naked, on a leash and being photographed like your frig'n Paris Hilton. All your electronics have been taken away. When you get them back they're out of date or broken - sorry. Oh, by the way you going to get butt-probed everytime you go on a flight inside the US because you've made it on to a watch list and its going to take Nancy the file clerk the rest of your natural life to remove you from it. If you choose to open your router/network you are an idiot. And please forward me you local.
"Capital punishment makes the state into a murderer. Imprisonment makes the state into a gay dungeon-master"
This guy is mixing security up with liability. He's no more 'secure' than a rich guy walking through a slum with a briefcase full of cash.
He thinks he's limiting his legal liability, but it takes a lot more effort than what he's doing to show that he's either a) a common carrier, or b) unable to control the use of his own resources.
finally,it's stupid to cut the security on your network like that. He'll end up having a co-opted computer during the next major DNS attack
It is not only a nice gesture but has a number of advantages for you to keep your connection open for everyone to use. I've been running an open access point for quite some time now and made only positive experiences e.g. neighbors walking up to me, saying: "Hey, you must be the guy who's access point I've been using. Here are a couple bucks". In the meantime most of my friends also opened their APs. Besides some legal advantages(yes, that's correct) it is all about sharing and I am grateful to find an open AP when I go somewhere.
You'd risk your computer and information, making it public just to download a few friggin mp3s? Why is this crap considered intelligent enough to be 'news'?
But not for the average user.
You are responsible for all the content going in and out of your network. They will hold you to that, and should anything illegal enough to get the feds interested come along ( plans to blow up buildings, or your favorite 4 minute crap-of-the-week song. Guess which one is worse ), that's what they hold you to.
Mod me down with all of your hatred and your journey towards the dark side will be complete!
... they came through my Windows.
Your honor, the fact that my client's car was identified driving away from the bank robbery in no way implicates him. Recently he has been leaving his car doors unlocked and keys in the ignition. Because he does not watch the car during this period of time, he has no idea who may have actually used it for this crime. Since you cannot prove in the driver's seat he did sit, you must acquit!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
He has nice point of increasing the anonymity.
But what prevents one from sending the email he crafted without actually having a wlan basestation to begin with?
Does he really expect his isp to drive by and check wether he has one publically available to everyone or not?
I'd assume any isp would take his word for it and if he continued the dumb user act towards the isp, he might avoid the closing of his connection while downloading all the warez he can get.
If he really runs such setup, I'd suggest him to place another firewall between his network and wlan with port filtering which blocks spam sending.
He can always create vpn tunnel from his wireless machines to his network as needed for sending email etc.
There are no atheists when recovering from tape backup.
I don't know. I understand that the author is going for privacy at the expense of security, but this seems like the same logic employed by the person I heard about who had 6 deadbolts installed on their door and randomly locked only 3 of them--he figured a burglar would try to turn the bolt in all 6, thereby leaving several locked at any one time. His legal trouble is just going to smash the window and climb in.
I think all Joel is doing is setting himself up for the high-tech equivalent of a attractive nuisance suit.
Shouldn't that be: A Mac P2P User's...
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
The premise of the article description is wrong.
Leaving your network wide open doesn't increase your security, it decreases it. What you do in decrease your culpability for anything that happens with your systems.
Of course, this can backfire you want to shop online or do anything else that requires a small measure of privacy.... afterall, your security has been decreased!
Cheers!
SCB
So it seems that the idea might work for a $1000/month T1 line sold to ISPs, but not for a ComCast cable modem.
This would seem like a major loophole in that law protecting ISPs, but in reality, it just means that the police would have to go back to old-fashioned footwork rather than leaning back and letting Omnivore suck in the entire Internet scanning for violations.
As it is, if you're caught speeding (basic driving offence) you get sent a letter asking "who was driving your car on such-and-such a date?" and when you write your name down, bam! you've incriminated yourself.
But in the US, you have the 5th amendment to stop something like that happening - presumably they'd need evidence that you were driving your vehicle at the time, rather than "he owns the vehicle, so he has to prove that he wasn't driving it"
Hey! What pretty widgets?
