Slashdot Mirror

← Back to Stories (view on slashdot.org)

EFF Releases Wireless Router Firmware For Open Access Points

Posted by Soulskill on from the secure-is-as-secure-does dept.

klapaucjusz writes: The EFF has released an experimental router firmware designed make it easy to deploy open (password-less) access points in a secure manner. The EFF's firmware is based on the CeroWRT fork of OpenWRT, but appears to remove some of its more advanced routing features. The EFF is asking for help to further develop the firmware. They want the open access point to co-exist on the same router as your typical private and secured access point. They want the owner to be able to share bandwidth, but with a cap, so guests don't degrade service for the owner. They're also looking to develop a network queueing, a minimalist web UI, and an auto-update mechanism. The EFF has also released the beta version of a plug-in called Privacy Badger for Firefox and Chrome that will prevent online advertisers from tracking you.

56 comments

  1. In Germany by Anonymous Coward · · Score: 3, Informative

    we have freifunk. They develop such software. It also bypass the so called "störerhaftung" (disturber liablility), which makes people liable for anyone that used their hotspot as long as they cannot prove they secured their wifi as much as they could.

    1. Re:In Germany by master5o1 · · Score: 1

      How does it bypass that?

      --
      signature is pants
    2. Re:In Germany by Anonymous Coward · · Score: 0

      It proves that they secured their wi-fi as much as they could for the primary users ... and then they shared secondary acess to the public

    3. Re:In Germany by Anonymous Coward · · Score: 0

      They route it through a VPN. One was in sweden, but some others use also one in Berlin, and trying to get the "provider priviledge": when you're large enough (a vague term), you count as provider, and then the rule doesn't apply to you.

  2. Buffalo DD-WRT routers please by Bodhammer · · Score: 1

    Buffalo Routers that run DD-WRT please! I'm sorry I don't have time to do the port...

    --
    "I say we take off, nuke the site from orbit. It's the only way to be sure."
    1. Re:Buffalo DD-WRT routers please by Anonymous Coward · · Score: 0

      From the webpage of my wifi ap/router:

      Router Model Buffalo WHR-G54S
      Firmware Version DD-WRT v24-sp2 (08/07/10) std - build 14896

      (but yes, that is old and i do not know if new versions still work)

    2. Re: Buffalo DD-WRT routers please by Anonymous Coward · · Score: 0

      Don't be a twat, I know that is difficult for you...

    3. Re:Buffalo DD-WRT routers please by Anonymous Coward · · Score: 1

      Buffalo Routers that run DD-WRT please! I'm sorry I don't have time to do the port...

      Yes,
      From the EFF page..

      '..Currently the software runs on one specific model of hardware (the Netgear WNDR3800) ..'

      from the Cerowrt page..

      '..To minimize the effects of hardware dependencies, we have chosen the Netgear WNDR3700v2 or WNDR3800 as the sole hardware for the experiments. Note: The WNDR3700v3 and v4 models that have recently appeared on the market do not work with CeroWrt; purchase the WNDR3800 if you want to be future-proof...

      Quick check on the WNDR3800, it's been EOL'd by Netgear, and isn't that readily available on the second-hand market where I am. (and the currently still available WNDR3700 is a v4 which, from the Cerowrt page ' ..The WNDR3700v3 and v4 models that have recently appeared on the market do not work with CeroWrt..')

      So, by the looks of it, I'll be sticking to my linksys, d-link and tp-link hardware and a.n.other firmware for a while yet..you'd really think they'd check on the wider availability of their target system hardware before going down this apparently dead-end path.

    4. Re:Buffalo DD-WRT routers please by Anonymous Coward · · Score: 0

      I'm sorry I don't have time to do the port...

      Don't worry, we can always find some sucker from the open source community who will sacrifice all his time for the job and ask no money for it.

    5. Re: Buffalo DD-WRT routers please by jones_supa · · Score: 1

      If you are running ddwrt, then it's trivial to configure this. What the fuck is there to "port"?

      Moron.

