This may actually be an artifact introduced when moving the text out of Word and into another application (e.g. a browser). A logical document has no character set, merely a series of logical characters. When you paste text into a text box, though, and submit that as a browser would submit a form, the browser's supposed to make a best effort guess as to how those logical characters should be encoded. If it's trying to squeeze a right-single-quote into, say, iso-8859-1 (which doesn't have it), you can expect quirks like question marks to be inserted instead.
Many attacks are easier to launch through IP than through HTTP.
And this is precisely my point.
There's no reason to have anonymity at the IP layer and no reason to get up in arms about not being able to provide it. The primary (sole?) reason someone needs IP-layer anonymity is so that they can launch attacks without getting caught.
Yep.. I wouldn't fault the author, though. It's probably something like Word doing the repurposing. Apparently the designers of Word (probably due to user feedback) felt the ' glyph was undesirable for apostrophes, so instead of fixing the glyph (assuming that would go over well with those that would continue to use it in terminal applications as a single-quote, which should only really matter with fixed-width fonts anyway), they chose to use a different character instead. Same type of problem...
Entities like map to Unicode code points. These can safely be used regardless of the character set declared in the document. Charsets change the meaning of the bytes used in the text of a page. HTML entities are separate from that and map directly to characters.
The fact that Slashdot isn't declaring a character set for its pages is a completely separate issue (and one I think they should definitely fix), but whatever they decide to use, will always map to the same character.
They are, but keep in mind Clark's responses were given in a stand-alone XHTML document. If Slashdot were doing their site correctly, they would have
been using things like <h1>.. <h6> to begin with, and would have defined CSS styles (if needed) so that they looked normal with respects to the rest of the site to begin with; and
only used a portion of Clark's XHTML responses (so as not to embed one XHTML document within another), and hopefully would have reduced his <h1> tags to <h2> or <h3> to fit within the semantic structure of the site
So no, really, Clark did not intend for his answers to appear this way, but it isn't really his fault. He gave his responses in a beautifully marked-up XHTML document, and Slashdot chose to use his document as-is without any further work to make it "fit". It's not Clark's job to do Slashdot's site design, but it was his decision to give Slashdot good, quality, semantic markup of his responses.
The point is, if Slashdot were using HTML like it was designed, Clark's answers would have integrated beautifully into the site.
Yep, this is an example of someone disliking the look of the "correct" glyph (the apostrophe, or ' ) and choosing to use a totally different character instead (the right single-quote) because it looks more appropriate.
MS Word does this, and I suspect other applications do it as well.
In a perfect Unicode world, single-quoted strings would be composed of a proper left-single-quote - text - right-single-quote. In the real world, single-quoted strings are composed of apostrophe - text - apostrophe. So the apostrophe glyph needs to work in both situations, as an apostrophe and a single-quote. Most people tend to prefer that that character go straight up and down as a result, which means Word needs to use the wrong character when the majority of its users want an apostrophe that looks like a right-single-quote.
It doesn't look like Unicode has a single-quote character that just goes straight up and down. The ' character is an apostrophe in Unicode. The only single-quotes that are there are paired (left/right), though there is a double-quote that goes straight up and down. *shrug*. Here's what I could find:
This is because the curly quotes aren't in the 7-bit (0..127) ASCII range, rather they're either Microsoft or Apple 8-bit (0..255) extensions, which are different.
Or Unicode.
A lot of the "it?s" problems would go away if Slashdot would simply declare a character set for its pages instead of letting the user agent make a bad assumption. I've suggested this a few times but it's never happened.
They could even go a step further and standardize on UTF-8, which would let us be entirely multilingual, with Japanese articles, Chinese comments, etc. It's arguable if that's even necessary or desirable on Slashdot, but why force everyone to use ISO-8859-1 (which, by the way, does not contain those "smart quotes").
