Safe and Insecure?

← Back to Stories (view on slashdot.org)

Posted by michael on Tuesday May 18, 2004 @09:53AM from the playing-dumb dept.

JoeCotellese writes "Can making your network insecure actually improve your security? That's the question asked in this story running in Salon. The author makes the case that by 'making my Internet connection available to any and all who happen upon it, I have no way to be certain what kinds of songs, movies and pictures will be downloaded by other people using my IP address. And more important, my ISP has no way to be certain if it's me.'"

16 of 508 comments (clear)

Min score:

Reason:

Sort:

That is so retarded by Anonymous Coward · 2004-05-18 09:55 · Score: 5, Informative

Or am I the only one who has terms and conditions which say that I am responsible for everything that passes over my connection?

Wishing something doesn't make it so.
1. Re:That is so retarded by devorama · 2004-05-18 10:17 · Score: 2, Informative
  
  From the Comcast TOS section 5b, Prohibited Uses of the Service:
  ...the Service is for personal and non-commercial use only and you agree not to use the Service for operation as an Internet service provider, a server site for ftp, telnet, rlogin, e-mail hosting, "web hosting" or other similar applications, for any business enterprise, or as an end-point on a non-Comcast local area network or wide area network.
2. Re:That is so retarded by pla · 2004-05-18 10:35 · Score: 2, Informative
  
  Or am I the only one who has terms and conditions which say that I am responsible for everything that passes over my connection?
  
  No, most of us have similar terms with our ISP.
  
  However, so far in this discussion, people seem to have completely failed to realize that we deal with two distinct layers of accountability. The AUP only apply to the ISP's dealing with us, it doesn't extend beyond the continuation of them providing a service in exchange for us paying a set fee.
  
  So, at the ISP level, your AUP applies. If you do this and something happens, expect to get TOSsed immediately. No questions or appeals, just find a new ISP.
  
  At the legal level, though, in order to get whacked with a criminal conviction, some lawyer would need to demostrate either that you commited the primary crime (impossible with no logging unless you stupidly re-associated yourself with one of your own accounts outside your WLAN), or that your deliberately set up your WAP to permit such crimes. Considering the general security of an out-of-the-box WAP, I consider both of those unlikely.
  
  Now, we could also consider the civil law level, but that gets a lot more sticky, since you lose if you most likely satisfy one of the above two conditions. But, on the bright side, civil law does not equal criminal law - You might have to pay a few bucks, but you don't have to live with Bubba for 15 years.
  
  PS - IANAL.
Open != Insecure by Raindance · 2004-05-18 09:59 · Score: 2, Informative

Salon is talking about networks open by design, not insecure networks.

There's a huge difference in implimentation, and also when speaking of liability and your situation in the eyes of the law.

I'm not a lawyer, so I'll hold off from saying more.

RD
Re:privacy != security by incast · 2004-05-18 10:02 · Score: 5, Informative

the author acknowledges this (and even uses similar words: "I'm willing to trade a little security for privacy.") in the article. the poster made the bad implication, not the original author.

good eye though!!
Re:Salon: News writen by Sophomores... by kmmatthews · 2004-05-18 10:17 · Score: 3, Informative

Speakeasy [http://speakeasy.net/] doesn't - in fact, they ENCOURAGE it. No, I don't work for them. Just a very satisfied customer on a 6.0/768 DSL connection. :)

--
feh. stuff.
Re:And by keeping a loaded gun in my mailbox... by webmaestro · 2004-05-18 10:32 · Score: 2, Informative

Except its illegal to use your mailbox for that.

I have a friend that needed to give another friend back a fake bomb used in a school play. He decided to return it to the other friend's mail box, thinking that he would notify the friend before the postman came by. Unfortunately he forgot, but my friend who had the mailbox found his mail laying right on top of the fake bomb, apparently the postman did not seem to be bothered by the bomb. A few days later he got a visit from Postal Inspectors and was luckily not put in jail, but they did inform him that it was illegal and that mailboxes were not "personal receptacles."
Moron by jeremyp · 2004-05-18 10:52 · Score: 2, Informative

I put up with the advert - actually I made some coffee while it was on.

The guy says that he's done this so that if his ISP ever accuses him of downloading illegal stuff, he can say "my connection was not secure; it could have been anybody". The fact is, he's posted an article on a publicly available site which tells everybody that he is doing this deliberately. "Well", says the ISP, "you are too stupid to have an internet connection". Snip go the scissors on his line. If this is not in their terms of service, I'm sure they can withdraw it with just a little financial compensation e.g. refund a couple of months of fees. But basically, they will not want anybody who exhibits such deliberate antisocial behaviour as a customer. (Antisocial because, for instance, a spammer could use his connection to send spam).

