Slashdot Mirror
Schneier Says 'Steal this Wi-Fi'
apolloose noted Bruce Schneier's latest entry on Wired where he talks about insecured wifi networks, and suggests that you
Steal this WiFi. Basically, since insecure WiFi is everywhere, why not? You're helping make the world a little better for someone else.
If I opened up my network, anyone could start downloading pirated movies and music and use up all of my bandwidth that I want to use for downloading pirated movies and music!
Give a man a fire and he'll be warm for a day. But light a man on fire and he'll be warm for the rest of his life.
That's like saying we should "steal" music files because it's not a physical thing and EVERYONES doing it so it's okay. Besides, it'll be an important lesson to those who didn't secure it in the first place...
Ask not what you can do for your country. Ask what your country did to you
I thought it would be about stealing the wifi hardware... well not
Colorless green Cthulhu waits dreaming furiously.
I'd like to move my iMac around the house. I don't have a wireless router but there's about 6 wireless access points I can see in my neighbourhood alone. There's all password protected though -- probably with WEP.
Can anyone point me to a simple tutorial on cracking a WEP password? I really just want to check my email, I wouldn't abuse my neighbour's internet access with anything malicious.
Thanks!
Why not? For one thing because it would pretty much guarantee total anonymity to everyone online.
If you want to commit a crime online, it's easy enough to drive your car to the next city, open you laptop and connect to a random open AP.
And if you were too lazy to do that, you can always say "It wasn't me, someone else connected through MY open AP!"
If someone connects from far away or with a DS, won't it lower the bandwidth for everyone? I think the .n spec has a way around it. Some routers can operate at multiple speeds, or at least switch off the lower ones (just don't use your DS).
I'd suggest you don't take the access point, just let your computer communicate with it.
Sure, everyone please use my unsecured local Wi-Fi access point. I'm giving back to the community... ... and the community in turn will have all traffic filtered through a box that will sniff passwords, private keys, you name it.
So please "steal this Wi-Fi" since I need a few more social security and credit card numbers.
More Twoson than Cupertino
Why steal when you can *share*? i.e. get the owner's permission, a la www.sharemywifi.com
1. Clients (laptops) default installed wifi software (hint: Steve Jobs are you reading???) need a scanning
mode which does not waste my time telling me about all the password or mac-address locked wifi
basestations, and only advises me about open ones.
2. Basestation/routers need a simple-to-configure mode where they will let others into a separate
subnet that goes straight out to the Internet but does not see my home computers directly.
3. (Brain software/mindset change.) Americans need to stop reflexively calling sharing 'stealing'.
You've been trained into this terminology by those who have already stolen everything and don't
want you to get it back.
Where are we going and why are we in a handbasket?
This is an ethics by analogy situation. Everyone arguing over whether it is right to use unsecured wi-fi connections bases their arguments on analogies, and depending on the analogy, reaches a different conclusion.
As I see it, if someone left their wi-fi open, then either it was intentional, or they're too clueless to notice (or care) that I'm reading my email.
Just get it a bigger antenna, it'll feel much better compared to wired networks in no time.
"Insecure?". Yeah, nobody wants a clingy Wi-Fi.
Proverbs 21:19
So for point 2, you want encrypted wi-fi for your home systems and open unencrypted wi-fi for guests. Is that even possible without two separate access points?
Another side to this is to consider that some people may actually allow access. I used to. I had an SSID of JUMPONFREE. I did this for two reasons: one to give Internet access to people in my apartment complex if they did not want to pay for it themselves, and two because I incorporated transparent proxying and compiled lists of visited sites (as well as port mirroring on the switch to track protocol usage). You don't have to concern yourself with abusers if you set up traffic priorities and/or bandwidth limiters. I am not alone, as I have seen many cleverly named SSID's indicating the owner is not just some non-configuring noob, but rather someone that cares enough to share.
Click here or here.
Everything Schneire says is true.. for Bruce Schneire. Not everyone is as adept as he is in configuring a computer to be secure. I'm OK, but I'm likely not vigilant enough to keep everything as secure as it should be (and thus I have WPA encryption on in my wireless network). The vast majority of the public is just plain terrible, and has no clue how to configure their computers to be secure in an open network.
Securing your wireless network with encryption isn't like flipping a switch, but it's a HELL of a lot easier and more accessible than knowing how to secure each and every device accessible on your network. Having ONE point of entry and configuring that properly is a lot easier to maintain than having multiple, different, changing points that take continued vigilance to remain secure. Is it better to keep each device secure on any network? Sure.. but how many people have the time, patience, knowledge, and ability to do that? Not many.
AccountKiller
Step away from the bong, Sir!
That's just inviting trouble.
If "Something Bad" were to happen from your IP address, there -will- be a knock at your front door in the early morning. Trust me.
"Something" happened to my personal email server several years ago, and I had federal agents at my front door at 1am. I don't know what the heck happened - they wouldn't give me any details - but they seized my email server, and every computer in my household, even though their search warrant was only for the server. You don't tell them "no" - all that means is that they wait for the search warrant to be signed, and THEN they wreck your place searching. Much better for everyone involved to be cooperative.
Cost me thousands of dollars in a retainer fee to a lawyer, I had to take a polygraph exam, and it took almost 2 years to get all my "stuff" back. That was 2 years where I was fearful for my job, worried about keeping my family afloat, worried about just about everything. My wife lost ALL of her graduate school work, and had to re-do most of it to turn in her final portfolio. Talk about miserable.
And I STILL have no idea what that "Something Bad" was. And it didn't even happen at my house - it happened at my hosting ISP where the email server lived. It didn't matter that *I* didn't do it. I still had MY stuff taken from my, *I* still had to go take the polygraph exam, and *I* was still on the hook for 2 years.
So yeah - keeping an open wireless network is just ASKING for trouble. If you want to deal with federal agents in the middle of the night, well, be my guest. You can talk the talk about how you'd tell them to go away, and how they'd have no proof, etc. etc., but unless you've been there, you have no idea what you're in for.
Trust me.
There are already a number of organisations/initiatives around that actively encourage you to purchase their wireless routing products and then open up access to everyone.
I'm a member of FON, which allows you to allocate a specific amount of bandwidth for sharing if you're using one of their routers - say 1MB of your 8MB ADSL, which neatly overcomes the first poster's issue of not having enough bandwidth for their own nefarious purposes. After being a member of FON for 12 months they actually sent me three free wireless routers at Christmas, which I gave away to friends hoping that they too will join and share bandwidth.
