USA Has More Open Wi-Fi Hotspots Than EU

Mark.JUK writes "Some 40% of wireless (Wi-Fi) Internet access hotspots in the USA are unlocked and do not require a security password, which compares with 25% in Europe; according to WeFi based statistics. Across the world, approximately 30% of recorded Wi-Fi access points are unlocked, while some 70% are locked. Nice to see everybody taking security so seriously, then. It should be perfectly possible to 'share' Wi-Fi while using WPA or WPA2 security measures at the same time."

USA! USA! USA!

[elrous0]

Yeah, number one, baby!

This isn't a bad thing.

[vasqzr]

Good! The Internet was founded on free and open access.

For the first year or two I was using a (very limited) free dial-up shell. Otherwise I would have never been able to get online. I live my access point open, I've had hundreds of users over the last few months.

Re:This isn't a bad thing.

[cayenne8]

The tag line for this article complained that you should be able to have open access..AND WPA2 at the same time.

I got one of these netgear ones recently and it works great.

I can set up different access through it...and even click to allow guests, etc.

I have some old computers that just can't get anything stronger than WEP to run on them (an old iBook for instance), so I set up a WEP connection for them, which the router blocks off from direct interaction with any other computer on my system...everything else is WPA2.

There are wireless routers out there that do some neat things, but you gotta be willing to spend more than $20.

Re:This isn't a bad thing.

[onionman]

Great!!

When I travel, I want to be able to go into a coffee shop, get my espresso, and sit down and use my laptop on the internet without having to hand out credit card information or any other sort of credentials. I make a point of only frequenting businesses with open access points because I want to reward their community service. I recommend that others do the same!

Re:This isn't a bad thing.

[fuzzyfuzzyfungus]

I'd like to see support for doing this properly be more common in consumer level hardware. There are a few commercially available stabs at it(fonera, possibly others) and it isn't rocket surgery to whip something together with OpenWRT and the contents of the average geek's junk collection; but it isn't something you'll just get off the shelf at best buy.

By "properly" I mean segregation between the internal LAN, on a secured wireless link, and the open guest wireless; along with QoS prioritization of all internet traffic from the internal LAN above all internet traffic from the open wireless. I have no problem with offering my unused bandwidth in a neighborly spirit; but I don't want my wireless traffic to be unencrypted, I don't want to deal with malicious agents on my LAN, and, when I go to use my bandwidth, I want to have priority over any guest users. This is not a hard problem, technologically; but it isn't something that Joe User could set up without it being largely out-of-box default.

Re:This isn't a bad thing.

[standbypowerguy]

DD-WRT can do this. I use it on an old Linksys WRT-54G. I've configured two separate private subnets, one for secure connections via WPA, the other for open access I share with my neighbors. All of my PCs, including those with wired connections, exist on the secure subnet. Wireless guests get insecure access. I also have a few wired ports on the insecure subnet. Comes in handy when I want to work on an infected PC, or when I want to give a visitor wired access without them seeing my network.

Re:This isn't a bad thing.

[omnichad]

It's real simple to get this included on consumer routers. Just make a command-line tool that will run easily on busybox, then open source it. Give it a real cryptic name. Linksys and the like will include it on their next router, come up with a cute name for it, and call it their own.

Re:This isn't a bad thing.

[uncledrax]

When I was in Frankfurt last year, i found a nice cafe near our Pension/hotel.. it was basic WEP keyed, but it was the sorta combination some idiot would use on their luggage.

[ unfortunately, I can't see any YouTube iwth the full combination 'skit' in FMV, so here's the audio clip with someones art ]

Anyway.. point being, just because it's "not open" doesn't mean it's "secure". They 'secured' thier Wifi as a point of precaution, but all I had to do was ask for the key and I got it in two different languages, and they were very helpful.. nor did they rotate the key out or anything during the few days I was there. True, I was a paying customer (indiciently, best non-hands-eating burrito I've ever had was in FFM? go figure..), so they wanted to be helped.

If you're legitimately trying to prevent access, putting a weak WEP password on your AP is almost worse then leaving it open because it generates a false sense of security for your network. Now if you had a low-timer rotating WPA-PSK key, MAC filtered, and didn't advert SSID, then that's a reasonable amount of security (but still not full proof, but the amount of effort goes up to breach it).