I am pretty damn sure that if he would come before a couple of the judges in my family they would smack him down for not exercising due diligence. (You gotta love how many people in my home town suddenly call me up and want to hang out when they are fixing to go up in front of my relatives. Like I have sway with the old farts.)
He is not an ISP so it's not like he can claim any protection like the safe harbor clause. This is up there with trying to use the DMCA to enforce that whole pig latin encryption stunt.
I don't see what this accomplishes. Granted if you do hacking, it might be harder to get you but if you're downloading music/movies/child porn all they have to do is check your computer. It might be harder to convict that person than normal, but as the saying goes "possession is 9/10ths of the law." If you delete the illegal material then they can still probably get it using data recovery techniques and on top of it, you're breaking the law.
To me, this is a perfect honeypot. If there are any wardriving pedophiles or spammers, I say let's kill them. Set up insecure wireless network, wait for scumbag to use it, triangulate scumbag, beat the shit out of scumbag with a sack full of doorknobs.
Anyone with me here!?!
...it wasn't you, unless there is a possibility that it IS you?
The reference used here before was an example of a swimming pool owner - leave it unprotected, with no fence around it, and YOU are responsible for waht happens in it. IE: Some kid wanders into your yard and drowns, it's YOUR ASS that lands in jail.
The same would apply here. Intentenionally leave your network open to the world, and see who ends up standing before the judge after Officer Friendly views illegal content that was anonymously uploaded onto YOUR open server!
~m
"Yes, I have a Disaster Recovery Plan. It's called my Resume"
I put up with the advert - actually I made some coffee while it was on.
... except him.
The guy says that he's done this so that if his ISP ever accuses him of downloading illegal stuff, he can say "my connection was not secure; it could have been anybody". The fact is, he's posted an article on a publicly available site which tells everybody that he is doing this deliberately. "Well", says the ISP, "you are too stupid to have an internet connection". Snip go the scissors on his line. If this is not in their terms of service, I'm sure they can withdraw it with just a little financial compensation e.g. refund a couple of months of fees. But basically, they will not want anybody who exhibits such deliberate antisocial behaviour as a customer. (Antisocial because, for instance, a spammer could use his connection to send spam).
He's doing this so he can tell the ISP that it's not his fault if they detect somebody from his IP downloading illegal stuff. He has neglected the fact that if his connection was secure, nobody would be able to download illegal stuff from his IP...
hmmmmmmm.....
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Hop over to easynews and ask the admins there how well that works for you once the MIB show up.
While it is true that he is intentionally opening up his connection for use by third parties, he is not telling other people to use it. It is in a sense similiar to the problems that people have with P2P programs like KaZaa. It is true that the RIAA cannot necessarily prove that you do not have a right to the mp3's you download, they can proove that you are allowing the mp3's you have to be downloaded by people YOU cannot prove have a right to the music.
Don't forget about this
article. This guy got off a child porn charge b/c he proved his computer was infected with a virus that was responsible.
...then surely the police will never consider me to be guilty of drug trafficking.
Right?
Reminds me of Cicero, who said: There is no idea so foolish, but some philosopher has said it.
I've had a lawyer in a previous company tell us _not_ to moderate our discussion forums; and only act if there's someone complains. He said if we moderate the content we become more liable.
But the thing to remember is that if probable cause give law enforcement the legal means to search your home/business, it becomes a lot harder for you to maintain reasonable doubt about gigs of mp3s, mpegs, bookz, warez, etc.
the question, however, is can he be resonably expected to be responsible for other peoples illegal acts? in other words even though random people could access his connection, aren't they responsible for whatever they do? isn't that common sense? by doing this isn't he just saying that he doesn't want to have to deal with trying to keep his connection secure at all? if he, for example, did enable password protection and someone broke it would he still be responsible for their actions even though he couldn't prove that it wasn't him? in a sense he could argue that he doesn't want to be held responsible in such a situation.
It's like setting up a hotspot. Yes illegal activity may be facilitated by a lack of security. But so is perfectly legal activity by his neighbors, on his network.
Remind you of something? *cough*P2P*cough*
...contract (civil) law and criminal law? Your ISP will cut you off in about .02 secs flat if you violate your ToS, and if someone else has had access to it, you have. No and, ifs or buts. Unless your ISP would like to argue that you deliberately or grossly negligently (people are so computer illiterate, it doesn't even exit) broke the terms, they have no case.