There's another company I heard about, US based, that does something similar, but I can't think of their name right now.
However, I wonder about my ISP's stance regarding sharing WiFi for free with others. Does it violate their Ts&Cs? Do I care enough to actually find out? No!
Brought to you by the author of such childrens' classics as "Some Kittens can Fly!" and "All Dogs go to Hell."
unsecured wifi preferred!!! secure wifi provides little to no security and is at best an inconvenience to encourage users to buy their own overpriced internet connection
Bruce mentions FON, which has dual capability APs - with both an open and a private net. With a proper IP scheme, you could even firewall the Internet upstream, to block P2P when the source is on the open net.
I have a similar setup - but I don't have FON APs. I run an open AP, with all of my machines and services on an internal VPN.
"Flyin' in just a sweet place,
Never been known to fail..."
BS writes:
"The accused's chance of winning is higher than in a criminal case, because in civil litigation the burden of proof is lower. "
I am having a hard time parsing this sentence. Should it be "accuser's" rather than "accused's" or have I just got a mental blank about this sentence. Maybe change "winning" to "losing".
And in the end, the love you take is equal to the love you make
But I thought the best way to browse securely was have all traffic sent to your home server, encrypt it, and forward to the laptop. This was because you assume your home network is inherently more secure. With is approach, you are leaving your home network, including your significant others, at risk. Especially those who are not savvy enough to apply updates and maintain anti-virus.
While I understand the anonymity helps his secure network stand out, all those open networks are just waiting for a guy with a little time and knowhow to start doing many bad things, say, man-in-the-middle. Just because you are blending into the pack does not keep the lions from eating one of you.
Now then, it IS his network at home, so he can do whatever the heck he feels like. And I do understand his social aspects of looking at WiFi as another resource for the public. But that does not free you from liability regardless of how little or insignificant it may be or stupidly enforced.
To me, it sounds like he doesn't want to roll up his sleeves and do some dirty work with port-forwarding, SSH-ing, and proxying. With those, you can enjoy quite decent browsing while away AND understand that your weakest point is at home.
On an unrelated note, where does this guy live?
import system.cool.Sig;
I use WPA. Why? Because on my parents network, they want to use file sharing between their desktop and their laptop. On both mine and my parents, there are networked printers.
But I write down the password on the router, and anyone who visits in person is welcome to use it.
Does Bruce not use a home printer? Share files between home computers?
Test your net with Netalyzr
with ISP you've specifically agreed you wont do that. Get some integrity!
Would it kill them to generate a random password and put it on the router? I love how you can muck with their settings remotely. Lock them out so you have more bandwidth!
For several years, I ran an open connection. Nothing bad happened. I doubt anybody used it, because it was in an apartment complex with mostly older, non-tech savvy individuals. But it was there.
I have since moved, and found an open network in my area. I browse, chat, e-mail, do occasional software updates, and occasionally download free music. I stream a Sirius radio audio connection from time to time, but that is low bandwidth. No streams of pirated movies. No infinite queues of warez or copyright infringing music. No password sniffers. Not even a packet sniffer to see what else is going on.
I protect myself by keeping a close eye on all of my accounts (and keeping the list of accounts that are important to me SHORT).
Meanwhile, the sharing provides me with enough personal entertainment to make me justify to myself NOT paying for cable TV (I have an antenna, but the signal is mediocre). But that fact is good too, because it gives me more of an incentive to visit friends when there is actually something on TV that I want to watch.
So, yeah. Agree with Bruce. Stealing/sharing Wifi is the way to go!
And the guy who compared using an Open Wifi connection to downloading a mp3 that infringes on a copyright is an idiot. The Wifi connect is not a creative work which an artist created. It is a service/utility. The fact that it can be trivially shared (unlike phone, heat, or electricity) is a bonus.
Support the 30 Hour Work Week!!!
I'd like to amend your number 1 -- I want a scanning mode that doesn't waste my time telling me about all the encrypted or mac-address locked networks, and also doesn't waste my time telling me about the "open" networks that don't actually give me any access until I open a browser, try to load a URL and get redirected to their own little page where I have to log in with a code to show that I've paid for a 24 hour pass or some shit.
I'm not saying nobody should offer such paid public access points, just that I'm sick of having no way to know that they aren't really open without trying them.
If fate makes you a motorcycle, you become a motorcycle.
If you've got a router broadcasting to the world "I'm here! I'm open! I'm free!" and handing out DCHP IP addresses on request, using it ain't "stealing".
Kinda like having a doorman shouting "C'mon in!" to passers-by and handing full-access visitor ID cards to anyone who walks in.
Can we get a "-1 Wrong" moderation option?
I know certain other geeks who run around looking for unsecured wifi access ports and use them as they are driving. its weird how many people do not have a secure access point. one of my friends even has a tie that buzzes when he is around an unsecured access point...its rather creepy and funny at the same time. also, for those in the superspy business, http://www.thinkgeek.com/gadgets/watches/9313/ has a watch that can detect wifi points...perfect for the discrete wifi thief
In my college dorms when we see an unencrypted network with the basic "Netgear" or similar SSID we hop on it change the password and encrypt it and set the SSID to "Dumbass" after using it for bittorrent for a while of course. It will last like that for a few days until they realize they forgot the finish setting up the network. Most people now have their's fully encrypted and passworded with the SSID not broadcasting.
++
Sharing WiFi is fundamentally different from sharing copyrighted material. I don't get why people have an issue with it. If you clearly mark your SSID with something like 'FreeWiFi' there's not even a legal or ethical problem in using it.
I mean, with windoze (and linux, if you set it up that way) automatically associating with any open AP that advertises, is it really stealing?
In my neighborhood, there are a number of 'belkin54' and 'linksys' APs advertising default SSIDs and networks with no privacy settings.
Now, if you log in to the device (which likely has a default password too), and change any setting, that is definitely tresspass (despite the utter lack of security). But as far as just using it goes? How can you be accused of stealing something when it is automatically just given to you when you turn your laptop on with no nefarious action whatsoever on your part? Breaking WEP keys, although easy, would be IMHO stealing. Using a wide open AP that not only allows you to connect, but encourages it? I don't think so.