All it takes is a single line in the HTML document:
If someone breaks into your network, and you have done all that you know how to do (all that's documented in the user's manual regarding security, vendor notifications, etc.) to secure it, you should be left in the free and clear. When the feds come knockin', the only thing you have to live with is the fact that you were victimized and your resources used for evil.
If you are negligent in running your network, i.e. you ignore warnings and don't pay attention to the fact that your Wi-Fi network is wide-open, you need to be held liable just as you are with any other case of negligence.
If you are willfully providing anonymous public access to your Wi-Fi network, and someone commits a crime using your network, and the only thing you can say when the feds come knocking is, "Well I didn't do it; it must have been someone using my free anonymous public Wi-Fi network," you either need to act unsurprised when they haul you away for committing the crime, or at the very least be unsurprised when they nail you for aiding/abetting. You made an explicit decision to keep that thing open, and you further decided to keep it anonymous, knowing that there was a high likelyhood that someone would commit a crime over it and that that crime would be traced back to you.
You're right: the government is telling people to shape up under the guise of terrorism. There is such a thing as "electronic" or "Internet" terrorism, though, for various definitions of "terrorism" that I don't personally agree with. I believe the article is discussing precisely these types of "terrorists": those that would break into infrastructure and bring it down, perhaps even coordinating this with a real-world attack so that our response time might be crippled.
You cannot combat one type of terrorism and ignore another type.
They're not talking about banning Wi-Fi any more than they're talking about banning spray paints or CB radio, as you put it. They're talking about slapping people around who are negligent or think they're helping the world by leaving their Internet access points wide open for anonymous use.
hotel room under an assumed name and pay cash, use their dial-up connection and a laptop to wreak whatever havoc you wish
Mainly what I'm trying to say is that this scenario represents a certain barrier of entry to pseudo-anonymous IP connectivity. By letting every Joe User set up his own free, public wide-open Wi-Fi network, and giving that user immunity against prosecution or liability for those that misuse his network, you are reducing that barrier to the purchase of a Wi-Fi card. Now every Joe ScriptKiddie/John Spammer has up to 11Mbits of totally anonymized IP connectivity. You've now made it trivial for every Internet crime to be performed with zero chance of ever getting caught.
I've seen internet terminals where you can deposit cash without interacting with a human being
The other bit that people tend to overlook is that many services like this offer limited-use terminals, typically heavily proxied web browsers only. You are not getting the full gamut of IP services here, and that's a fairly crucial difference.
I would have no problem if people wanted to set up a million free web kiosks. Anonymity on the web is great. But by allowing users full anonymous access to the wide range of IP services, that's just asking for trouble and has no positive end.
"We're going to make you responsible for an impossible task...
To be honest, I read things as targeting deliberately open (promiscuous) Wi-Fi networks, not just ones that were unintentially insecure. A lot of the comments in this article are vigorously defending those that want to make their own Wi-Fi networks open and public and want to enjoy immunity when those networks are used to commit crimes.
So you're saying that if a terrorist broke into someone's house, tortured them until they gave out all their passwords, then the terrorists used the homeowner's internet account, then the terrorist can still be traced?
Where in the world did this come from? This is hardly relevant. This risk will be there no matter what.
But yes, unless the home owner was murdered in the process, they'll surely have some useful bit of information for the investigators, and forensic evidence perhaps.
This is a bit extreme, don't you think? I'm talking about the casual Internet abuser here, not a hard-core terrorist. Or are you saying that we should give them whatever promiscuous Wi-Fi networks they want so they don't break in to our homes and torture us for Internet access?
As for tracing the IP address, I seem to remember reading a news story about spammers using unallocated addresses to post their spam without being traced.
It makes it difficult to trace after-the-fact, but not impossible. In order to get an IP block routed to you, you have to announce a route. Assuming the other routers don't immediately ignore your announcement and throw up a warning flag because it's coming from a reserved block, the announcement gets propogated and it's pretty easy to follow the route back to the ISP giving them connectivity. With a trivial amount of effort they should be able to figure out who's doing it. Don't believe everything you read in the mainstream media. Rarely do they have a significant amount of network experience.