You rented a car, the car got stolen? You don't get sued for violating the contract saying you couldn't turn it over to anyone else (you might have to pay for the car/insurance, but that's in their contract, not a violation of it).
Criminal law is a different matter. You either have to commit, be an accessory to or facilitator of the crime. Normally you could have trouble by being grossly neglient, like having an unsecured well, but again: People are so computer illiterate it won't fly.
To qualify as an accessory or facilitator of, you'd have to either actively contribute or actively avoid knowing about it. Here's the clue-by-four: Electronic communication is invisible. People have tons of spyware, viruses, open relays and so on. Open wireless is just one more type.
The ignorance defence works. Where I think it'll fall down is if you try to use it as a cover for committing crimes yourself. For anyone to care about your claim that wardrivers/aliens/gremlins did it, they'd have to actually look at your setup.
And if they got to that point, they'd probably recover more than enough information from your hard drive to take you down hook, line and sinker. Unless you do religious encryption, wiping and so on, in which case they'll slam your ass for details because "he probably deserves a lot more".
So if they're going after you based on IP address alone and you want to bluff (note: Falsifying evidence, perjury are serious crimes), install an open wireless afterwards. If you're doing something bad enough the FBI raids your ass and examines your computer, it won't do you any good anyway.
What have you gained by opening it up now? As far as I can tell, nothing more than the good chance your ISP will cut you off, or the FBI raid your ass based on what someone else has been doing. I'd rather take my chances as a casual pirate than a casual pirate whose wireless network was used to release kiddie porn or the latest windows worm, all things considered...
Kjella
Live today, because you never know what tomorrow brings
Ignoring the fact that this guy just wrote an article about his stupidity for salon.com, how can he prove that his connection is so insecure anyway? If the RIAA came after him because they logged his IP on Kazaa, sure, he could claim he runs an open access point...but, he could just as easily make the same claim if he ran a *secure* wireless access point, with no logging, and changed his settings the day he got the letter.
:p).
Claiming that someone hijacked your wireless connection may or may not be a valid defense, but I don't see how his actions are going to bolster that defense in the slightest. He is merely making it more likely for the RIAA, MPAA, Comcast, or some law enforcement agency to come after him for questionable activities from his IP.
Even if he could prove it, they could probably charge him with aiding and abetting something, because that proof would also establish his intent to run an insecure access point, so he could not claim he was an innocent and unknowing victim of evil h4x0rz (said evil hackers would also have to spend a considerable amount of time within a small radius of his access point to accumulate any appreciable amount of warez. I'm fairly sure that most wardrivers aren't running Kazaa in the background to leach off of shitty residential DSL connections
Virtually all computing has plausible deniability built in, unless you want to go into highly advanced physics and figure out where each electron must have been then your computer can very plausibly do things without leaving any evidence, unlike physical actions that almost always leave something behind (finger prints, shoe prints, hair, fibers, blood, even just a few cells of your body, ballistics and weapon marks and gun profiles, witnesses, tapes, disturbance of a room etc. even a bit of paper could reveal millions of things under forensics) computers can generally do something and not leave a trace, RAM and CPU at least. Thats why we generally don't use computers for voting. Even with excellent security you could always plausibly say you were 0wN3d. It all depends on where the line gets drawn and who drew the line (which can be determined by the pressure profile on the pencil mark, and chemical analysis of the graphite to match it with the actual pencil and some of the cells that you left on the paper.
This comment does not represent the views or opinions of the user.
..you can plead insanity, since negligence never works...
Id love to see his line rentals terms and conditions, they will amost certainly forbid what this guy is doing (intentionally sharing his connection with third parties).
No he's not. He's leaving the front door open. It is STILL trespassing if you enter without his permission. If you attach to his router without permission, your are trespassing and stealing service. The courts are pretty clear on this.
ok let's take a look at comparisons:
sorry officer i wasn't drvining my car when it ran over that elderly lady, and i can prove it as i was playing D&D with my buddies (no one lies aobut that) adn they will all tell you where is was.
or
yeah it might be my gun, but i reported it stole last week, and if you check my fingerprints are not on the weapon.
So those seem to work, so who knows this guy might not be on crack.