By providing free internet access, you are effectively saying that it's OK for someone you don't know to commit crime and to have no defence when the cops come knocking on your door. The "it wasn't me, it was someone else" defence stopped being credible years ago and could easily wind up with the freebe provider getting the blame for other poeple's criminal activity.
He says that he doesn't think "there's much of a risk". Ha!, let's see how far his "good manners" get him in jail!
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Needs the Touhou Hijack image macro.
See this example in the UK
http://news.bbc.co.uk/1/hi/england/hereford/worcs/6565079.stm
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
1. Clients (laptops) default installed wifi software (hint: Steve Jobs are you reading???) need a scanning mode which does not waste my time telling me about all the password or mac-address locked wifi basestations, and only advises me about open ones.
Leopard shows padlock icons next to locked networks. For at least two prior major OS revisions, you have the option to be told about open networks, and/or join them automatically.
Do you have any idea how much of a problem this is for IT people dealing with laptop-equipped employees, both from a security standpoint and a troubleshooting standpoint? (BTDT. User could not send mail half the time. Turns out his laptop was alternating between his network and his neighbor's. The neighbor's blocked outgoing SMTP.)
3. (Brain software/mindset change.) Americans need to stop reflexively calling sharing 'stealing'. You've been trained into this terminology by those who have already stolen everything and don't want you to get it back.
No, nerds need to stop reflexively assuming that common law doesn't apply to them. I remember 10 years ago listening to people justify [running exploits against / breaking into] computers they don't own, in ways eerily similar to how people justify using access points that do not belong to them that are connected to private networks that don't belong to them, which are connected to the internet via connections paid by someone other than them.
If I hand you the key to my car, that's "sharing". If I tell you "the key is on top of the left front tire, feel free to borrow it tomorrow", that's "sharing."
If I leave it in my driveway with the key in the ignition and the doors unlocked, that is stealing. And if you walk in my front door, your ass is still going to jail.
Please help metamoderate.
Stealing wi-fi is good and it will make the world a happier, greener place.
"Security is always a trade-off. I know people who rarely lock their front door, who drive in the rain (and, while using a cellphone) and who talk to strangers..."
/.)!
Plenty of people worried; "Oh someone might download kiddie porn and I would get blamed", "Oh, someone steals my information", "Oh, someone might download riaa music..."
If you walk around in fear of things that never happen to you, then by all means, lock your stuff down - even better, stay off the net entirely! Then maybe you'll feel safe. Oh wait, you don't want to feel safe, you want to be afraid and worry.
"This happens everywhere/all the time" - is a dangerous mindset when watching TV (or surfing
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
1. Clients (laptops) default installed wifi software (hint: Steve Jobs are you reading???) need a scanning
mode which does not waste my time telling me about all the password or mac-address locked wifi
basestations, and only advises me about open ones.
You need to upgrade to leopard. It shows a little lock next to the names of locked down wifi.
Like my Wi-Fi which I PAY FOR, I am also a good Canadian Citizen and I buy all of my music. When I am outside shoveling the snow listening to my music I don't want any of you listening to it. I paid for it damn-it, and it really pisses me off to see people walking down the street past my house and stopping to listen to the music that they didn't pay for.
OK so the music thing doesn't make sense, neither does the open wi-fi argument. If there is no security on wi-fi then it is OPEN, and using it is not stealing unless you have to trespass to get it. However as soon as there is some sort of security on it, even if it is a stupid password like 'asdf' then cracking the password and using it is theft.
In a college town.
If somehow my router got reset by one of my roommates and was then unprotected for a short time, eventually my network would slow down to a standstill from all the people trying to download crap through my connection.
At my house in Suburbia, I agree there is no problem at all.
Since maybe joe public is unaware of these things and maybe not inclined to know these things and would rather just switch the thing on and get online, stealing their wifi would be exactly that, stealing. It's not informed consent. You could argue that by not securing their network they are asking for it but that's akin to saying if you left your house door open people should feel free to walk in and use your home.
A better way would be to have encryption on by default and have the password printed in the wifi router/inside box and those who want to share freely should have to take action to broadcast an unencrypted signal.
---------------
go hang a salami, I'm a lasagna hog
Someone started running his own DHCP server on it and caused other random disruptions. I've moved since so I may consider re-opening it.
Schneier is a pretty clever person. From my reading of some of his cryptography books, he knows a lot of tricks.
Open WiFi because it's a security risk? That sounds supportable on the surface, but it's just asking for trouble, and Bruce Schneier ought to be the first person to tell you so.
Then why is he espousing the controversial option of an open network? The answer may be obtained by following the money. Schneier propaganda leads to more open WiFi everywhere leads to ISP's raising cain and justifying higher prices leads to closed WiFi but the prices stay high. After all, it's sad world with a poor investment market of an election year coupled with skyrocketing fuel costs, weakened currency, war costs, and unemployment so a price increase was in the works. Throwing the issue of too many open WiFis in the face of consumers is a simple strategy to spike the bill across the board without fearing cancellations.
Don't be fooled.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
Sharing your wifi AP is also a way of helping your neighbors who cannot internet access.
Bearded Dragon
Lingering unsecured wifi broadcasts are part of an available service. Albeit, someone has paid for the Internet Access and extended it so it's is 'freely available', it's still an available service. Also, is it stealing if I purposely leave my wifi open for all to use?
Making use of that service however, IS NOT, as you claim, the same as downloading copyrighted music. Unless you are downloading bit for bit wav files directly extracted from store bought CD's, everything else you 'freely download' where-ever available, is a lesser derivative work and has lesser monetary equivalent of said copyrighted work. Meaning it is equal to LESS than that of what you would pay for it in a store. (If you like, I can destroy any argument anyone has against that claim)
Answer me this. Can you take unsecured wireless from your neighbor, across town, out of state, or out of country? I didn't think so. I see people make this argument all the damn time concerning 'stealing'. Stealing, if you can call it that, 'unsecured' wifi access from your neighbor is a whole hell of a lot different than 'stealing' copyrighted songs off some website in Eastern Europe.
You know this, anyone with half a brain knows this, so stop making the argument that it is! The only thing you do by making that argument is annoy people like me, and put the idea that 'stealing' is 'stealing' is 'stealing' disregarding what context, intent, and value something has or doesn't have.