1. You need a credit card for an AOL account 2. You have to dial up to AOL through a land-line. AOL has caller ID.
Granted, you can use a stolen card, and dial up from a pay phone, but these are rather significant speed bumps for the casual (ab)user. Promiscuous Wi-Fi networks open that door of anonymity to every Joe ScriptKiddie/spammer.
What do you gain out of having anonymous IP that you can't have with anonymous HTTP? Why does everyone insist on having this anonymity at the IP layer and not the application layer?
Perhaps I misunderstood the original post. I was under the impression that it was suggesting that we need to shift our resources away from combating promiscuous Wi-Fi networks and towards goals that would possibly have an impact on reducing spam. I found this argument silly. But perhaps I misunderstood.
I am completely in favor of everything you describe in your post.
Every other avenue of access leaves an audit trail. Dialing up to an ISP gives the ISP a record of your account information (which, in all fairness, might be stolen) and the caller ID information about where you called from. It takes a lot more skill and effort to truly hide yourself this way. Net Cafés and public libraries a) probably don't give you unfettered IP connectivity, but probably filter you through an HTTP proxy; and b) someone probably saw you sit down and starting using it (or, at the very least, a security camera probably did).
College campuses are especially sensitive to abuse and I don't believe any of them will let any Joe User use their network. You generally have to cover a few speed bumps like MAC registration (or purchasing a card directly from them), and even then there's no guarantee that you'll have 100% free IP connectivity.
To date, there's always been some way of tracking abuse down to the casual abuser. Sure, if you're smart about it, you can probably get in and out before they could ever catch you, but opening everyone's Wi-Fi network to 100% anonymous and unrestricted access allows everyone to jump on your network and do whatever they want with no chance of ever getting caught.
What nobody seems to understand (or care about?) is that all of these arguments basically promote a world where every crime occurring over the Internet is impossible to trace!
There is NO reason you need anonymity at the IP layer. Higher-level application layers, absolutely. We have anonymizing HTTP proxies, for example, and free e-mail services. There is no reason you need raw TCP/IP access to the Internet from an anonymous source. There are no "free speech" concerns if that is unavailable to you.
It doesn't apply here. You can't just say, "I'm providing a service, so make me a common carrier." The phone company bit is a horrible example, because you cannot merely make a telephone call and hack into other systems, send a million spam messages, or command your DDoS zombie army. You'd have to have an ISP in there somewhere to get you online. The telephone call is merely the "physical" layer of your network connection.
For the rest of your examples, you're still not getting free anonymous access.
For your library, you generally need a library card, and even if you don't, people saw you. They can trace the activity back to the PC, and a librarian or a visitor could easily say, "Yep, I remember him." Many libraries also generally permit only web browsing. If you set up a Wi-Fi network and put it in a DMZ and only permit proxied (filtered?) HTTP traffic, I'd say that's a responsibly-run Wi-Fi network, though I still might have my reservations about running one. But that's not what we're talking about here, is it? It's about truly anonymous, full IP connectivity. That is not generally found in a library.
For Starbucks, you have to sign up with an account, which requires a credit card. Even if you used stolen information, somebody probably saw you sit down, assuming you didn't buy any coffee.
For an Internet Café, same thing. You had to pay to use the service, so you either spoke to a vendor, and/or they have your credit card. I also don't know how many of these places offer you full IP connectivity as well. I would think most of these would be heavily firewalled and proxied also.
In an airport, first of all, you've bought a ticket. Secondly, I don't know of any "all-airport" networks that do not require you to sign up with an account. Thirdly, for those airline clubs that do offer "free" Wi-Fi access, you had to walk in and demonstrate that you were a member. They've noted this.
There is presently nothing similar to open Wi-Fi networks in providing 100% anonymous full IP connectivity.