The fact that this guy is a moron is obvious. If it is not clear enough now, it will be painfully clear in the near future....If you have an internet connection, by default it is your responsibility to secure it.....otherwise you will lose that Internet connection....Just by owning a car does not mean that you can drive it, and even if you can drive it, does not mean that you are any good at it.
Having a connection to the Internet is not a right, it is a responsibility. And one that can be removed at any time....ignorance is no excuse.....which is what he is claiming to be his defense....
What if you would install a win98 with ics as a gateway? Couldn't bill be held liable for what happens ?
Dont you all know that if you make your system as insecure as possible, eventually it will become so insecure that it will roll over and into the negatives. and -(insecure) == VERY secure.
This sig was made from 90% recycled sigs.
A morning without coffee is like something without something else.
So the idea here is to create your own crowd so you can hide in it.. I'm pretty confident that that is not going to work in this case. Generally spoken it does work if you also manage to hide the fact that it was you who created the crowd but that is kinda difficult in this case I'd think...
The author of the article is a troll. He actually owns a ranch house on a 10 acre plot in some sheltered subdivision. He doesn't even have neighbors within broadcast distance of his WiFi AP. Wardrivers would be lucky to get in the front get of his community and even luckier if they could get a signal from the curb. The author of the article is sitting back in his perfect little world and just waiting to see some poor backwoods hick and 16-year old get propped up on the news trying to use this defense to cover for file sharing in court.
I can't say that I advocate what this guy's doing. I honestly hope that every single ISP in his area blacklists him just for being a dumba__. However, I really don't see that this will be a problem for him. Unlike many of the reactionary personalities on internet message boards I don't look at every one of my neighbors as potential child molesters, credit card thieves, spammers, stalkers, or virus writers. I don't ph33r the bumper sticker laden VW crusing down the block with an antenna. To sum it all up: I don't buy the hype.
Still, though, the author (Micah Joel) is just a flaming dumbass. Next you'll see him writing articles about how he walks around town buck-naked because he's so "secure".
+++ATHZ 99:5:80
but think about it.
This is something I like to call the bubble gum principle:
When I was in middle school, chewing gum in class or at school was against the rules, but yet everyone tried to get away withit, we practically had a bubble gum mafia.
But when I got to high school, they changed the rules that you could chew gum. All of a sudden, there were a lot less people chewing gum.
Perhaps the same priniciple applies here. The only problem is that you'd have to convince millions of people that they should keep their computers wide open.
What works with bubble gum doesn't necessarily work with computers.
[...]I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.
Funny, I thought the account holder/entity was responsible for whatever happened on the IP address(s) he/she/it controlled... Sounds a lot more like this guy's just setting himself up to take the hits for his neighbors if they download stuff the MPAA/RIAA/etc don't want them to.
"But my neighbors all share my internet connection, so you can't figure out who did it! Ha!"
"Well, we'll just have to nail you for it, since you're responsible for what goes on with that connection."
"Um... er... viruses did it?"
"Nice try."
He listed the superset (mac-user). don't really have to be part of the subset to do what he said. you can be a plain old mac user and still do stupid things.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."
as it is legal to offer a wifi hotspot in your neiborhood. It is your concern for privacy that keeps you from logging and though it is true that most TOS' hold you fully responsible that is only to the ISP, not to the courts. I have done this for several of my neihbors though as far as my ISP knows it is just for my laptop when im in the hot tub.
the term "pwned" makes you look like an idiot anywhere else but an online gameserver.
They wont care if its you or not, you are responsible for the traffic that your account uses. Especially so if you are reckless.
I don't think they are going to care much about the 'excuse' that 'it wasn't me'. Nor will the police.
They will just point at what you agreed too, turn off your service and potentially prosecute.
---- Booth was a patriot ----
then yes, you would be responsible.
If you load your car to a friend and they kill someone, you're liable.
That's the problem with analogies. It's so easy to think some detail isn't important to include.
"stealing your car" is not analogous to what this person is doing. They are activly loaning their car. And as such they will be responsible for what happens.