I have a Netscreen 5GT-Wireless which lets me setup more than one SSID, plus rate limit and control services.
I have our home ESSID which is WPA2 protected and has no limits on it.
I have another SSID called "Free Web And Email" which is limited to 256kb/s and only allows DNS, HTTP, HTTPS, POP3, SMTP, Secure SMTP, IMAP and IMAPs.
Lots of people connect to it and use it for exactly it's name. It's rate limited so that they can't take all our BW and it's port limited so they don't ruin it for the others connected to the Free AP by running Bittorrent etc. Though its limitations obviously wouldn't stop clever people.
I'm amazed at how many people connect to it on a regular basis. There's a few people that obviously use it for all their Internet requirements, while I get a lot of random connects to it as well.
It's also handy for my PSP, which doesn't understand WPA2.
I think handing our Free Wifi is a great idea, though I'd be loath to do it without being able to have good control over it as I do. I wouldn't do it with a simple AP that gave me no control.
...but the legal threats are too much for me to handle. I live in an apartment complex with dozens of college students, and I don't want to be threatened by Viacom when someone downloads video on my network (as has happened to others I know).
However, there are other ways to support the notion of universal, free wifi access that seem more effective. One example is Eben Moglen's experiment to undermine Starbucks's "pay ridiculous amounts of $ for our wifi" scheme, outlined in his Die Gedanken Sind Frei speech. Seems like you could get Starbucks clientele themselves to pitch in for open wifi networks within range of the coffee shop, rather than pay Starbucks (especially if you flyered out front about the benefits). It probably wouldn't be difficult to get neighboring businesses behind it either, since they'd be able to host a wireless network in their own business for free (that is, if you got enough donations).
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
You ask for an IP address and router address. You're given one. You use it.
Doesn't sound like you just typed one in and got through without asking to me...
err, how much did you pay for your acid? Seems it's working better than mine.
the significance of a signature is insignificant
Posting as an AC here for obvious reasons...
We don't have the luxury of being able to use anything stronger than WEP, thanks to the idiots in my wife's employer's IT department. Their VPN implementation *requires* WEP (or ..gag.. less) on any client trying to connect. So when my wife works from home, she's either forced to use a wired connection (not possible, actually) to our cable modem or just depend on the kindness of strangers.
We tried explaining to these dolts that we're making our home network less secure to accommodate their silliness, and that they really really should try to allow us to use WPA or WPA2. The dumbasses just state blankly that, well.. the connection into the corporate VPN should be secure anyway, right? (Translation: "[blank stare] But this goes up to eleven.")
That has nothing to do with sharing. Sharing means it's the owner that does it. In this case it's the owner that shares his wifi access point and his internet connection. No one is forcing him to do that. The standard access protocol for wifi handles permission perfectly fine.
We still have capped internet, so that would just mean you hit your 3gb cap in a few days, plus the fastest internet we have is 4mbps, so your downloads would take forever if you carried a few piggybacks along...
Seven Days with Ubuntu Unity
Slashdot would suck if everyone had to call Rob before they felt they were allowed to use his web server.
Wait! You mean I don't? Shit! All those wasted phone calls!
My response to TFA:
Well, sure. And when someone comes to visit my house, I let them in. That doesn't mean I leave my door unlocked.
If people are actually my guests, I'll give them access. Otherwise (if they're outside in a car, say), they don't get access.
Not all coffee shops have free wireless networks. Technically open, but I remember Starbucks wanting to charge something for it. And it's a network you have to share with all the other potential spammers.
But think more like this: Any potential spammer could simply find a small, wifi-capable device with a nice battery, and drop it outside your house. They could simply wardrive around, dropping these things off... Alright, iPhones are not cheap enough, but you do see the point, right? And finish it up with a cup of coffee and a scone.
This is America. It's supposed to be that they have to prove your guilt. You don't have to prove anything, you're assumed innocent.
Indeed. But with closed wifi, you don't have to be as concerned about a desktop, which simply won't be on those other networks. (A laptop will.)
Not really. For a laptop, I generally lock things down tight, run Linux or OS X, precisely because it has to be secure. But I play games on my desktop, so I have to be able to boot Windows. Even if all major OSes are equally secure, I am much more knowledgeable about Linux security, so Linux is more secure for me.
That's how I'd set it up, actually. In fact, left entirely to myself, I'd set up an open wireless network, and I'd VPN back to some server behind the router (or some server which has a wireless card). The open network would have bandwidth limits and such, and I might occasionally play pranks like upside-down-ternet, or more malicious man-in-the-middle attacks.
Unfortunately, I'm not left entirely to myself, and the people I live with blamed my Linux router for several problems. I gave in and let them go back to the same old wireless router, which is the last thing between me and the Internet. I'm not really sure of a better way of securing it than crypto, in this case.
Don't thank God, thank a doctor!
If I understand correctly, sending things like credit card and bank account numbers over an unsecured WAP connection is particularly risky. Granted, the author makes a good point about the likelihood of someone with a packet sniffer hanging around one's neighborhood vs. a coffee shop. But is it worth the risk?
"Ask not what your country can do for you." --John F. Kennedy
It is a trade off, but the benefits are nil and the consequences can be very severe even if the probability of facing those consequences is low. Things on TV don't have to happen 'all the time'. They just have to happen to you.
Schneiers examples are simply specious. In places where it is remotely safe to leave the front door unlocked the worst consequences are generally a few thousand dollars in lost possessions. Talking to strangers is not only a necessity, but has great benefits and really has no consequences - those looking to victimize people will victimize them whether they speak or not. (Con men and the like still have to get past your reasoning, so talking itself is not a risk.) Driving in the rain is a poor example since people are still very much in control when they are driving in the rain and are also protected by their vehicles.
Now, if he said driving in the rain with no hands and the doors open while talking to strangers on the phone, he might have something.
The agreement for almost every ISP in North America specifically states that users are not allowed to do this. Furthermore, only a complete fool would leave themselves open for lawsuit by doing this. Even using the worst WEP encription is all you need to protect yourself from being sued, as anyone who cracked your WEP key to use the network would have broken the law and ciminally trespassed on your network, thus you are not liable for their activities AND YOU can SUE THEM for damages.
