Some 12% of Consumers 'Borrow' Unsecured Wi-Fi

alphadogg writes "Despite the fact that it's often considered an illegal act, a sizeable percentage of the UK/US internet-using population 'borrows' unsecured Wi-Fi access. This is according to a study conducted by the group Accenture. 'The Accenture study found that computer users are still engaging in some unsafe computing practices. Nearly half of all respondents said that they used the same password for all of their online accounts, and only a quarter of them have ever encrypted files on their computers.'" My guess is the actual figure is higher than that.

news..

[thermian]

This just in:
People on the internet 'steal' stuff they should pay for.

Re:news..

Why can't I use a negligible amount of bandwidth when you are not using it? The same reason you can't use my car when I'm not using it. I pay for it and I don't want to share with strangers.

Maybe that sounds selfish, but it doesn't matter. If you can't afford your own connection - tough. The internet is a luxury, not an entitlement.

Re:news..

[B'Trey]

No problem. Don't park your car on the street with the keys in it and with someone standing there offering to open the door to passer-bys who want to go for a ride. If your wireless connection is unsecured and offers DHCP configuration to anyone who wants to join, it's an open invitation. Basic security and MAC filtering are easy to configure. They won't stop a determined or knowledgable hacker, but that isn't the point. Anyone who's hacking in knows they're intruding where they aren't wanted and are committing an illegal act. But if you leave it wide open and the welcome mat out, then don't be surprised if someone makes use of your network.

Re:news..

[SatanicPuppy]

Horseshit.

If I left my money, house, or girlfriend available on your property, I wouldn't really feel like I could complain if you helped yourself...That's what these people are doing. If I have a neighbor whose signal is strong enough to cause interference on my equipment, I feel no qualms about using his service.

If the WAP isn't even trivially secured, then that's an open invitation, same as having an FM radio signal crossing my property is an open invitation to monitor it. If you don't want other people to use it, don't leave it wide open.

Re:news..

[AlterRNow]

Note to self:
Don't forget wallet at this persons house or let my girlfriend visit it alone.

:)

Re:news..

[Hoi+Polloi]

I lost my original reply when my neighbor turned off his wi-fi router. Some people are so rude.

Re:news..

[Naughty+Bob]

To me stealing Wi-Fi is a bit like stealing a pizza out of somebody's grocery bag. Silly. Stealing Wi-Fi is not just silly, it's pointless.

I don't know what it's like where you live, but wherever I need to use wireless, I just use that free and ubiquitous 'Belkin 54g' network.

Re:news..

[billcopc]

This knee-jerk debate always comes down to one thing: broadcasting.

If you leave your front door unlocked, you're probably not standing on the porch yelling "Free house, come and get it!" and handing out name tags. If you do, then you can't turn around and claim the guests were trespassing.

If you install an unsecured Wi-Fi gateway with DHCP, the device is yelling to everyone within 100 meters "Free network, come on in" and handing out IP addresses to any takers. It is _YOUR_ responsibility for leaving it open.

The argument against locking routers down by default, is that it's too complicated for the user. Bullshit! People use locks and keys all the time for their home, car, office, filing cabinet, safe deposit box... all things of value they wouldn't want to have stolen. How is your private, personal network any different ? If you don't want people poking around your shared files and internet access, then put a freakin' lock on the thing.

I have no pity for people who fail at common sense. Just because it plugs in the wall doesn't give you an excuse to be stupid.

Re:news..

[mini+me]

In the real world the assumption is that you do not touch someone else's property without permission. However, on the internet the reverse is true. It's assumed that you have permission unless the information uses some type of access control protection.

Should I be required to get consent from VA Linux before I try to access Slashdot? Of course not. So why should I be required to do it when it's my neighbour?

Re:news..

[Sancho]

If you leave your front door unlocked, you're probably not standing on the porch yelling "Free house, come and get it!" and handing out name tags. If you do, then you can't turn around and claim the guests were trespassing. A better analogy is that you buy a home, but the home builder doesn't tell you that there's an invisible man standing on the porch yelling to people to come on in in a voice too high pitched for you to hear, but that everyone else hears just fine. They put that information in the home's user manual, but hey, who reads those things. You just started using the home, and it kept the rain out, let you plug things in and use them, let you cook your dinner and watch your TV, so you assumed that everything was alright.

Bad analogy? Maybe, but if so, that's because analogies really don't work well in this case.

The argument against locking routers down by default, is that it's too complicated for the user. Bullshit! People use locks and keys all the time for their home, car, office, filing cabinet, safe deposit box... all things of value they wouldn't want to have stolen. How is your private, personal network any different ? If you don't want people poking around your shared files and internet access, then put a freakin' lock on the thing. Doors and locks have been around for centuries. Ubiquitous computing in the home has been around for a little over a decade, and home networks for even less time. People may eventually get to the point where they can figure these things out, but for now, they're still mystified by the pretty colors on their screen.