Ben
Work Safe Porn
Eventually, someone may use that wide open connection for something actionable. If not found guilty, culpable, or negligent, he will have to pay $$$ to lawyers to stand up with him and say
[BartVoice]
I didn't do it
Nobody saw me
You can't prove anything
[/BartVoice]
Your terms of service almost certainly prohibit it, so you are violating something. Furthermore, you'd have a hard time arguing that you are a telephone company or cable company, and you probably don't comply with the kinds of regulatory requirements they have to comply with, so the "I'm a carrier" excuse won't hold.
And, from your statement, it sounds like you are doing this deliberately, know that you are doing it deliberately, and know the consequences: your connection will be used by spammers, copyright infringers, child pornographers, and other unsavory characters, and people will probably be able to argue that thereby you wilfully contribute to those crimes.
by default the encryption in not active. I post anon because I have been doing this for 6 months.
Leaving your keys in your ignition and the doors unlocked is a good way to get away with insurance fraud.....
It will end up like the red light traffic cameras that are exploding into use in the US. They just send the ticket to the registered owner. It doesn't matter who might have been driving, you WILL pay the ticket because it's your car. No exceptions, no excuses.
Do you see the parallel?
Professional Politicians are not the solution, they ARE the problem.
I can't access the original article. Apparently they switched it to Premium access only...
That guy did not think it through.
If he does FBI at the door illegal stuff, having an open network might keep the conviction off. (Not if he says what he's doing in an article though..)
However, the open access point is FAR more likely to attract someone with the same idea, "hey, let's download mp3s on this guy's network!"
Now he's got several people doing it instead of one.... which mean's he's far more likely to get attention from RIAA or whatever and cause himself civil suit harm. Civil suits have "perponderance of evidence" for the loser, not the "beyond reasonable doubt" for criminal.
So he trades a low risk of jail for a MUCH higher risk of civil problems.
That's just dumb.
Just go find someone ELSE's access point that's unsecured and use that. Duh.
This security is about the same as leaving your car unlocked at the curb with the keys in it so you can beat the photo radar ticket since you have no idea who was driving at the time.
I think its best to keep control and make sure that it doesn't attract attention of the monitoring for illegal activity. It may give you some protection if you are a regular violator, but keeping out of the pedeophile, underage porn, hosting copyright content, etc. should help reduce the need for expensive lawyers. Running a MAC that won't run KAZA and having no IM client helps.
The truth shall set you free!
Can't you do the same thing with freenet? I mean, you never know what you're hosting with that. And that's certainly a lot more elegant and safe than this proposal.
I'm the stranger...posting to
"Security through Stupidity" - make sure your network is SO screwed up that even if someone did infiltrate it, they wouldn't be able to do a damn thing. Then they'd get frustrated and leave.
:D
Hey, works for me!
You can call it rubbish all you want but you are responsible for whoever you allow to drive your car. That's the law.
The dealer relinquishes their responsibility when you sign on the dotted line and drive it off their lot
Ben
Work Safe Porn
A network service provider is defined in the law as one who offers network services to other(s). Nothing about cost, who they are, or what services. This scheme makes the user an ISP. (Running a network inside your house might even qualify, by the wording I saw.) No requirement exists to charge folks, and there is no requirement to log. You are offering a legal service. If you KNOW of illegality you may have some duty to report or stop it, but if you are just a pipe, you do not know.
Now, having sounded off in public like this suggests your motive is to cover your OWN illegality, which would not sit well with a court, but the law does not keep you from acting as an ISP in this way. Your service agreement with your upstream provider might, but that is a contract issue between you and them, not a criminal matter, in most jurisdictions. (Even those with laws treating such action as theft of service may not enforce such laws, and I don't know that many of them have been tested as yet. The ones I saw are so broad as to possibly cover some normal activity and they may be attackable for that reason.)
The analogy is exactly with your own ISP: they are not liable for what crosses the pipe so long as they don't know of anything illegal and take action to block what they find out about.
Does the ISP care who you are? Not really. They just care that its YOUR modem being used to download that stuff. The final destination or who is actually dictating what is being downloaded is irrelevent if the ISP really wants to shut off your internet.
tell all your friends
This story reminds me of the Crowds Project (used to be described at http://www.research.att.com/projects/crowds, but the page is down). It was an early scheme to allow anonymous internet browsing.