This is not a pie in the sky, rainbow joyous world - people do shitty things to others every day. Forget what this idiot is saying about leaving your network open for others to use and protect yourself. Feel free to give your log in information to friends that you trust, just make sure to note their MAC address, so you can point the authorities in the right direction if need be. No need to be a martyr.
Since we've been practicing good computer security all along, none of that will affect us. Do you imagine it's any safer to use the access point at Starbucks?
You mean the same ISP that agreed to give me unlimited downloads but cancels my service if I pass their secret limit? The same ISP that sold me unlimited high-speed but throttles it back for certain applications? Who is that needs the integrity?
Support Right To Repair Legislation.
When I read this story I was reminded of this other recent story;
http://news.bbc.co.uk/1/hi/entertainment/7174760.stm
The parallels are obvious. Person reveals what should be private in public media to prove a point, scoffing at the dangers. Can we expect the same result? It certainly provided much amusement the first time.
I once set up a WPA-locked wi-fi with an SSID of "Call5555550000ForThePassword", just so I could have a physical link to other person or persons (or at least independently-operating groups of people) that wanted to use my wireless.
It was only operational for two months in a college apartment-type place over a summer, but I did get one call!
Why steal when you can just share?
There are initiatives to "wire" entire blocks/cities via wireless.
For example, check FreeTheNet.
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
If you let someone borrow your car and they run over a pedestrian, is it your fault? If not, then how would you defend yourself except to claim that you weren't in the car at the time? If so, then why should it be the same for wireless networks?
Shouldn't it be unsecured wireless and not insecured wireless. I mean if my wireless has any confidence issues it should have been noted in the manual.
I'd like to add useful monitoring capabilities to that list.
I like your idea of subnetting from the WAP; I would definitely use that if I were to share my connection with my neighbors. I'd also want to know how much traffic is going through each network.
If such a monitoring capability exists now, could anyone recommend an app that does this? I'm going to try an app called NADetector when I get home.
"Ask not what your country can do for you." --John F. Kennedy
A different password works fine for Joe User and his gadgets, but he won't care about logging into the access point anyway. It could be to default to physical only for admin access, but that would be a problem for admins who don't have cables handy.
You paid for the connection, you are responsible for it. If someone uses it to download illegal content who are the police going to chase? The person who actually carried out the download (effectively untrace-able) or the person who owns, and is responsible for the connection.
The ISP will have a record of particular URIs being accessed from your connection. That will be seen as proof. Unless you can prove that someone else downloaded the content (very difficult) you will be held responsible.
America, Home of the Brave.
Check out http://meraki.com/ !
:T:R:A:N:S:
Yes, but now imagine that someone in your area uses an explosive mixture that includes sugar. To quote the Wikipedia page on ammonium nitrate/fuel oil, " It was found by the IRA, in response to using low brisance AN fertilizers, that "hot spots" can be created by blending powdered sugar into the ANFO mixture, effectively sensitizing the mixture to mining-standard prilled ammonium nitrate effectiveness in which the interaction of the detonation front with a spherical void concentrates energy. Blasting-grade AN prills are typically between 0.9 and 3.0 mm in diameter."
Now have fun explaining to the police that you bought sugar in far greater quantities than you need, just for the sake of giving it to neighbours. Especially if you're in a rural area and have bought diesel fuel (e.g., for your car or tractor) and fertilizer grade ammonium nitrate too.
Sure, they'll probably release you eventually. Or maybe not. There have been real people that landed in jail because they had been playing cards and some test found remains of nitrates on their fingers, which could have also meant they handled explosives.
But ok, let's say they release you eventually. The fact is, you've been put through a rather stressful situation, for what? Just to make a point that sugar should be free?
That's my problem with Bruce Schneier's rant. He acknowledges that you _will_ be arrested, they'll confiscate your computer, etc, when someone traces kiddie-porn traffic to your computer. And that the typical defense attorney will advise you to try to get a plea bargain (read: declare yourself guilty, even if you're not) once you've been accused of paedophilia, because the deck is very stacked against you at that point.
But he thinks they'll release you eventually, because your network was obviously open to all.
Even believing that you _will_ be set free, that'll be _months_ of stress and inconvenience. Probably expense too, because if you're about to be convicted of something like that, which will be following you around your whole life, you probably don't want to entrust your fate to the cheapest lawyer someone else could find to represent you. You'll probably want some technical expert to testify there, because otherwise the jurry _will_ be told repeatedly to think "omg, kiddie porn from his IP means it was him!!!" Etc.
And there'll be people who still think it was probably you, but you just were good at bullshitting the jurry. You might find that several newspaper and their readers have already judged you and decided you should be burned at the stake, before your case even got before the real jurry. You might find that a bunch of neighbours and village/suburb gossips are already going by the age-old adage that there is no smoke without fire.
But, ok, let's believe you'll be free after all, and your neighbours don't run you out of town anyway. But that's a few months of your life that you're not getting back. Was it worth it?
That's my whole objection.
And for what? Broadband is dirt-cheap nowadays, plus one can surf from an Internet cafe, or just go drink a coffee at some joint that offers free WiFi access to their customers. It's not like you're providing water in Sahara, or a warm shelter to Eskimos. As charitable acts go, this one ranks very low on my scale. Anyone who can afford a laptop to go wardriving with, can afford the token price to go use an Internet cafe instead. Or they can afford some data plan over their cell phone, if they don't want to still get their emails in another town. So exactly what great act of charity would I be doing there? Whose life would I be making easier?
Unless, yes, they were surfing for illegal stuff that they can't jolly well browse for in a crowded Internet cafe.
Do I want to take extra risks for _those_? Even if I were sympathetic to the plight of poor souls forced to surf for kiddie porn with a laptop over someone else's connection, which I'm actually _not_... Fuck that. I'm not going to risk _my_ arse just to provide them with yet another unsecured access point.
A polar bear is a cartesian bear after a coordinate transform.
Hey, how about that? Here's a link an article about it.
"The IP address simply can help you know who paid for the internet access, but not who was using what computer on a network. In fact, this even had some people suggesting that, if you want to win a lawsuit from the RIAA, you're best off opening up your WiFi network to neighbors. It seems like this strategy might actually be working. Earlier this month the inability to prove who actually did the file sharing caused the RIAA to drop a case in Oklahoma and now it looks like the same defense has worked in a California case as well. In both cases, though, as soon as the RIAA realized the person was using this defense, they dropped the case, rather than lose it and set a precedent showing they really don't have the unequivocal evidence they claim they do."