When they do knock on your door, and they've stated that they've traced all sorts of illegal activity back to your network, and you do simply state "I'm no more liable than the phone company is!" what do you think they will do? Do you think they will shrug their shoulders and say, "Oh damn, better luck next time"?
If what you're advocating (immunity to open Wi-Fi operators) comes to pass, crime on the Internet will skyrocket. Spam will multiply by orders of magnitude (now they have no fear of being caught, and it would only be you that's shut down). Is this the Internet of the future?
You're also forgetting that you are ultimately responsible for fulfilling the obligations of your terms of service with your ISP. You can call yourself a "common carrier" all you want, but you're still contractually bound there. If your ISP gets enough complaints, you can bet they will shut you down. You can scream and shout about how it was some other armless guy using your open, anonymous Wi-Fi network all you want, but it doesn't really matter. You failed to curb the abuse (because you made the deliberate decision to open your network up promiscuously).
those things are already happening without much help from WiFi.
But without Wi-Fi, there is always an audit trail. Sometimes it may be difficult to find, but it's always there.
With free, open, public anonymous Wi-Fi services, any Joe ScriptKiddie can enjoy 100% anonymous and untraceable Internet connectivity. There's a bit of a difference.
Your HTTP anonymizing services would of course divulge any and all information about the original IP address to the Ministry of Truth - sorry, I mean Homeland Security
My point is, anonymity can occur at the application layer, and should not occur at the IP layer.
There is no law requiring web site operators to keep logs of activity, and certainly none requiring anonymizing proxies to keep track of who accesses what sites. The amount of "damage" you can do over anonymized HTTP is insignificant next to the amount of damage you can do over anonymized IP. But for anonymizing your identity when posting some bit of information, either technique works. So why advocate the method that would also anonymize every criminal act performed on the Internet?
There is no original expression in a list of items and prices since they're facts
I don't think they were facts yet. Until the prices become current or the company publishes the data, they're just numbers representing the company's intent. That makes it a little trickier, IMO.
How do you propose to break into Internet hosts, release a targeted worm/virus, or initiate a distributed denial of service attack against critical Internet infrastructure using only your cell phone and/or radio?
You have to have Internet connectivity somewhere. What changes here is that IP connectivity used to be somewhat traceable (you had to provide some form of information and usually a credit card, not to mention most ISP's have caller ID). With open Wi-Fi networks, the trail ends with the Wi-Fi operator. Generally he doesn't even know you were ever on the network. And if he does, it's doubtful he's obtained anything remotely identifying about you. You can commit whatever crimes you want and you will never be caught.
I don't think it's about communication. There are a million ways people can communicate essentially anonymously that adding open Wi-Fi networks to the mix doesn't change much.
But users of open Wi-Fi networks can do something that you can't just do on a pay phone: you can release viruses and worms, you can hack into remote systems to cover your tracks, or maybe set up some DDoS zombies and use a distributed attack against some infrastructure.
You can even TRADE MP3'S!
All of this without fear of ever getting caught. The trail stops with the Wi-Fi operator. If you're lucky, they'll convict him instead and you get off free forever.
I find it amusing that your comment implied that the government's position was to our disadvantage with respects to spam.
Anonymous, untraceable Internet connections are a spammer's dream. You can bet they would love it if there was an unlimited supply of open Wi-Fi networks from which they can carry out spam campaigns.
I will be one of the first people to say that "freedom of speech" necessarily requires anonymity. People need to be able to speak their minds anonymously without fear of getting their words traced back.
But there is NO reason true anonymity needs to extend to your IP address. There are plenty of places in the physical world where you can post something anonymously (perhaps an op-ed piece in your local newspaper). There are HTTP anonymizing services that allow you to post comments on bulletin boards anonymously. Heck, most sites and most ISP accesses are anonymous to the extent that a court order would be needed to get your identity (well, excluding some of the Patriot Act provisions). That type of anonymity may be perfectly sufficient for some. For the rest, we already have those tools.