Basically, a group of cooperating internet users would exchange anonymous proxy services at random. A hit apparently from user X would be guaranteed not to be from user X, but instead from some other user in the crowd. Actual hits from user X would appear to be from random other members of the crowd. Users would promise not to keep logs or otherwise track each other's usage.
Does anyone know if anything ever came of the project?
I don't know about you, but the excuse "it's not mine officer, someone else must have put it in my bag, man..." has AFAIK never held legal water.
I doubt it would save you from the RIAA, either.
-Styopa
You are a legitimate user. Please send your keys and passwords to the FBI. And the CIA. And the NSC. And your local police. And the lawyers in your town, nearby city, your state capitol. And their accountants. And their psychiatrists. And their priests. And their doctors. What are the chances something bad will happen? You have nothing to hide, and they're all trustworthy, right? And with your passwords and keys so widely distributed, you won't ever get locked out of your car, house or ATM, and you need never remember anything, keychain to wallet. You have achieved total freedom!
"Freedom's just another word
For nothing left to lose"
- Kris Kristofferson, "Me & Bobby McGee"
--
make install -not war
Kind of like, I am not responsiable for torture of prisioners because I didn't know it was happening. I might have sent inexperienced under resources personel to extract information "using all neccessary means", but I didn't know they would resort to turture.
"There's no system that's completely secure, so whether hackers are inside or outside my firewall will make little difference."
Right: there's no shoe that's completely impervious, so I go barefoot.
A more reasonable approach to gaining the "plausible deniability" of connecting to the Net thru a public, unaccounted, shared connection, would leave the network (AP, LAN, router) unsecured, but firewall each host. So the muddy track can't spill into the inhabited areas. While SSL (and other end-to-end security) connections are available in the mudroom, for traipsing among the filthy byways among them, in the backyard and around the world.
--
make install -not war
It is not acting in reckless disregard, the legal term you are looking for is "attractive nuisance."
For an example, lets say you have a swimming pool. You put up a fence keep the gate locked. You post signs saying "danger, no lifeguard." You chase away all the neighbor hood kids when they come around, but one climbs in late at night and drowns. You are at fault.
The author of this article has shown himself to be a sophisticated technical consumer. Someone who knows what they are doing. By choosing _not_ to protect access to his line he is acting in a negligent manner and his open AP could be considered an attractive nuisance.
listen to these slashdot wussies cry about this.
They do not value the true patriot who sets up
a machine for others to use anonymously.
Listen how they whine how it will get abused and
you will end up paying the price. They do not
consider the person who must access data without
being known.
Kiss my asss you slashdot wussies.
"Worth it?"
Right now it isn't worth it, but if the trend continues of this country being under the control of corporate interests, i.e. the RIAA suing hundreds of thousands of people then it might be.
We have 2 years of bliss before DRMed Longhorn comes out. Support the development of open source encryption, and anonymous p2p applications since when DRM comes you'll likely be paying each time you access any type of information.
The point is made - if you open up your WAP for no legit reason, and some asshole does something naughty, you're held liable.
On the other hand, if you opened up your WAP for a legitimate reason - to enable your neighbors to log onto your system to play Nethack or something, then you can claim you opened your WAP for legal purposes, then some asshole abused it. It's harder for the .gov or four-letter-organizations to prove intent to cause harm.
Meldroc, Waster of Electrons
Open is the new closed. If a host pretends that all 65535 possible ports are open (accepts connections, but doesn't do anything with them), that is much much harder to compromise than a host which is "stealthed". After all, it's possible to find out which ports are open on a stealthed machine. It just takes longer. If they're all (apparently) open, you'll never know which ones are actually in use.
No, I don't want to explore the Recycle Bin.
I suspect the small print of his TOS make him responsible for any and all traffic between his ISP and his machine. They don't even have to know it's him, it's still his fault.
convert your linksys into such a beast. http://www.portless.net/ewrt
"What you need is a router that provides bandwidth priority to some connections and not others (I forget the term), and also that partitions the public portion of your personal network off from the private portion. And instead of claiming ignorance, claim you are a nice guy who just wants to help out your neighbors, houseguests or restaurant patrons."
Will someone please post the whole article?