Well, whaddya know?
I don't even own any WiFi equipment for fear of someone using my connection to do something questionable...but now maybe I will buy one. Nothing like a get out of jail free card, y'know?
Weaselmancer
rediculous.
I leave my WiFi open. I mean hey, why not? I think the practice started somewhere in a college apartment, where there are 12 unsecured APs that break just often enough to make paying for your own internet connection worth the while. Anyways, I broadcast my SSID for all five of my neighbors that are close enough to borrow the bandwidth. If they get out of hand and I start to notice my own performance dropping, their MAC gets banned.
I'm sure there are many reasons why I should have it locked down, but it's easy enough to share so I do. I think the internet should be free, so I'm doing my very small part.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
Here in the UK, British Telecom has partnered with FON to sell global WiFi access.
That's a pretty big endorsement of WiFi sharing from one of the main players in the UKs broadband market. When you think about it though, it's a huge added value with little investment. Smart move on their part I think.
Python coder | PyQt Applications | Writer
mod parent up. This is exactly the kinds of solutions we need.
I used to keep my WiFi router secured. But then there were some days when I couldn't connect from the other end of my apartment, and it was real handy to go through neighbor's unsecured WiFi. This convinced me that it was the neighborly thing to do and opened mine.
We know where leadership by an anti-intellectual "strongman" who scapegoats minorities and likes boisterous rallies goes
The whole idea of using the fact that you have an open network as a defense if someone commits a drive-by wireless crime is ridiculous. First off, you'll be having that argument about your guilt or innocence after all your computer equipment is seized as evidence--I don't know about you, but if all my home computer were gone I'd have a tough problem keeping my job. Also, many people around where I live have the kinds of jobs (security, finance) where the minute you're arrested for something series, you're fired, regardless of whether you ultimately are innocent or guilty.
If I were as awesome as Bruce Schneier, I wouldn't worry about such things. But since I'm not I keep my network closed.
I've kept my mobile numer as SSID. If anyone needed wireless they could call in for the password, none did. After one year switched to FON ( http://www.fon.com/ )
hm, you can do the same thing with wired computer, just run SOCKS server on standard port with no authentication..
who knows, maybe someday internet will be 4 3..
Bruce Schneier is quickly becoming the next John Dvorak.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
In much the same way as here in the UK it's damn difficult to get anything other than an 8Mb connection. And I can't pay per GB either, it's a limit of 5G or 3G or 20G. So if all I want to do is read the dozen emails a day I get, why can't I let someone else use the instantaneous bandwidth and transfer allowance I'm not using? Just use ntop/packetshaper, etc to work out when I've used it up and stop sharing. Start sharing when I've got new allocation
I expect many of them have clauses about only people in the household can use the connection, so at worst you would be violating the ToS of your ISP.
"You're in on it, right, Mr. Deaver?"
"It's all over, son. This phone call has been traced and whoever you are, you're history."
"Well. So be it. Hallelujah." [lies back in his chair]
[Mazz stands and looks desperately at people]
"Shit. Don't just sit there, man. Run!"
[Police cars stop outside a house]
"Don't worry about me. I'm all right. See, I'll bet what's happening out there is that the police are busting some poor little old couple unknowingly supplying me with my phone feed."
"There's a phone line coming into the shed here."
[opens the shed door]
"There's the transmitter... which means the receiver could be in any house within a thousand yards of here."
"I am everywhere! I am inside each and every single one of you. Just look in, and I will be there, waving out at you, naked... wearing only a cock ring. Wow, time flies when you're on the run. I'm gonna cut out now with this unusual song I'm dedicating to an unusual person who makes me feel kind of... unusual."
Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
"insecure" is bad. "open" is good. It's an "open wifi network" not an "insecure wifi network."
Don't piss off The Angry Economist
If I open up a network, at a few strategic locations, to local freeloaders what kind of (???) profit is there to be made in selling traffic analysis information to local marketing/advertising groups?
I stopped running a neighborly open AP because the 60 year old neighbors next door thought this meant I was their new computer guy... it started inocently enough... their son figured out I was running an open AP, I said I was cool with them using it... but then the problems started, their signal was weakend by new AP's popping up, they'd get spyware, a website would be down... its tough to tell off the nice old lady next door... so when I moved I avoided it by adding a PW...
I have recently bought a Nokia internet tablet, and I was surprised by just how many networks are open. I can pretty much go to any suburb and use my device on someone else's network if I want. And you know what? It's great! If I am lost, I flick open my device and load up a mapping program and viola, I can find my way again. It also means I can check Slashdot from anywhere ;).
This is all part of the "It takes a village" thinking. We're all responsible for everyone else. Of course it is nonsense, but it appeals to a certain mindset.
The problem is that this mindset is taking hold in courts and legislatures.
I was going to say this was an analologists wet dream, until I realised that a) analologist isn't a word, and b) if it was I don't think it would mean what I was thinking.
Anyway: Can we quit it with all the analogies of whether using open WiFi is like stealing your neighbours spade, car, air supply or daughter? WiFi is never going to be that much fun and just because we actually have a chance of doing it, it doesn't mean we have to try make it sound better than it is.
If someone's wireless network is open by accident/misconfiguration that is using something without permission, and it's wrong. Bandwidth is a finite resource and you're using it up and not paying for it, without permission from the person who is. If someone's wireless network is open on purpose (which this article was talking about) then that's not stealing, and it's not wrong: because they're implicitly saying they don't mind paying for you "a bit".
I guess it's kind of like how I don't mind you all breathing in, as long as you promise to breath back out again eventually.
Oh crap, I came.
Python coder | PyQt Applications | Writer
I guess you guys still don't have those in America. Here in Australasia, they're ubiquitous: you pay a monthly fee for a data rate, and that comes with X 'free' gigabytes of data transfer. If you go over that, you pay for another block.
It's a nice, neat, simple system and works well, but it means that if I open my home WiFi to strangers, I'm not just providing a free service, I'm making myself directly financially liable to the tune of $1/GB in over-usage charges if someone fires up BitTorrent.
Maybe that's not so bad, but I've seen torrents chew up over 5 gigabytes in a couple days (upload and download traffic gets billed together) when left running. I'm a good neighbour, but do I *need* to finance someone else's illegal DVD rip collection if it costs me a couple hundred or thousand dollars a year?