The point is, a completely anonymous Internet connection has a very limited usefuless for those hoping to protect their freedom of speech, but it has immense value for those wanting to commit electronic crimes (spamming, intrusions, distributed denial-of-service attacks, worm injections, identity fraud, etc.). By providing immunity to the Wi-Fi operators, we're basically saying it's perfectly OK for people to start abusing these networks without fear of ever getting caught.
If you thought spam and the occasional DDoS attack was bad today, just wait...
If someone breaking into a bunch of 802.11b networks (at 10Mbps) can bring down the network of this country, the US portion of the Internet is flakier than I thought and we really have bigger problems than this.
Firstly, no one is suggesting that a denial-of-service attack from an open Wi-Fi network is a threat. But once you have anonymous connectivity, there's nothing stopping you from hacking into a few hundred hosts (maybe using a script) and setting up DDoS zombies on all of them. You can now use your anonymous connection to initiate a more severe attack without fear of getting caught.
Secondly, an open Wi-Fi network is a perfect place to release a destructive virus or worm. You don't need a lot of bandwidth to do this.
Slashdot Mirror
This may actually be an artifact introduced when moving the text out of Word and into another application (e.g. a browser). A logical document has no character set, merely a series of logical characters. When you paste text into a text box, though, and submit that as a browser would submit a form, the browser's supposed to make a best effort guess as to how those logical characters should be encoded. If it's trying to squeeze a right-single-quote into, say, iso-8859-1 (which doesn't have it), you can expect quirks like question marks to be inserted instead.
Many attacks are easier to launch through IP than through HTTP.
And this is precisely my point.
There's no reason to have anonymity at the IP layer and no reason to get up in arms about not being able to provide it. The primary (sole?) reason someone needs IP-layer anonymity is so that they can launch attacks without getting caught.
Why is everyone working so hard to protect this?
Yep.. I wouldn't fault the author, though. It's probably something like Word doing the repurposing. Apparently the designers of Word (probably due to user feedback) felt the ' glyph was undesirable for apostrophes, so instead of fixing the glyph (assuming that would go over well with those that would continue to use it in terminal applications as a single-quote, which should only really matter with fixed-width fonts anyway), they chose to use a different character instead. Same type of problem...
I failed to preview my post. Wherever it looks like a word was left out of my post, pretend I said something like “.
Entities like map to Unicode code points. These can safely be used regardless of the character set declared in the document. Charsets change the meaning of the bytes used in the text of a page. HTML entities are separate from that and map directly to characters.
The fact that Slashdot isn't declaring a character set for its pages is a completely separate issue (and one I think they should definitely fix), but whatever they decide to use, will always map to the same character.
They are, but keep in mind Clark's responses were given in a stand-alone XHTML document. If Slashdot were doing their site correctly, they would have
So no, really, Clark did not intend for his answers to appear this way, but it isn't really his fault. He gave his responses in a beautifully marked-up XHTML document, and Slashdot chose to use his document as-is without any further work to make it "fit". It's not Clark's job to do Slashdot's site design, but it was his decision to give Slashdot good, quality, semantic markup of his responses.
The point is, if Slashdot were using HTML like it was designed, Clark's answers would have integrated beautifully into the site.
Look forward to more of this in XHTML 2.0!
Yep, this is an example of someone disliking the look of the "correct" glyph (the apostrophe, or ' ) and choosing to use a totally different character instead (the right single-quote) because it looks more appropriate.
MS Word does this, and I suspect other applications do it as well.
In a perfect Unicode world, single-quoted strings would be composed of a proper left-single-quote - text - right-single-quote. In the real world, single-quoted strings are composed of apostrophe - text - apostrophe. So the apostrophe glyph needs to work in both situations, as an apostrophe and a single-quote. Most people tend to prefer that that character go straight up and down as a result, which means Word needs to use the wrong character when the majority of its users want an apostrophe that looks like a right-single-quote.