      Just relax now, the nurse will administer the morphine soon.

    6. Re:Buffalo DD-WRT routers please by Anonymous Coward · · Score: 1

      I'm sorry but Buffalo routers are fscking GARBAGE. I've purchased god-knows-how-many routers for clients and myself and I bought into the hype about how Buffalo routers are so wonderful and they run DD-WRT and they aren't like other brands. BULLSH!T. They are crippled by weak azz wifi and no matter how many times I factory reset (60, 60, 60) the settings from my previous configuration persist. Called their "tech support" line and was told that the features that I PAID FOR were unsupported and that they were NEVER going to to support the features because they're DD-WRT specific.

      FSCK Buffalo routers. I took another risk in purchasing Ubiquiti's line of products and I'm VERY pleasantly surprised, as I was certain their products (priced insanely cheap) would also turn out to be junk but instead, are some of the best routers and wifi units I've ever installed. Not sure about their cameras. I have another supplier for that tho.

      tl;dr: FSCK Buffalo routers. Worthless.

  3. Can't wait for the cops to bust down my house by Anonymous Coward · · Score: 1, Interesting

    because some pervert tried to download child pornography!

    1. Re:Can't wait for the cops to bust down my house by binarylarry · · Score: 0

      Why did someone mod this guy down?

      Illegal use of your access point could have serious consequences (unless it somehow confers Common Carrier Protection of Interneting +4 which I'm unaware of)

      --
      Mod me down, my New Earth Global Warmingist friends!
    2. Re:Can't wait for the cops to bust down my house by Anonymous Coward · · Score: 0

      Why did someone mod this guy down?

      Pedos get mod points too.

    3. Re:Can't wait for the cops to bust down my house by ChunderDownunder · · Score: 2

      The 'fraud squad' already contacted me about credit card skimming traced to our home internet, whereby someone had hacked our wifi in a drive-by usage. They suggested we change our password but you wonder how secure WPA2 is anyway...

      The local ISP, Telstra, is said to soon be trialling nationwide 'free wifi' to ADSL2 customers by offering a free modem with segregated wifi. So I wonder what firmware they plan to use.

    4. Re:Can't wait for the cops to bust down my house by Charliemopps · · Score: 2

      Why did someone mod this guy down?

      Illegal use of your access point could have serious consequences (unless it somehow confers Common Carrier Protection of Interneting +4 which I'm unaware of)

      And how many Starbucks owners do you see in federal prison?

    5. Re:Can't wait for the cops to bust down my house by Anonymous Coward · · Score: 0

      There is only ONE starbucks owner. Starbucks. And the wifi is owned by ATT

      beta sucks

    6. Re:Can't wait for the cops to bust down my house by Belial6 · · Score: 1

      Exactly. There is WAY too much free wifi access in the US for anyone but the most paranoid to think that open wifi would be anything but plausible deniability in the case that someone did get onto your router.

    7. Re:Can't wait for the cops to bust down my house by Anonymous Coward · · Score: 1

      If the EFF wanted to be really cool they could make their router firmware set up a transparent proxy so that the anonymous users are routed onto the TOR network. Their Internet access would be slower, but it couldn't be traced to the owner of the router. Also, increasing the size of the TOR network would increase the amount of anonymity it offered.

    8. Re: Can't wait for the cops to bust down my house by Anonymous Coward · · Score: 0

      I setup a tor relay (not exit node) and within days my bank blocked my IP. That was an annoying thing to explain to my wife. Many sites apparently block any IP that even runs a relay. Really sucks. After shutting off the relay for a few days they unblocked us.

    9. Re:Can't wait for the cops to bust down my house by binarylarry · · Score: 1

      Starbucks owners have a lot of money and are incorporated with the state.

      Most people aren't in that category.

      --
      Mod me down, my New Earth Global Warmingist friends!
  4. WFA-UNAUTH-TLS by Anonymous Coward · · Score: 1

    WFA-UNAUTH-TLS

    Just gonna throw that out there.