You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
It would be nice to be able to see, at a glance, which networks were using AP isolation. That would essentially achieve 2.
Vital papers will demonstrate their vitality by moving to where you can't find them.
Small problem - you walk into any airport or large hotel today and you will find a computer-to-computer wireless network called "Free WiFi" or something similar. This is a program designed to steal stuff from YOU. You connect to it and virtually everything you do will be captured.
If you can't tell the difference between infrastructure and ad-hoc WiFi connections you are just asking for trouble looking for free WiFi.
2. Basestation/routers need a simple-to-configure mode where they will let others into a separate
subnet that goes straight out to the Internet but does not see my home computers directly.
Easier to just have a single open-access mode, and configure your own laptops to VPN into your home network. Also better alignment of the incentives.
-scott
just look at german "freifunk" [1], they even develop routing protocols [2,3].
[1] http://start.freifunk.net/ (german)
[2] http://olsr.org/
[3] https://www.open-mesh.net/batman
It's all about risk management.
- Chances of someone "borrowing" my wifi connection - possible
- Chances that it used for something illegal - quite unlikely
- Chances that it gets noticed, traced back to my IP and my door gets kicked in - extremely unlikely
Factor in the convenience of leaving my AP open, plus a nice warm fuzzy feeling for sharing, and I think the rewards are worth the tiny amount of risk.
Could a series of interconnected wi-fi networks provide an alternate internet distribution to the telecom companies? I've been wondering about this since I read a piece suggesting you could make your own radio network by exploiting the short-distance broadcasting you're allowed to do by developing a series of receiver/booster stations. In Australia there's been a lot of debate about how and who is going to replace the ageing copper telephone network with something better suited to our 21st century needs. So I'm wondering if you had enough people with open wi-fi networks receiving then boosting, could it be possible to avoid having a telecom company own the new network since the government is loath to get back into the business of anything other than regulating a network?
If you leave your network entirely unsecured so that all the users using it are sending their data unencrypted, then are you really doing a kindness to your visiters? I mean you are essentially offering them a way to be unprotected from snooping and various other attacks. Maybe in a house with lots of distance between you and your neighbors you can expect that no one nearby is messing around, but in a city where you can easily pick up 20 AP's in an apartment building, its easy to ACCIDENTALLY be riding on an unsecure network.
I once used WEP to protect my network until I noticed that my bandwidth was starting to suck. I sniffed the traffic to see which of my machines was being problematic and discovered some neighbor eating my bandwidth.
On the other hand, I once booted up a laptop with an ubuntu installation disk, and it immediately got internet connection. It took a few minutes for me to notice, because I had WPA and it required me to download something to get internet, and then I realized I was already online. Someones open network picked me up.
I am not paranoid, and I like the idea of sharing, but I now use WPA and don't broadcast my SSID. I know its not enough for a serious hacker, but its enough for anyone who is just looking for an easy target.
And FYI I handled wireless network security for a lawfirm, and it required some very significant investment in hardware and software to protect our network while allowing for our guests.
What would be nice is for your average accesspoint to provide multiple vlans and allow you to rate limit free access, and create whatever other logs, while fully encrypting your internal network. Add some timed hotel features in the mix... Of course that stuff ends up costing a lot of money enterprise level even though its trivial technically.
A network is made up of hosts. Secure your hosts. If you have laptops come and go in your home.. secure your hosts.
The biggest threat to your 'network' is coming through that little dsl router (or whatever). The immensity and anonymity of the Internet is where you are exposed to every threat in the world. Not in the lobby of your building or your back yard. There is no comparison. Secure WiFi is just to give you that good feeling.
Wired or wireless, there's nothing I can do to stop my stepfather from clicking on every dodgey pop-up or installing every spyware ladden toolbar and plugin that presents itself to him. Sensible habits on the Internet are what's needed.
I have never used anti-virus software and never will. It makes you a lazy consumer instead of a participant on the Internet.
www.fon.com
You share your wireless only to other people who do the same. If somebody comes along who doesn't share their wireless through Fon then they pay you and fon for the privalege. You can limit the bandwidth of people sharing your connection. In addition the access point broadcasts two signals so you can connect to the secured one.
Bruce jumped the shark for me when in the comments section of his blog he dismissed state election voter ID requirements because voter fraud probably only accounts for a few percentage points here and there, as if that's not enough to sway an election.
If you don't know, this is the very issue that was argued before the U.S. Supreme Court yesterday (Indiana law requiring government issued photo ID to vote). I agree with Bruce's POV, but his argument is NOT STRONG ENOUGH.
In-person voter ID fraud doesn't "probably only account for a few percentage points here and there", but per the appellate arguments, there has not been one single identified case of in-person voter ID fraud in the history of Indiana. NOT ONE.
Great article on the subject posted on Tuesday, before the oral arguments. Written by Walter Dellinger, one of the premier Supreme Court appellate attorneys, who is representing Washington DC in its upcoming Supreme Court case regarding DC's gun control laws. The first such case in the last half-century.
---
"A law said to combat voting fraud by imposing the modest task of showing an ID may seem at first impression to be both sensible and fair. But this law is neither."
"First and foremost, Indiana's law is a "solution" to a problem that doesn't exist. The voting fraud it purports to address is illusory. And the means it employs needlessly make it far more difficult for some citizens--especially those who are low-income, elderly, or lack easy access to transportation--to vote."
"Because a photo-ID requirement exists to prevent a type of fraud that appears to be imaginary, the requirement would be hard to justify even if it imposed only a minimal impact on legitimate voters. But a photo-ID law in fact imposes substantial burdens on the right to vote."
...and you get the score of 5.
I guess people only want to give mod points when they agree with what is being written not necessarily if it offers a unique perspective.
...I would do that.
OJ, ISP, whatever. It's what makes a free society work!
There is a MAJOR difference between wireless network and wired network. Suppose someone is doing an unencrypted transaction (say, shopping online with a vendor with no SSL), and a hacker wants to sniff the cc#. With a wired connection, he needs to get through some sort of physical layer say break a lock to the local phone box. We can debate whether a particular physical layer is security at all, but chances are the hacker will leave some physical evident behind. On the other hand, an unprotected wireless network has no such physical layer. And I am sure a talented hacker can obfuscate the software log.