It doesn't look like Unicode has a single-quote character that just goes straight up and down. The ' character is an apostrophe in Unicode. The only single-quotes that are there are paired (left/right), though there is a double-quote that goes straight up and down. *shrug*. Here's what I could find:
e -search?query=39+34+8216+8217+8220+8221&type=d ec
http://new.fastolfe.net/reference/charsets/unicod
This is because the curly quotes aren't in the 7-bit (0..127) ASCII range, rather they're either Microsoft or Apple 8-bit (0..255) extensions, which are different.
/>
Or Unicode.
A lot of the "it?s" problems would go away if Slashdot would simply declare a character set for its pages instead of letting the user agent make a bad assumption. I've suggested this a few times but it's never happened.
They could even go a step further and standardize on UTF-8, which would let us be entirely multilingual, with Japanese articles, Chinese comments, etc. It's arguable if that's even necessary or desirable on Slashdot, but why force everyone to use ISO-8859-1 (which, by the way, does not contain those "smart quotes").
All it takes is a single line in the HTML document:
<meta http-equiv="content-type" content="text/html; charset=utf-8"
Seriously, what do you want?
Liability.
If someone breaks into your network, and you have done all that you know how to do (all that's documented in the user's manual regarding security, vendor notifications, etc.) to secure it, you should be left in the free and clear. When the feds come knockin', the only thing you have to live with is the fact that you were victimized and your resources used for evil.
If you are negligent in running your network, i.e. you ignore warnings and don't pay attention to the fact that your Wi-Fi network is wide-open, you need to be held liable just as you are with any other case of negligence.
If you are willfully providing anonymous public access to your Wi-Fi network, and someone commits a crime using your network, and the only thing you can say when the feds come knocking is, "Well I didn't do it; it must have been someone using my free anonymous public Wi-Fi network," you either need to act unsurprised when they haul you away for committing the crime, or at the very least be unsurprised when they nail you for aiding/abetting. You made an explicit decision to keep that thing open, and you further decided to keep it anonymous, knowing that there was a high likelyhood that someone would commit a crime over it and that that crime would be traced back to you.
You're right: the government is telling people to shape up under the guise of terrorism. There is such a thing as "electronic" or "Internet" terrorism, though, for various definitions of "terrorism" that I don't personally agree with. I believe the article is discussing precisely these types of "terrorists": those that would break into infrastructure and bring it down, perhaps even coordinating this with a real-world attack so that our response time might be crippled.
You cannot combat one type of terrorism and ignore another type.
They're not talking about banning Wi-Fi any more than they're talking about banning spray paints or CB radio, as you put it. They're talking about slapping people around who are negligent or think they're helping the world by leaving their Internet access points wide open for anonymous use.
You make some good points, but:
hotel room under an assumed name and pay cash, use their dial-up connection and a laptop to wreak whatever havoc you wish
Mainly what I'm trying to say is that this scenario represents a certain barrier of entry to pseudo-anonymous IP connectivity. By letting every Joe User set up his own free, public wide-open Wi-Fi network, and giving that user immunity against prosecution or liability for those that misuse his network, you are reducing that barrier to the purchase of a Wi-Fi card. Now every Joe ScriptKiddie/John Spammer has up to 11Mbits of totally anonymized IP connectivity. You've now made it trivial for every Internet crime to be performed with zero chance of ever getting caught.
I've seen internet terminals where you can deposit cash without interacting with a human being
The other bit that people tend to overlook is that many services like this offer limited-use terminals, typically heavily proxied web browsers only. You are not getting the full gamut of IP services here, and that's a fairly crucial difference.
I would have no problem if people wanted to set up a million free web kiosks. Anonymity on the web is great. But by allowing users full anonymous access to the wide range of IP services, that's just asking for trouble and has no positive end.