    1. Re:WFA-UNAUTH-TLS by Anonymous Coward · · Score: 0

      Thanks for throwing this out there.

    2. Re:WFA-UNAUTH-TLS by Anonymous Coward · · Score: 1

      > WFA-UNAUTH-TLS

      For those wondering WTF that is:

      Seems to be a TLS protocol standard for clients to talk to an open wifi access point but still encrypt the traffic over the air to prevent snooping ala firesheep.

  5. liability? by motorsabbath · · Score: 1

    So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

    --
    The heat from below can burn your eyes out
    1. Re:liability? by binarylarry · · Score: 1

      You could roll over to their house, connect to their access point and GNAA the fuck out of slashdot to get their IP banned.

      Oops.

      --
      Mod me down, my New Earth Global Warmingist friends!
    2. Re:liability? by Anonymous Coward · · Score: 1

      So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

      As lawyers, this is a bonus for the EFF. The innocent party who owned the wifi and shared, who gets caught up in all the legal nastiness is good for their donations and publicity.

    3. Re:liability? by Rick+Zeman · · Score: 1

      So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

      No kidding. I don't see the EFF offering to indemnify any users.

    4. Re:liability? by Charliemopps · · Score: 2

      So if you're sharing your wi-fi with the public at large and someone commits an "Internet Nasty" while connected via your router - who is criminally liable?

      Who's liable when they roll into the parking lot of the local Best Western and do the same thing?

      Making it public is what makes you immune. If it's not public, then you're verifying that all activity from your IP is your own. Making your connection free for others to use re-anonymizes your IP address.

    5. Re:liability? by Anonymous Coward · · Score: 2, Insightful

      Making it public is what makes you immune. If it's not public, then you're verifying that all activity from your IP is your own. Making your connection free for others to use re-anonymizes your IP address.

      Firstly, running an open wifi point would be against my TOS
      Secondly, being in breach of point the first, the police would then turn your argument round on it's head...running a public access point sir?, must be trying to bury your illegal traffic in amongst everyone else's..You're fuckin' nicked, me old beauty!

      immunity my arse...you do realise that the upstream monitoring logs and classification of the traffic which led them to you in the first instance will then be produced in a court of law against you, and you'll then have to account for it?
      I don't know if you've noticed, but the old innocent until proven guilty thing doesn't really apply when it comes to certain classes of crap nowadays, especially online, especially if there's a whiff of terrorism or paedophillia..

    6. Re:liability? by tlhIngan · · Score: 1

      Who's liable when they roll into the parking lot of the local Best Western and do the same thing?

      The fact it's usually traceable back to you?

      A lot of those free wifi things require actually staying at the hotel where they'll happily give you a login and password (tied to your account, of course).

      Though, I welcome the move - no more bandwidth limitations! I mean, the problem with all the wifi provided by ISPs Is you have to log into them and they often charge your account for bandwidth.

      But if you can have free wifi using someone else's account, well, that makes torrenting all those Blu-ray's (at 50GB a pop) much easier. Suddenly 250GB doesn't seem so limiting anymore.

    7. Re:liability? by Anonymous Coward · · Score: 0

      "Traceable"

      Really? Have you ever visited Starbucks or McDonalds? Public open wifi is commonplace now.

  6. The point? by Anonymous Coward · · Score: 0

    I get why the EFF wants to do this. It creates a situation where if lots of people run and use free access points, the legal system will start to realize that an IP doesn't identify an individual. I get it.

    What I don't get is why on earth you'd want to give any of your internet bandwidth to the public if you're living in a private residence. I see absolutely no benefit to me in running one. And I also see no benefit in connecting to one. I never connect to unknown and unsecured access points. Why on earth would anyone want to? What's the point of 4G and shit like that if in the end you're sill relying on peoples' free wireless access points?

    I see no point in runnin one and no point in connecting to one.

    1. Re:The point? by binarylarry · · Score: 3, Insightful

      Do you really trust your mobile telco much more than a random wifi router?

      I dont.