Sure, unprotected wifi is everywhere. But when using it in a cafe, shouldn't common sense (I know, we need more of that around) dictates that we should be careful not to send out sensitive information unencrypted (I NEVER access my ftp server from an open network and double check for the SSL icon in my browswer, for example). So in public, I try to gain security at the loss of convenience. At home, OTOH, is where I expect to have higher convenience. So securing the network makes sense.
Now about the legal argument (IANAL). For a cafe owner, he/she can argue that many people uses the network all the time, so it is not possible to be held legally responsible. Whereas in a home network, users are often few in number. So it is HIGHLY likely, to others anyway, that the owner is the one reading the kiddie porn. Here's my bad analogy: suppose an escape fugitive hid in a Mall and was later found, nobody is going to hold the Mall owner responsible because there are so many people goes in and out the Mall; but if he hid in my home because my front door is open, people will suspect (and rightfully so) that I know the fugitive and is helping him.
I'll keep my network secured, thank you very much.
The only possible interpretation of any research whatever in the 'social sciences' is: some do, some don't
The RIAA has conducted about 26,000 lawsuits, and there are more than 15 million music downloaders. Mark Mulligan of Jupiter Research said it best: "If you're a file sharer, you know that the likelihood of you being caught is very similar to that of being hit by an asteroid."
Over 1 in every 1000 people is going to be hit by asteroids! Crap!
# (/.);;
- : float -> float -> float =
Did they deactivate W.I.R.E.D.site comments due to traffic overload? :o)) rotfl
:o) And everyone's free to choose for its own best comfort of use and security settings - of course. In Europe legal constraints look more loose than in the US though.
;)
;-)
:-p
"You've been slashdoted!"
Here it was:
Yes, stop the paranoia and let's dare share. Here's my experience about it and I also joined FON last year : http://www.ozons.be/
(Seldom anybody connecting to my free AP while I was sharing/monitoring it anyway!
The problem here in northern Europe is about "predictability" : you know for sure you won't easily find a free wifi access or even in a café... So you just can't rely on it and don't use mobile networking so much which is a pity (same situation for 3 years, evolving very slowly) GSM 3G/3G+ unlimited accesses are catching up (in France) and will beat wifi or wimax as it goes.
The weather also has its impact on it : FON is developing fast in Spain where you just can go around and temperatures are ok 10 months of the year... While it's not very popular and appealing in Belgium or even less in Scotland/Sweden where you barely stay outside!! (nothing against Scottish though, just an example
The experiment in Oulu, Finland is interesting{another comment describing citywide free wifi). ISPs must not be very happy about it? Well only they get their revenues from the city instead of individuals. It's Welfare State applied to ICT technologies - after health care.
In the end it comes down to our very relationship towards others and our society as a whole.
(Same example with Chicago{+} / New York{-} trust perception difference mentioned in another post. It's all in our heads!?
Are we willing to share and trust other unkown people? (And the other way around : will those/we people be gentle and not abuse sharedAPs in terms of bandwith and usage?) Or do we mistrust and fear "the others"/"aliens" outside and just barricade behind firewalls/fences?...
Everybody (and History?) has its own answer...
As The Beattles would say : "All you need is love, tu tu du du du !..."
Thanks Bruce for the article and indeed, let's try and make the world a better place!?
paranoids and losers.
He put his boots up on the table and made a face. "The sig," he smirked. "You can waste your life in search of the sig."
Something I've been toying with is setting up a node on my network for public access. I already have private access that uses WPA and MAC filtering. Why not get a cheap computer, setup Debian on it then install Squid Proxy and DansGuardian. That way Squid can go by address, while DansGuardian goes by content. Then put a WAP in front of that and leave it wide open.
That way I maintain open access will protecting myself from liability. That's the only way I'll do it. Oh and did I mention that SP/DG box will also throttle bandwidth. Maybe offer 5mbps on that pipe.
I find that botnets are hacking wireless and not people... and for what purpose? Spamming probably.
Plus what if someone sends death threats with my I.P. and I get blamed?
The truly tech-savvy will open up an SSH tunnel to their server and run everything through that.
"Those who consume the bulk of goods are those who make them. We must never forget this secret of our prosperity."
I noticed one of our neighbors named their WiFi station "VirusFarm". I thought that was a clever way to discourage people from mooching their bandwidth!
Look what happened to the British TV host Jeremy Clarkson when he said "steal these bank details".
that no matter how brilliant my comments are they are rarely modded up. I am a partner at a CPA firm, an investment advisor with a significant amount of wealth under management, I am the partner over IT at the firm I work at, and my number one hobby happens to be listening to music. I usually legally obtain about 50 records a year in a variety of genres, but primarily the so called "indie" genre (via WFMU) - I have some unique perspectives there relative to people on slashdot. I am also a theist. I make a pretty decent income.
All of these unique experiences seem to bump up against some kind of groupthink expertise that I only participate in for the same reason I bite down on sore teeth.
I am glad you've found a forum where generally people agree with you.
I was somewhat surprised by this article, because "stealing wifi" is a 3rd degree felony in Florida (where I am). And yes, there have been prosecutions. There is no requirement in the law that the AP "be secured", only that the access was unauthorized. This automatically makes the person "stealing wifi" guilty of a crime, and protects the owner (somewhat) against liability for other illegal acts committed while in commission of the first illegal act. And no, simply being unsecured is not "permission". My lawn isn't secured - it doesn't give you the right to park on it...
As for #1, Mac OS X 10.5 Leopard now includes a little lock icon in the AirPort menu for secured networks when you're going to choose a wireless access point. So they've addressed this in the new system :) If you're stuck on 10.4, you can use a scanning widget that will do something similar. And if you're stuck on 10.3, you can use MacStumbler, a great utility (PPC only) that will tell you as well.
If Bruce's wireless network is insecure as stated in the introduction to this topic, I am sure that there is some sort of virtual therapy that can help his wireless access port with its virtual emotions. If not, surely our Congress' time would be better spent writing bills to provide publicly funded grants to some university to research the psychological well-being of computer brains than it has been spent writing laws to control and limit the use of technologies they don't even understand. If, on the other hand, Bruce's wireless is unsecured, that should certainly not be the business of the United States Congress. If his ISP feels cheated or slighted, that should be settled in a civil trial, not a criminal trial. Dale