Re:This isn't a bad thing.

[GIL_Dude]

I'm glad you have neighbors you can trust vasgzr. I don't even have relatives I can always trust. At one point my wife's cousin's daughter (17) stayed with us for a few days. She brought her notebook. I gave her our WPA2 key and a lecture about "don't use my internet connection to do any copyright violation - no music or movies, etc.". Next morning I come downstairs to find her downloading a bunch of songs on Limewire. WPA2 key changed, no more privileges for her. I can't trust my neighbors (or their guests) either - they may download kiddie porn, warez, music, whatever through MY IP address. Having open WiFi would be very nice to do, but the hassle of possibly getting RIAA notes or even possibly police at my door (for the kiddie porn thing a neighbor's guest could do) is not even worth it. Until such time as ISP's are able to uniquely identify WHO did it and not just "well this guy owns the house where the service is terminated", the other folks in the area can get their own internet access.

Re:This isn't a bad thing.

[DarthVain]

If I didn't have a bandwidth cap I would leave mine open.

I blame the greedy telcos.

Re:This isn't a bad thing.

[Mr.+Slippery]

you should be able to have open access..AND WPA2 at the same time.

But what would be the point? You need encryption at the application layer, since after the router it's all cleartext otherwise, so if WPA2 isn't being used for access control, what would it gain?

Re:This isn't a bad thing.

[hardburn]

This. For a local wireless network, what exactly are you worried about? People driving by and using a bit of free access to check email is no big deal. Even if they're making mischief trying to frame random people for child porn, it's unlikely they'll hit you up when they have to be physically near your place to pull it off. It's not like general perimeter security, where you have to be worried about automated scripts even if nobody is directly targeting you.

If somebody is really abusing your bandwidth, then handle that on a case-by-case basis. Otherwise, WEP/WPA just cuts into your local throughput and makes it inconvenient for guests to connect.

Re:This isn't a bad thing.

[uncledrax]

Well actually the main reason I disable SSID is to prevent curious neighbors from even seeing it.. they might be inclined to ask me 'hey I see you have Wireless.. can I use it?'.

I agree that it's very easy to spoof a MAC and to sniff out a non-advertised SSIDs, and that a rotating-key WPA is the best and just a good WPA policy will keep your network secure, but I also want to 'hide' it from nosy, but not technically savvy, neighbors.

How secure is secured?

[IBBoard]

One of the guys I work with used to be a "penetration tester" (paid/hired hacker ;) ) and still has an interest in the area. He showed us a map of his route to work after he drove in with an Eee with wifi and GPS attached. With a bit of representation help, Google maps and a bit of colour coding then there was a surprising amount of people using WEP. Technically that's secured, but realistically it is as good as open for anyone with about 2 minutes and the right app (saw it demoed on the same Eee).

Re:How secure is secured?

[olsmeister]

One of the guys I work with used to be a "penetration tester"

Boy, you set the ball on the tee, now it's time for someone to hit it out of the park!

Re:How secure is secured?

[snspdaarf]

She could like sports, 'ey? 'ey? Know what I mean? Wink-wink, nudge-nudge!

Re:How secure is secured?

[SharpFang]

Realistically, it depends on traffic. I assure you a WEP network with long key and running a low transmission (for example instant messenger + RSS + WWW surfing, vs video streaming, torrents or online games) can take good many hours to break. Speaking from experience, two lunches, four beers and about 8 episodes of Cowboy BeBop before that nice mexican restaurant became Internet-enabled for me.

Re:How secure is secured?

[marcansoft]

I assure you a WEP network with long key and running a low transmission (for example instant messenger + RSS + WWW surfing, vs video streaming, torrents or online games) can take good many hours to break.

.

Good job living under a rock. ARP replay attacks have been able to break into just about any WEP network with any traffic for quite a while now. All you need is a single ARP packet and you win.

Truly Open?

I wonder if this accounts for networks locked down to MAC addresses. I've never encountered an "open" wifi that was truly open (in UK), despite a lot of them appearing to be open, I just wonder how thoroughly they checked.

Re:Maths Lesson

[bakawolf]

WEP?