      --
      Mod me down, my New Earth Global Warmingist friends!
    2. Re:The point? by Anonymous Coward · · Score: 2, Insightful

      > What I don't get is why on earth you'd want to give any of your internet bandwidth to the public if you're living in a private residence.
      > I see absolutely no benefit to me in running one.

      I do it because it costs me nothing to help out someone.

      > What's the point of 4G and shit like that if in the end you're sill relying on peoples' free wireless access points?

      Indeed. What is the point of paying for 4G by the bit when you can use free wifi instead?
      I think you've answered your own question.

    3. Re:The point? by Anonymous Coward · · Score: 0

      The most ridiculous comment I've seen today.

    4. Re: The point? by Anonymous Coward · · Score: 3, Interesting

      It's called sharing. The world would be a better place if more people did it.

    5. Re:The point? by bigfinger76 · · Score: 0

      I know this question is way off-topic, but I just have to know...
      Are you a religious person, and if so, what religion?

    6. Re: The point? by Anonymous Coward · · Score: 0

      The "legal system" does not and will not care for EFF's arguments. Instead, they will round up some poor idealistic schmucks who fell for this and make a harsh example out of them to keep the rest in line.

    7. Re: The point? by Anonymous Coward · · Score: 0

      Great. Let's all share wallets.

      You first.....

      You don't like that one? OK, How about I share first, with public wifi access point with a proxy configured to do man-in-the-middle decrypt and rebundling of all SSL traffic? Then *you* can share the passwords you use for your bank, and email, and github?

      Ahh, you don't want to share? OK, how about I just share my trojaned copy of the security tools at https://git.centos.org or bitbucket or github, with a faked Verisign certificate to verify the fraudulent SSL certificate (see http://nakedsecurity.sophos.com/2010/06/23/trojbhoqp-verisign/) That's just me sharing, right, so you don't mind?

      Hint: if you want to "share" so much, I hope you brought condoms and penicillin for *everyone*.

    8. Re: The point? by Anonymous Coward · · Score: 0

      Maybe you just dont understand sharing. Excess items that disappear or go to waste if not used (like bandwidth) are ideal for sharing. It costs nothing to share and you can make somebody happy and you will be happy. If Alice has three hamburgers and Bob has none, why wouldn't Alice share? Come on! Kids are taught that it is nice to share but adults can't seem to figure it out.

    9. Re: The point? by Anonymous Coward · · Score: 0

      configured to do man-in-the-middle decrypt and rebundling of all SSL traffic?

      If only we had a specific list of CAs that were considered valid for signing SSL certs in our browsers to detect this kind of thing... hmm

  7. Obsolete before it was released. by viperidaenz · · Score: 1

    That's cool, but the only hardware it officially supports is End of Life.
    WNDR3800 http://support.netgear.com/pro...

    1. Re:Obsolete before it was released. by Zebai · · Score: 1

      Other than reduced availability for sale I don't think being end of life should really matter you would not get support from netgear on a custom firmware.

      I just feels to me like the EFF wants to reinvent the wheel here. There are already routers/firmwares out there that support multiple wifi ssid's just make one of them a guest id public or not.

    2. Re:Obsolete before it was released. by Anonymous Coward · · Score: 1

      Other than reduced availability for sale I don't think being end of life should really matter you would not get support from netgear on a custom firmware.

      This isn't about Netgear support, the point is that by choosing a target system that you can now only get on the used market (and, from my cursory check this morning, it isn't exactly a common model you see coming up regularly, at least, here) they've (EFF) immediately scored an own-goal by putting off people who might want to try this out by making an apparently stupid choice of base distro and target hardware.

      A quick check of the spare routers I have currently doing nothing, Linksys, d-link, trend, tp-link, and, yes, netgear are represented, at work I've spare Linksys and d-link routers, a quick check of the local second-hand market throws up a lot of tp-link, linksys and d-link routers, some Netgear kit, but not this model.

      By picking a base distribution (Cerowrt) which was limited to only two router models (Netgear WNDR3700v2 or WNDR3800) then restricting the development to the one of these two (WNDR3800) which is EOL'd looks, to me, like a wee bit of a stupid move if they want any sort of mass adoption, I mean, just look at the number of boxes openwrt supports as an example.