"We're going to make you responsible for an impossible task...
To be honest, I read things as targeting deliberately open (promiscuous) Wi-Fi networks, not just ones that were unintentially insecure. A lot of the comments in this article are vigorously defending those that want to make their own Wi-Fi networks open and public and want to enjoy immunity when those networks are used to commit crimes.
So you're saying that if a terrorist broke into someone's house, tortured them until they gave out all their passwords, then the terrorists used the homeowner's internet account, then the terrorist can still be traced?
Where in the world did this come from? This is hardly relevant. This risk will be there no matter what.
But yes, unless the home owner was murdered in the process, they'll surely have some useful bit of information for the investigators, and forensic evidence perhaps.
This is a bit extreme, don't you think? I'm talking about the casual Internet abuser here, not a hard-core terrorist. Or are you saying that we should give them whatever promiscuous Wi-Fi networks they want so they don't break in to our homes and torture us for Internet access?
As for tracing the IP address, I seem to remember reading a news story about spammers using unallocated addresses to post their spam without being traced.
It makes it difficult to trace after-the-fact, but not impossible. In order to get an IP block routed to you, you have to announce a route. Assuming the other routers don't immediately ignore your announcement and throw up a warning flag because it's coming from a reserved block, the announcement gets propogated and it's pretty easy to follow the route back to the ISP giving them connectivity. With a trivial amount of effort they should be able to figure out who's doing it. Don't believe everything you read in the mainstream media. Rarely do they have a significant amount of network experience.
...both in the US and overseas. AOL, for example.
1. You need a credit card for an AOL account
2. You have to dial up to AOL through a land-line. AOL has caller ID.
Granted, you can use a stolen card, and dial up from a pay phone, but these are rather significant speed bumps for the casual (ab)user. Promiscuous Wi-Fi networks open that door of anonymity to every Joe ScriptKiddie/spammer.
What do you gain out of having anonymous IP that you can't have with anonymous HTTP? Why does everyone insist on having this anonymity at the IP layer and not the application layer?
Perhaps I misunderstood the original post. I was under the impression that it was suggesting that we need to shift our resources away from combating promiscuous Wi-Fi networks and towards goals that would possibly have an impact on reducing spam. I found this argument silly. But perhaps I misunderstood.
I am completely in favor of everything you describe in your post.
Every other avenue of access leaves an audit trail. Dialing up to an ISP gives the ISP a record of your account information (which, in all fairness, might be stolen) and the caller ID information about where you called from. It takes a lot more skill and effort to truly hide yourself this way. Net Cafés and public libraries a) probably don't give you unfettered IP connectivity, but probably filter you through an HTTP proxy; and b) someone probably saw you sit down and starting using it (or, at the very least, a security camera probably did).
College campuses are especially sensitive to abuse and I don't believe any of them will let any Joe User use their network. You generally have to cover a few speed bumps like MAC registration (or purchasing a card directly from them), and even then there's no guarantee that you'll have 100% free IP connectivity.
To date, there's always been some way of tracking abuse down to the casual abuser. Sure, if you're smart about it, you can probably get in and out before they could ever catch you, but opening everyone's Wi-Fi network to 100% anonymous and unrestricted access allows everyone to jump on your network and do whatever they want with no chance of ever getting caught.
What nobody seems to understand (or care about?) is that all of these arguments basically promote a world where every crime occurring over the Internet is impossible to trace!
There is NO reason you need anonymity at the IP layer. Higher-level application layers, absolutely. We have anonymizing HTTP proxies, for example, and free e-mail services. There is no reason you need raw TCP/IP access to the Internet from an anonymous source. There are no "free speech" concerns if that is unavailable to you.