No wonder

[dunkelfalke]

because, at least in Germany, you are then liable for everything that is transfered over that hotspot. If someone downloads CP or warez you are fucked.

Re:No wonder

[bsane]

ROFL

Re:No wonder

[elrous0]

It's the MPAA/RIAA/FBI "Guilty Until Proven Innocent" law--the same one they've used to imprison, sue, and fine thousands of people in recent years (including some that didn't even own a computer)

Are there really more open hotspots?

[olsmeister]

Or does the USA just have a higher percentage?

Re:What wired equivalent means

[IBBoard]

But those two minutes for physical access a) require physical trespass, b) require you to be in a much riskier situation where you can get physically caught/trapped, c) tend to require more than 2 minutes because you've got things like locks on doors and d) require you to know where the router actually is.

By comparison, breaking WEP and hopping on a wireless network is simple, and how many people actually keep an eye on their router for rogue MAC numbers? Also, you do realise that MACs can be spoofed, so in the right situation you could potentially just usurp a machine or use the MAC of a real but currently disconnected one, right?

Population density is a plausible cause.

[Ferzerp]

More people who may hop on your network and negatively impact your performance would likely cause you to learn to secure things. We have a much lower average population density, so you are more likely to be able to remain ignorant (or just not care) and leave your AP open. If I have 4 people who can see my AP, they are much less likely to wreak havok on my quality of service than if I have 50. I would like to see stats on open AP% vs population density. Of course, the article may have this info. I didn't rtfa.

Relevance?

[Gothmolly]

The US also has more McDonalds, too. How is this even interesting?

And Many wifi open hotspots are secure.

[Lumpy]

I have 2 customers that have 100% open Wifi access points that are secure. Why? you have to be trespassing even with a dish and bi-quad antenna to connect to them. and if you are trespassing, the dogs are eating your butt. Plus we used RF control devices (copper screen) to eliminate signal from going to the direction that would even possibly allow access from outside the estate. (2100 feet is the closest point and still filled with trees, shrubbery that all suck up wifi like sponges)

My home has an Open accesspoint, you have to be inside the house or on the roof to get access. I have aluminum siding and aluminum screens that are grounded. Even my WiSpy pro cant detect the signals from inside the house when I am 5 feet from the front door.

control your RF and you will be more secure.

Re:And Many wifi open hotspots are secure.

[elrous0]

Back a few years ago when I built a giant faraday cage around my house--they said I was crazy. The homeowner's association sued me, my wife left me, the mental health people wouldn't let me see the kids, and I lost my job after extolling the virtues of the faraday cage to all the other employees at every opportunity.

But, in the end, I showed them! Now they see I wasn't so crazy. My house has the most secure wifi on the block!

And your point is?

[kenh]

Mark.JUK said "Nice to see everybody taking security so seriously then." Is there something inherently wrong with an AP that is connected right to a DSL (or other) internet connection to provide free access in, say, a coffee shop, library, city park, airport, or other common areas? McDonalds, Barnes & Noble, and many airports (thanks Google!) are offering "free WiFi" - by definition these can't be "closed"...

There are "wide open" residential gateways, but that number is dwindling (at least in my experience).

I work in a school district and we offer WiFi in all rooms in every building, but we have two "SSID"s - one secured (with access to our internal network, for administrators and district-supplied laptops) and one public (with only filtered access to the public internet, no internal resources available).

I'm doing my part!

[sootman]

"Across the world, approximately 30% of recorded Wi-Fi access points are unlocked, while some 70% are locked. Nice to see everybody taking security so seriously..."

F U, I've been intentionally open since 2002 or so. (Basically, since I got it.) It's like, if you leave your lights on and windows open, someone can sit outside your house and read a book with the light you're giving off--OH NOES!

First of all, it doesn't cost anything to share a bit of WiFi. If someone happens to be driving by and needs it, they can park and use it. If a neighbor loses their connectivity for a day and wants to use mine, FINE, GO AHEAD--I won't even notice or care. Nor will my ISP.

Secondly: security? What security? I doubt there is a band of leet hackers hiding behind my fence trying to get financial data off my wife's laptop (hint: it's usually closed) or trying to pull my credit card number or bank login name as it whizzes by among gigs of other data. (Hint: you'll also have to crack HTTPS.)