I have no pity for people who fail at common sense. The sad fact is that when many non-techie people start using computers, they simply freeze up. It's something so completely alien to them that they don't function well. Most people don't think about security anyway*, except that security which was explicitly drilled into their heads at a young age (lock the doors, keep your keys and wallet with you, don't leave your drink unattended at a restaurant or bar.) Why would you expect people to suddenly develop "common sense," as you put it, when presented with something alien, when they don't even use "common sense" to notice other insecure infrastructure that they aren't explicitly told about?

*Bruce Schneier recently wrote an article on just this topic--the security mindset isn't a part of most people's thinking. http://www.schneier.com/blog/archives/2008/03/the_security_mi_1.html

Re:news..

[kestasjk]

Why can't I use a negligible amount of bandwidth when you are not using it? The same reason you can't use my car when I'm not using it. I pay for it and I don't want to share with strangers. I've got a better reason; ISPs factor in the average bandwidth use when deciding prices. If 1/2 the bandwidth used by the average connection was stolen through WiFi the average person's internet bill would double, whether or not he had actually secured his connection.

Re:news..

[drsquare]

No problem. Don't park your car on the street with the keys in it

So you're equating wireless theft with grand theft auto? I think that's a bit extreme.

If your wireless connection is unsecured and offers DHCP configuration to anyone who wants to join, it's an open invitation.

No it isn't, no more than my front door opening to anyone who pulls the handle is an open invitation to burgle my house.

Good to see that the entitlement complex is still alive on this site though.

Re:news..

[Jimmy_B]

I've got a better reason; ISPs factor in the average bandwidth use when deciding prices. If 1/2 the bandwidth used by the average connection was stolen through WiFi the average person's internet bill would double, whether or not he had actually secured his connection.

No, it wouldn't! Prices would only go up by about 5%. Internet service is not like heating oil or tap water; it doesn't cost more to provide just because you use it more. If everyone suddenly started using twice as much bandwidth, they'd have to upgrade some routers, and that would be it. Routers are cheap. On the other hand, stringing a cable to your house, paying a techie to answer the phone and a lawyer to deal with the town is expensive.

Re:news..

[redxxx]

I didn't think there was anything illegal about Van Eck phreaking and anyone who can see in your window from public property can legally see what is on your monitor.

So, yes, you actually do have a right to see what is on the screen of every CRT in your vicinity, provided you don't break other laws(trespassing for instance) in the process.

Re:news..

[5of0]

See, the problem with that (and pretty much any other digital=real life analogy) is that if I take your bike for a ride, you can't use it any more, and will most definitely notice that it's gone.
If I take your wifi, you can still use it, and unless I'm downloading movies or running a server, you most likely won't notice anything different.
Trying to fix the bike analogy is an exercise in futility, but I'll try anyway. First of all, your bike isn't any ordinary bike, it's a magical, electric bike. The magic makes it so that if anyone tries to steal it, the bike instantly creates an identical copy of it for that person to have, leaving your original bike untouched. The bikes are powered by a battery that is shared amongst the bike and all its copies, but any bike that's standing still recharges the communal battery.

Now, in this case, you're (almost) no worse off if a bunch of people "steal" your bike. The only disadvantages are:
1. If a bunch of people are using your bike all the time, you'll notice your bike's battery wears out quicker (internet is slower)
2. If someone is using your bike to go up hills all the time, the same thing will happen
3. If someone commits a crime on your bike (maybe they were desperate), you may well get pinned, if they can trace the serial number and such back to you.
Oh, and if you look in the manual for your bike, or ask a friend who has the same kind of bike (since in this analogy they're pretty ubiquitous), either will help you find the button to disable this functionality, or set it up with a passcode before anyone can grab a copy, so you can let your friends and family use it.
In this scenario, I don't see a problem. I'd buy a bike, and hey, if my neighbors wanted to use it on occasion, that's fine with me, it's not hurting me any. If it starts to be problematic, I'll put a passcode on it.

I could go further - viruses and such=damage, but then you would also have an infinite free supply of Rust-Eze and new tires (virus scan and such).

Can someone help

[LiquidCoooled]

I am trying to connect to "Free Public Internet" but its not letting me.
Do I need a password?

Gotta Remember, They're Users

[Toad-san]

Had a lady bring her laptop into our computer repair shop. "I can't get the Internet any more."

After extensive questioning (using very small words), I determined:

Her expensive laptop worked fine.

Her TCP/IP settings, web browser, etc. all worked just fine.

The wireless components and setup worked just fine.

What was NOT working fine was her neighbor's wireless access point. Apparently that fine fellow had either turned it off, lost his own internet connection, encrypted his WAP, or whatever.