He's doing this so he can tell the ISP that it's not his fault if they detect somebody from his IP downloading illegal stuff. He has neglected the fact that if his connection was secure, nobody would be able to download illegal stuff from his IP... ... except him.

hmmmmmmm.....

--
All I want is a secure system where it's easy to do anything I want. Is that too much to ask ~~ Randall Munroe
Re:In related news... by interiot · 2004-05-18 11:03 · Score: 2, Informative

Yeah, see "contributory negligence".
Re:In related news... by YankeeInExile · 2004-05-18 11:34 · Score: 3, Informative

Assuming you were in the United States, you would go to your state public utilities commission, or equivalant, and file for a Certificate of Public Information, Convenience or Necessity

There are specific requirements that vary from state to state

--
How does the Slashdot Effect happen given that no slashdotters ever RTFA?
Re:Salon: News writen by Sophomores... by Preston+Pfarner · 2004-05-18 11:58 · Score: 2, Informative

Sure, they encourage sharing, and they offer divided billing, but their customers are still liable for whatever traffic they exchange with speakeasy. I don't know if you have the same Terms of Service that I have, but I see this when I log in and poke around. Look down to "responsible" at the end.

Speakeasy's Wireless Sharing Policy

Speakeasy has been an outspoken supporter of Wireless technology and services for quite some time and has one of the most progressive wireless sharing policies in the business.

Wireless networking and publicly shared wireless networks present exciting new opportunities to share information and connectivity resources with one another - we encourage you to explore it!

Speakeasy believes that shared wireless networks are in keeping with our core values of disseminating knowledge, access to information and fostering community, provided this usage does not have an adverse impact on the services of other customers, does not involve any illegal activity and is not otherwise in violation of any aspect of our existing Terms Of Service. Please remember that the Speakeasy account-holder is responsible for all activity originating from their DSL line, even if it is the result of other users on a shared wireless connection.
Re:If you let them by radish · 2004-05-18 12:34 · Score: 2, Informative

If you load your car to a friend and they kill someone, you're liable

Rubbish. The only person liable is the driver, not the owner (provided I had no reason to believe that they would do that if I lent it to them). That's like saying if I kill someone in my car you can prosecute the car dealer who sold it to me, or the manufacturer who made it.

--
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Re:In related news... by ManxStef · 2004-05-18 13:06 · Score: 4, Informative

Both parent posts are pretty much right, but you should *definitely check that you're complying with the law* regarding what you must keep.

I'd recommend reading this paper over at SecurityFocus as it covers a pretty similar remit: Destructive Influence By Scott Granneman

Basically what he says is that if you have a thoroughly designed and well implemented data destruction policy (that complies with local laws) it can be somewhat favorable should something bad, like a lawsuit, come your way.
Re:Spinder Award Winner! by ForestGrump · 2004-05-18 13:39 · Score: 2, Informative

What you need is a router that provides bandwidth priority to some connections and not others

You mean QOS? about qos

--
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
Re:Spinder Award Winner! by BuckaBooBob · 2004-05-18 15:53 · Score: 3, Informative

Your Use of Bus and Star Topologies is misleading on how newer broadband connections work.. xDSL is not dedicated to the CO.. Its only dedicated to the nearest concentrator which may or may not be over capasity.. by the time it hits the CO your looking at atleast a 1000-10000+% under supply of upstream bandwidth reguardless of your broadband medium... any salesperson mentioning the word dedicated when he is talking about broadband should be shot... Its the internet and by its nature is a shared medium. its moot to use the work dedicated because it all combines into a pipe that cannot supply every connection if each connection were at peak utilization.. Not even getting into packet switching capasity which is by the large part the real bottle neck when you look at a carrier class connection. The whole debate about cable is faster or xDSL being faster is a moot point its all based on engineering, design, and quality of the "Plant"... I can easily find areas where cable is faster than xDSL and visa versa...

Also cable has a vast frequency available to utilize and can be setup using multiple freq's creating a virtual star topology in an area... Cable is best described as a hybrid network as you can find nearly every style of network architecture someplace in cable systems.

--
Who needs WiFi when we can have Packet Over Sheep! http://datacomm.org/PoS-InternetDraft.txt
Re:In related news... by Fjandr · 2004-05-18 16:14 · Score: 2, Informative

Yes, but it'll have been destroyed long before you get the subpoena. That's all that matters. If you're destroying it in order to keep from complying with a subpoena, then you're in trouble. It's called being proactive. :)