You're worried about credit card fraud? Worry more about the 19-year-old you give your card to at a restaurant who disappears with it for a couple minutes. My family and I have had credit card info stolen and abused several times in the last decade and not once was the Internet involved, let alone hackers sitting outside our house at night doing MITM attacks. I'm more worried about an ACTUAL break-in (which I've also experienced) than a cyber one.

Re:Personnally

[betterunixthanunix]

Your post raises an interesting point about the society we live in. We are so paranoid about people abusing our generosity that we actively refuse to be neighborly and help each other. I know plenty of people who use open access points just to check their email and go to a few websites, but nothing else. I know more people in that category than people who are trying to conceal some kind of criminal activity.

Frankly, WEP and WPA2 are doing more harm to the innocent people who just want to use your connection to check email than to the people who are doing something illegal. A good lawyer could argue that your open access point weakens evidence based on IP addresses, because it decouples your IP address from your legal identity, but most innocent people would not be able to defeat WEP.

Re:Insecure? Who says?

[Just+Some+Guy]

There are no "UK" or "US" rules. There are agreements between people and the businesses providing services to them. In my case, I'm complying with my agreement, and still would be if I lived in the UK and had the same contract.

An alternative to completely open.

[Gribflex]

I moved to France last year and was pleasantly surprised at the ISPs attitudes towards sharing wifi.

My provider, Free.fr, by default enables guest access on my router. However, it's not completely open.
In order to access the connect, you must enter your account details (login and password), and then you are given access to a limited connection.
Should you not want to share your connection with other people, you can easily disable this feature; but doing so also disables your account from being able to access roaming wifi.

I really love that the community sharing feature is enabled by default.
As long as I'm willing to share my connection with other subscribers, then I get access to their bandwidth when I'm away from home. And, as one of the larger providers in the area, this means I have access from just about anywhere I go.

On purpose?

[smoyer]

I take security very seriously but have purposely left my wi-fi accessible to whoever would want to use it. Instead of password protecting the wireless link, I made sure that the access point was secure and isolated from the rest of my network. Want some free wi-fi? Come and use mine for free!

I'm Confused

[Bob9113]

Nice to see everybody taking security so seriously then. It should be perfectly possible to "share" Wi-Fi while using WPA or WPA2 security measures at the same time.

I take security very seriously, so my machines are properly secured for direct access to the Internet, and my important machines are behind their own firewall.

I must be missing something about WPA or WPA2 -- how can you make your network show up without the little lock icon when a stranger passes by, so they know they can log in?

Why would I want to encrypt the channel, anyway? As soon as the comm hits the Internet it hops nodes I don't control. If I want it secure, I had better be using an encrypted channel at a higher layer. Admittedly, I could transfer sensitive files in the clear on my own network, but why? I use SCP for everything, which is easy (easier, IMO, than GUI) and it is a good habit to get into.

Which all is to say: I think the "WPA/WPA2 == security" thing is a bad meme. Good security starts above the network layer, and generally can end there. Meanwhile, securing all our Wi-Fi nodes kinda sucks in terms of making the network universally pervasive.

Free the APs, secure the machines and processes.

security?

[spikenerd]

Nice to see everybody taking security so seriously then

Why must you assume it's a "security" thing? Isn't it possible that some of us *want* to share our Internet access? This is the same attitude that people only use P2P for piracy. It's only mostly true.

Stop with the OMG NOT SECURE WIFI crap, please.

[BitZtream]

I must rant ...

I'm rather sick of hearing 'OMG NOT ENCRYPTED' or 'OMG USES WEP INSTEAD OF WPA' when talking about WiFi.

If you're talking about it while using a wifi hotspot, then you're just a fucking moron without even the slightest clue.

No one gives a fuck about your data. They aren't sitting at an airport trying to gather sensitive information. You know why? BECAUSE ANYONE WHO HAS SENSITIVE INFORMATION IS USING ENCRYPTION FOR ALL THEIR CONNECTIONS NOT JUST WIFI. It doesn't freaking matter if the wifi is sent in the clear, their actual session to their file server, mail server or web server is going to be encrypted via SSL or over a VPN.

Any half way competent admin treats wifi as an external network, regardless of encryption used on it, even their own internal wifi networks.