She never knew she was using his connection, connecting to his WAP. She thought that, since the stick-on on her laptop said it had wireless and could reach the internet .. that it was a godz-given fact that, anywhere she went, she'd have internet access.

"But it works on campus."

Sigh .. more explanations.

Half an hour of my life, gone. And I don't even want to think about the brain damage.

Re:Gotta Remember, They're Users

[lena_10326]

Everyone started out as a newbie.

Re:Gotta Remember, They're Users

[scubamage]

Sadly only a handful ever progress past that point.

Re:Gotta Remember, They're Users

[sm62704]

But you know, I see no reason whatever why the internet shouldn't be at least partly a free, mesh network. Set up all the laptops to be both a client and a server.

Of course, some big multionaltional corporations and their stooges will have hissy fits. Too bad fo rthem, hooray for the rest of us. If I get a laptop, I'll have wifi set up on my desktop, and it will be open. Because I'm not a selfish asshole.

Re:Gotta Remember, They're Users

[Skater]

From playing with a friend's WinXP laptop over the weekend, I can see how it happens: Windows will automatically connect to any network it can find, even peer-to-peer. I'm sure this behavior can be disabled, but it's probably set up that way by default by the manufacturers to make it easier for users. I realize this is old news to most people, but I don't use WinXP very often and was a bit surprised to see it connect to a peer-to-peer network.

(My laptop has WinXP on it, but it's an older laptop - 4 years - and it uses Atheros software to connect and only attempts to connect to the network I activate. Under Linux, my usual OS, I set up a script for it to connect to the SSID I specify.)

Plus, people do use others access points intentionally - some friends of mine were doing it over the weekend when we were camping at a spot that didn't have any internet access.

Re:Gotta Remember, They're Users

[D+Ninja]

That is true, but the thing to remember is that everybody is a newbie in something that they interact with day-to-day. Honestly, other than the basics, I couldn't tell you the first thing about how my car works. Living where I do, it's much more convenient to take it into a shop and not worry about it.

Not knowing how to do something doesn't give those people who do the right to look down upon that person. Then again, that's not going to change - everybody wants to feel important. Looking down upon the "computer n00bs" is just a nerd's way of feeling important.

And why is this bad?

[Ed+Avis]

When you set up your wireless network you can choose whether to allow open access or not. If the network's owner has specified that anyone can use it, why is it bad to do so? I have my wireless router at home set up for open access and it does me no harm if others use it for occasional web browsing. The only flaw is that many routers don't have a way to prioritize or cap usage so that my work isn't slowed down by other people's Bittorrenting.

Yes, it's sent unencrypted - just like network traffic over those old-fashioned things called wires. We all know to use https and ssh for secure connections anyway.

no differentiation- regular or intermittent?

[call+-151]

This is a pretty inane study- there is a huge difference between occasionally looking for an open wireless when away from home to browse and using a neighbor's open wireless as your main pipe. And the comments about identity theft are ridiculous, as most sensible people adjust their browsing/net use when using unknown networks to reflect their uncertainty in its security.

Re:no differentiation- regular or intermittent?

[bcattwoo]

And the comments about identity theft are ridiculous, as most sensible people adjust their browsing/net use when using unknown networks to reflect their uncertainty in its security. Great, now how many internet users fall under the category of "sensible people"? Given the number of people I see on the internet that are unaware of simple things like when and if they will get that "tax rebate", I suspect the number that realize their vulnerability when borrowing someone else's connection to be rather low.

WTF?

[glwtta]

Where exactly is this "considered an illegal act"?

How the hell do you "consider" something to be illegal? It either is, or isn't.

How the hell is 12% a "sizeable percentage"?

Someone's really trying hard to make an article out of nothing.

Re:WTF?

[BrotherBeal]

Someone's really trying hard to make an article out of nothing. Just wait a while and the editors will make two.

Not surprised

[GameboyRMH]

I have a Speedstream 6-series-something (6200?) router, and it has this problem where if you disable the wireless, you have to do a hard reset to enable it again. Long story short I was running an open wireless network for a while, and there was never less than two leechers on the network, in a well-spaced neighborhood full of old people in a third world country. I'd hate to see what would happen to an open wireless network in a crowded metropolis.

Other interesting fact: Me and a friend were wardriving with just a regular laptop, no special antennae, speeding down the highway, and we picked up a LOT of networks, often with a good signal. Some of these were in places with no buildings in sight. When I get a working laptop again I plan to implement a setup that leeches off open networks as I drive (mainly for a Google Earth-based navigation system, anything sensitive will either have to be encrypted or left out), and I have no doubt it will work nicely.

MORE than half use the same password...