/. - and besides, Salon should be ashamed to use such methods and thus deserve to be bypassed... (IMHO!) ;)
Salon is a pay-per-view site with payment through subscription or forced ad-viewing through a cumbersome process and a lot of people don't want to go through all that just to read
What I'd like to see is a wireless acess point that can be configured to provide a unique WEP key to each connected peer. One peer's WEP key would be be unable to decrypt another peer's packets. One could open up the base station to one's neighbors while still keeping each connection encrypted. The access point should be able to be configured to generate a new random WEP key for each peer at regular intervals. If you want peer anonymity, just don't keep any logs. Such a device would perfectly illustrate that security, privacy, and anonymity are compatible.
Lameness filter encountered.
Your comment violated the "postercomment" compression filter. Try more profanity and/or hand repetitions. Come aborted.
Please try to keep post in the hole.
Try to insert things in to other people's orifices instead of damaging your own eyes.
Read other people's messages but then ignore what they said this will help you get more points.
Going off on a tangent like a dope smoking retard is the best way to get laughs.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (Sure they will, this web site actually has real people working at it, just like your local top 40 radio station)
Problems regarding accounts or comment should be, just keep them to yourself. It's not like we are actually going to read them.
to join our elite team of operatives. Your assignments will be very dangerous and extremely exciting, well in a geeky kind of everquest way that allows your ass to grow bigger. This message will self destruct in ...
when did security and privacy become synonymous with "ability to get away with illegal activities"?
On an alternative note, maybe we'd all be creating more secure systems if we ran all our internet facing boxes without firewalls. Then we'd have to rely on minimal, latest version services running as non root users in chroots, using Deny From All rules and good passwords to block access. You know, the sort of thing that people **should** do anyway, but that they don't bother to because they're behind firewalls.
Get your own free personal location tracker
WEP is notoriously easy to hack. There's no need to even turn it off to argue that someone hacked your wireless network and downloaded files.
Any man who afflicts the human race with ideas must be prepared to see them misunderstood. -- H. L. Mencken
Actually, the defence brought by the author is exactly the same as is done with Freenet (see a recent /. article about Freenet&paypal). Only, Freenet does it much, much safer.
Strange, I don't see many replies here crying faul and shouting that it is 'supporting childporn'. What? Keeping no log will provide a safehaven for all those myriads of baby-rapists out there, no?
Ah well...maybe one should forbid that too, then. And wile we're at it, all 'hot spots' should be forbidden too.
Shows how absurd those arguments were.
And furthermore, those people that claim that ISPs, as a carrier, have protections while we have not, don't know what they are talking about. If you use your puter/server as a carrier, then, by definition, you fall under the same protections (at least where I live). There is nothing in the law that says end-users can't have carrier-protection when they act as a carrier, but companies can.
You could still be violating your TOS, however, that is true. Though, it should be noted that some ISPs allow it, and in any case, a TOS-violation isn't that big a deal within a free market-economy where ISPs battle for marketshare.
--- "To pee or not to pee, that is the question." ---
Indeed! We, the FBI are not EVIL. We are GOOD. We are the FRIEND you always wished for but never had! We are your best PAL, ever.
Trust us!
You, sir, make a very, very good point!
Since you are, without doubt, a legitmate user of the internet, please provide us with your login and passwords of all your emailaccounts or any other internetservice or tool you might use. Also, can we count on you to promote the use of encryption where we, as part of your trusted government, have the key/pasword of? It didn't work out the last time we and our pals on the NSA tried it, but with enough help of you and your ilk, we just might succeed, this time.
Thanks for your cooperation, and be sure to distribute our leafflets "Trust your Good Friend the FBI to Do what's Right". Please don't forget to place your name and address on that leaflet, however, because we try to change the law so we can make that obligatory.
To combat CRIMINALS ofcourse, not law-abiding citizens like you!
your friend,
the FBI
--- "To pee or not to pee, that is the question." ---
You just say it was *meant* as an anonymous proxy or hotspot.
There is no law forbidding you to create a hotspot and/or to let your puter use as a proxy. there is also no law that requires you to keep a log.
And if you effectively act as a carrier, you *do* have carrier-status protection; there is no law (at least not where I leave) that provides that protection to companies, but not to individuals.