So fucking WHAT if your Starbucks wifi is clear text? You're upset because you're sending it over the air without encryption, but you're fine with the fact that it travels all over the Internet with no encryption? You're afraid someone at the airport may snoop you via wifi, but you don't care if they snoop you via the lan the wifi connects to? You somehow think that because it requires a password, that all the other people that have the password somehow can't see what your sending?

If its public, you're retarded for encrypting it or worrying about the encryption. Everything you're going to do that needs security has a different, BETTER way of handling security and encryption than ANYTHING wifi has to offer.

You don't need to 'share' wifi and use 'wpa or wpa2' at the same time, just fucking make it clear text and stop acting like its 'super secure' when its not. If anyone can buy in or someone easily get your wifi key than your encryption is 100% pointless. Wifi passwords are only useful as a limited effectiveness way of preventing people from using your bandwidth, thats it, nothing more.

Anyone who thinks they are 'secure' because of wifi encryption is just ignorant. Theres no reason for a hotspot to be encrypted, its there to be shared.

And for fucking reference, a hotspot is a place that allows random people to connect. Your WAP at home isn't a freaking hotspot, its just a wireless router. You don't have a hotspot in your home, Starbucks has one, McDonalds has one, the Airport has one. You have a WAP.

So you know why there are a lot of unencrypted hotspots? BECAUSE ITS RETARDED TO DO IT ANY OTHER WAY, the only reason it gets done other ways is shear ignorance and paranoia because of other twits on the Internet that scream OMG ENCRYPTION ENCRYPTION ENCRYPTION!@$!@%$!@%.

Well yeah

[argStyopa]

...the MOST unlocked hotspots? SWEET.

The fact that most of them connected to the web at something around 48kbps, not so sweet.

We have the largest tin-can-and-string network IN THE WORLD, BITCHES.

Law of reverse service

[Penguin]

User from Denmark ( EU) here.

I admire the amout of (deliberately) open wifi hotspots in USA. A couple of friends traveled around the States last year and found free wifi services everywhere - except Las Vegas.

This seem to be an interesting phenomenon. At first it might seem reasonable: wherever you are expected to pay for services you are also expected to pay for Internet access.

However, this leads to some curious cases. I have experienced hotels in Denmark, England and Spain that charge for internet access. But on the other hand it is not uncommon for hostels (that are cheaper and where one would expect a lesser degree of service) to have free wifi.

The economic background is interesting. The cost of putting up a hotspot is pretty low, especially at simple hostels that probably already have internet access and wifi for the employees. But the expenses of putting up a payment solution and handling support is high.

This leads to an interesting paradox: It is the payment solution that might not be feasible at "cheap" places such as hostels; not the Internet connection by itself. The result is that since it is not worthwhile putting up a payment solution the Internet access is simply free!

In some places this leads to even more interesting results:

The suburban railway service in Copenhagen has free wifi on the the trains. These trips are usually short, hence the payment process might itself take too long to be convenient.

However the inter-city trains where travel times are usually about 1½-4 hours there is a wifi payment solution. At first it might make sense but as it is charged per minute any delays underway would lead to a larger travel time and therefore a higher total cost.

Free Internet access could partially make up for a bad travel experience with delays (one would be able to still work online, pass time by casual surf, chat and so on or update successive travel arrangements). Instead passengers are simply punished further economically when the travel is delayed underway.

Re:Insecure? Who says?

[Just+Some+Guy]

I disagree with your assessment. The risk is so tiny that the severe penalties don't even register for me. Should the improbably happen, I think I'll be remembered as the guy who cooperated with the police to investigate his neighbor.

Ask 1000 regular computer users about MAC spoofing

[Zero__Kelvin]

"Interesting question. I wonder how difficult it is to sniff the traffic, discover a permitted MAC address, and then simply spoof that MAC address in order to utilize the network. "

For 99.9% of the population it is not only non-trivial, it is in fact impossible because they lack not only the tools to do it, but also the knowledge that it can be done.

Obviously we can do this, but if you really understand security you know about security landscapes. You know that keeping 99.9% of potential users/abusers is better than nothing, by about 99.9%. So no, it is not reasonable to say that MAC filtering is roughly the equivalent of no security at all.