[rdhatch]

"Nearly half of all respondents said that they used the same password for all of their online accounts..." I have statistical evidence (sample size of a little over 5000) that proves that says that the percentage is MUCH higher...more like 80-85%. We talk all the time about privacy, net security, identity theft, etc., but this something that is VERY often overlooked. There are many LAMP projects out there (mostly put together by high schoolers or ambitious university freshmen) that collect an email and a password for their own user authentication and then don't encrypt their users' passwords in database. Dishonest 15 year-old admin + one select query on his own database and then approx 80% of the time you have access to the users' email account. From there, the sky's the limit. Online banking, university login accounts, etc. Troubling to say the least. We need a LOT more education of stupid kids that don't know how to encrypt passwords safely in their DB. Furthermore, we need to remember good old fashion ethics in this stuff.

But you get permission every time

It always seemed odd to me that this was illegal, when in reality you are asking for and getting permission. That is, as everyone here would know, your laptop (for example) has to ask the wireless router for permission to connect. The router then grants permission and allocates an IP, all within its normal operating process (i.e., no trickery or hacking involved). It is not a passive process, like, say, entering an unlocked home, in which the house is passively exploited.

Warned my neighbour

[scsirob]

I came across an unsecured network with strong signal a while ago. Turned out to be someone across the street. They had 4 Windows systems attached, with C: drives shared, unprotected. I also found a shared printer on their network.

I warned them by printing a page on that shared printer, identifying myself and describing the problem. Next day the access point was secure..

Re:Warned my neighbour

I warned someone in my college dorm this way too, only it involved a 500 page document of "Hidey Ho Neighbor!"

Same password = throwaway stuff

[fotbr]

I'm guilty of using the same password on a lot things online. Several forums, throwaway email addresses, "register to read the rest of this article" news sites, etc. Basically, the stuff I don't really care about, and I don't give two hoots if it gets h4x0r3d.

I don't particularly see that as an "unsafe" practice, since none of it really matters.

Things I actually care about (personal email, anything work related, etc) get real passwords, and things that can really cause problems (banking, etc) don't get done via the internet at all.

In an apartment.

[WaltherPPK]

Living in an apartment, I was actually surprised with the opposite. It appears that there are 20 or so wireless networks with good signal strength in range, and I am in a corner of the building. However, there is not a single network that isn't using some form of encryption. I don't know if this is typical, but all the supposed luddites living in this building (a combination of college/university age couples and 50+ year old singles) have obviously figured their wireless routers out.

The other premise upon which people base a lot of paranoia regarding network and personal computer security is the assumption that they possess something worth stealing. There are many effective credit card fraud methods in use that don't require any sort of computer exploitation, but rather involve "social engineering." What other information does the average person have on his PC that is of value? Of course I would be disturbed if somebody managed to obtain my entire photograph library, but that is of so little value to somebody else, I doubt very much that any significant effort would be put towards obtaining it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Nearly half of all respondents said that they used

[sm62704]

Nearly half of all respondents said that they used the same password for all of their online accounts

Like newspaper registrations? Rather than bother with bugmenot, I just register using bogus data. My password is 111111. Because I really don't give a shit about a newspaper registration. It has nothing whatever to do with security. The Chicago Tribune has no CC#s, SS#s or any other real, personally identifiable information about me; I don't even know why they bother.

Yet this is somehow deemed a "Security risk." And I don't send encrypted data; if it's sensitive information I'll send it snail mail.

And don't paint it just like every other car...

[TamMan2000]

...in the area.

I set my parents house up with secured wifi 3 years ago... Last year my parents got a new laptop, and went about using wifi. 6 months pass. They get a new printer... I tell them that they can print from their laptop, over the network, and try to talk my dad through setting it up... After much confusion, I realize they are not on the wifi network that I set up for them, but one of their neigbhors...

My parents are smart, they just didn't grow up using computers, and don't think about the kind of things that most slashdot users think about... typical boomers... I bet 12% (or more) of laptop users steal wifi, without even knowing it...

Re:And don't paint it just like every other car...

[TamMan2000]

WEP will keep out the non-resourceful and the lazy but that's about it. Isn't that almost everyone?

Re:And don't paint it just like every other car...

[ceoyoyo]

I have a friend who asked me to set up her wireless router. She lives in a big apartment building. So I connect to "Linksys", configure some stuff, turn on encryption, set the password, all good. Disconnect. Connect. What? No encryption? No password? Stupid thing must be broken. Oh well, try again, maybe it will take. Repeat. Four or five times.

Then I took a look down the list of wireless networks in the building. What do you know... I'd just finished encrypting and setting passwords on all the neighbor's wifi. Whoops. ;)

Re:Bandwith is not a car

[spookymonster]

If I use your bandwidth when you are not, I cant see how that really affects you in any way. And when my ISP cuts off my service because I've used too much bandwidth this month?

And when the government subpoenas me because someone on my account was browsing child porn sites?

And when the RIAA files suit against me for 'making available' copyrighted material (off of your laptop, of course)?

But if those moral blinders are working for you, hey... who am I to disagree?