That said, you could be violating your TOS, you would still be liable (depending on the laws) if you were pointed out the illegal files and you didn't remove them, and genreally, it's not very safe to just open your puter in that way, without safeguards.
If one would go for such a defence, one would be FAR better of with Freenet. It's much safer, and with the added benefit it's probably not violating your TOS.
--- "To pee or not to pee, that is the question." ---
Well, if I`m not mistaken, there WAS a case in court were a teen was accused of hacking a network but used the good`ol trojan as an alibi. Since there was a trojan in his computer, ANYTHING was presumed as possible - a malicious attacker could even create false logs if he was able enough, couldn`t he?
Posting a public announcement is not conspiring. If you publish a web page showing how to build a bomb, have you entered into a "conspiracy" with everyone who builds a bomb based on information on your web page? If you write an article stating that a specific jewelry store has no working burglar alarm, are you an accessory if it is burglarized? The chilling effect on free speech given your world view would be horrifying.
There's nothing in conspiracy law that requires the communication to be secret.
As you can see from the definition, for there to be a conspiracy, there must be a secret dialog between two or more parties, not a public announcement by one.
It is still 'stealth or bust'.
By returning "I don't accept that kind of traffic!" means that the ruthless / badly written malware knows that particular IP address is a 'live one' ripe for the taking. Responding just opens you up to more abuse like responding to 'opt-outs' in spam email.
Nope. IP space is so busy these days that an apparently unused IP address is what makes you look odd.
Responding "I don't accept that kind of traffic." causes a random-scanning worm to immediately move on to its next attack. However, not responding causes the worm to try it's next attack anyway.
Basically, saying nothing is now an assumed meaning of no, but saying "no" means "no" right away and it stops knocking...
Let's cut to the chase and stop all the bellyaching....
Consider the existence of an ISP that offers 100% encrypted, 100% unlogged Internet access....
Kiddie porn is the only content not allowed at HavenCo but if everything flowing through such an ISP there is encrypted, they wouldn't be able to tell.
I am not advocating kiddie porn but this issue is the only drawback to my idea.
Chances are someone might take the plunge and set up such an ISP or may have done so already....
The RIAA / MPAA / BSA will be quaking in their boots if this becomes a reality. They would then pressure 'the powers that be' to unplug HavenCo from the Internet permenantly.
Most people here are missing the point. The point here is not that the Salon guy isn't honoring his TOS, or any of the other objections I've seen so far. It's that he's being morally irresponsible.
Some have mentioned equivalent scenarios such as leaving your gun in your house, and someone stealing it, and then whether or not you should be liable for the damage they do with it.
The difference here is that the writer of the article isn't like just some shmoe hillbilly or weekend hunter who happens to have a gun. These are ordinary people, with valid (or at least plausible) excuses for not securing their property if a mishap occurs. No, the writer is like a cop, who knows full well what happens when guns get stolen, and yet keeps his gun in plain sight in an unlocked cabinet in his unlocked home.
What is important here is not the ability he has to safeguard his stuff, but the knowledge that he's doing something irresponsible. He's trying to fake an insanity plea. He's an out-and-out liar if he tries to claim that he "just didn't know" someone would use his connection.
The other part is that, as a (I assume) at least semi-educated netizen, he should know that it takes everyone's participation to make things better. If MOST of the people who used wireless networks secured their networks, wardriving wouldn't be such a big hobby. If most of the people who used Windows practiced safe patching, antivirus, antimalware and email techniques, Windows wouldn't be such a big target.
He's shuffling the blame. "Let someone else deal with it," he is saying. That's a combination of irresponsibility and laziness.
There was a previous article pertaining to the Russian that had kiddie porn on his machine at work, because of spyware. Now before you mod this offtopic, the article touched briefly on Cyber law and mentioned something similar, wherein in New York it is legal to piggy back on a wifi signal not belonging to you, as long as the owner doesn't expressly tell you not to. Though in your case your ISP could argue that you are violating their TOS. IMHO, you should be free to view, listen, play, whatever you like in cyber space as long as you don't break any federal local state or international laws.
I am Bennett Haselton! I am Bennett Haselton!
Someone buy the /. staff a dictionary.
On the other hand, it's much harder for nmap to fingerprint your server if it can't find at least 1 open and 1 closed port.