  8. Privacy Badger? by Anonymous Coward · · Score: 0

    Privacy Badger for Firefox, when I installed it a few months ago, completely killed my ability to log in with Facebook (OAuth) on several sites I frequent. Removing it didn't fix the problem. Needless to say, I copied another Firefox (Portable) installation over the screwed-up version and never looked back.

    1. Re:Privacy Badger? by Anonymous Coward · · Score: 0

      Then you screwed it up. Privacy Badger works fine for me and others, I can configure it for each page if needed, and turn it off with a single click.

      If you copied a new portable Firefox over the previous one, did you bother to install Privacy Badger a second time to see if the problem reoccurred? If not, then it's like saying "I tried Java once. It didn't work on one page so, needless to say, I removed Java and never tried it again."

      .

    2. Re:Privacy Badger? by Anonymous Coward · · Score: 0

      Shut up, you grunchy swine-man. It must work for the very first time or it is garbage software. I'm not wasting my time with applications like that. I'm tired of those "it works for me, so of course must for everyone". There's a concept called "quality assurance", you might want to look it up. Thank you. Now I'm going to get my leather jacket and elegantly walk away.

  9. CeroWRT != Fork by Anonymous Coward · · Score: 0

    CeroWRT isn't really a fork as described in the summary, it's more of an experimental branch/playground of sorts, with any relevant development being fed back upstream to OpenWRT. (It tends to rebase on OpenWRT head fairly regularly).

    From the website https://www.bufferbloat.net/projects/cerowrt:

    "CeroWrt is a project built on the OpenWrt firmware to resolve the endemic problems of bufferbloat in home networking today, and to push forward the state of the art of edge networks and routers. Projects include proper IPv6 support, tighter integration with DNSSEC, and most importantly, reducing bufferbloat in both the wired and wireless components of the stack."

  10. EFF strikes again... by Jay+Maynard · · Score: 1

    This is just another spammer and net criminal enabler. The EFF has long fought against efforts to end spam. Encouraging wide-open net access with no accountability is just another step down that road.

    The EFF: enabling spammers since the 1990s.

    --
    Disinfect the GNU General Public Virus!
    1. Re:EFF strikes again... by Anonymous Coward · · Score: 0

      > The EFF: enabling spammers since the 1990s.

      1993, specifically, when Mitch Kapor stepped down from leadership and Jerry Berman took over and led them into moving to DC and bending over to get lobbyist money, you mean. The resulting "corporate sponsorship" they got for helping with the TeleCommunications Privacy Act was pretty obvious. It took their leadership roughly 5 years to realize just *how bad* of a corporate shill Berman was and to get him the hell out.

      I actually had a chance to chat with John Perry Barlow about this roughly.... 15 years ago, when he was teaching at Harvard. Mitch Kapor wouldn't talk to me when I saw him around that time: I think he was still pissed that he didn't get that Department of Commerce cabinet position he was angling for in the Clinton administration when he resigned. I did *tell* him they would not put a geek in that position, at an EFF party.

      They've gotten better since then, fortunately, but their focus has been somewhat scattered ever since Mitch stepped down.

  11. What I want by Anonymous Coward · · Score: 0

    1) Ability to log on normally with password (done)
    2) Guest account with no password (done)
    3) Ability to set guest accounts to Tor-only (must have)
    4) Ability to charge guests for service using bitcoin or something similar (would be nice)
            4.1) With micropayment channel support (would be very impressive)

    The big problem right now is that it's simply not worth the risk for me to share my internet connection. If I so much as get a phone call from my ISP, it's already more trouble than it's worth.

  12. Verizon FIOS by Anonymous Coward · · Score: 0

    I use the Verizon FIOS service. Verizon provided a
    Actiontec, Model Name: MI424WR-GEN2, Hardware Version: E
    How do I encourage Verizon to enable, allow, install the EFF software?