It doesn't apply here. You can't just say, "I'm providing a service, so make me a common carrier." The phone company bit is a horrible example, because you cannot merely make a telephone call and hack into other systems, send a million spam messages, or command your DDoS zombie army. You'd have to have an ISP in there somewhere to get you online. The telephone call is merely the "physical" layer of your network connection. For the rest of your examples, you're still not getting free anonymous access. For your library, you generally need a library card, and even if you don't, people saw you. They can trace the activity back to the PC, and a librarian or a visitor could easily say, "Yep, I remember him." Many libraries also generally permit only web browsing. If you set up a Wi-Fi network and put it in a DMZ and only permit proxied (filtered?) HTTP traffic, I'd say that's a responsibly-run Wi-Fi network, though I still might have my reservations about running one. But that's not what we're talking about here, is it? It's about truly anonymous, full IP connectivity. That is not generally found in a library. For Starbucks, you have to sign up with an account, which requires a credit card. Even if you used stolen information, somebody probably saw you sit down, assuming you didn't buy any coffee. For an Internet Café, same thing. You had to pay to use the service, so you either spoke to a vendor, and/or they have your credit card. I also don't know how many of these places offer you full IP connectivity as well. I would think most of these would be heavily firewalled and proxied also. In an airport, first of all, you've bought a ticket. Secondly, I don't know of any "all-airport" networks that do not require you to sign up with an account. Thirdly, for those airline clubs that do offer "free" Wi-Fi access, you had to walk in and demonstrate that you were a member. They've noted this. There is presently nothing similar to open Wi-Fi networks in providing 100% anonymous full IP connectivity. When they do knock on your door, and they've stated that they've traced all sorts of illegal activity back to your network, and you do simply state "I'm no more liable than the phone company is!" what do you think they will do? Do you think they will shrug their shoulders and say, "Oh damn, better luck next time"? If what you're advocating (immunity to open Wi-Fi operators) comes to pass, crime on the Internet will skyrocket. Spam will multiply by orders of magnitude (now they have no fear of being caught, and it would only be you that's shut down). Is this the Internet of the future? You're also forgetting that you are ultimately responsible for fulfilling the obligations of your terms of service with your ISP. You can call yourself a "common carrier" all you want, but you're still contractually bound there. If your ISP gets enough complaints, you can bet they will shut you down. You can scream and shout about how it was some other armless guy using your open, anonymous Wi-Fi network all you want, but it doesn't really matter. You failed to curb the abuse (because you made the deliberate decision to open your network up promiscuously).
those things are already happening without much help from WiFi.
But without Wi-Fi, there is always an audit trail. Sometimes it may be difficult to find, but it's always there.
With free, open, public anonymous Wi-Fi services, any Joe ScriptKiddie can enjoy 100% anonymous and untraceable Internet connectivity. There's a bit of a difference.
Your HTTP anonymizing services would of course divulge any and all information about the original IP address to the Ministry of Truth - sorry, I mean Homeland Security
s html for a typical declaration of what's kept and for how long.
Which anonymizer service are you using? Read the first section of http://www.anonymizer.com/docs/privacy_statement.
My point is, anonymity can occur at the application layer, and should not occur at the IP layer.
There is no law requiring web site operators to keep logs of activity, and certainly none requiring anonymizing proxies to keep track of who accesses what sites. The amount of "damage" you can do over anonymized HTTP is insignificant next to the amount of damage you can do over anonymized IP. But for anonymizing your identity when posting some bit of information, either technique works. So why advocate the method that would also anonymize every criminal act performed on the Internet?
There is no original expression in a list of items and prices since they're facts
I don't think they were facts yet. Until the prices become current or the company publishes the data, they're just numbers representing the company's intent. That makes it a little trickier, IMO.
The rest of your comment was great.
How do you propose to break into Internet hosts, release a targeted worm/virus, or initiate a distributed denial of service attack against critical Internet infrastructure using only your cell phone and/or radio?
You have to have Internet connectivity somewhere. What changes here is that IP connectivity used to be somewhat traceable (you had to provide some form of information and usually a credit card, not to mention most ISP's have caller ID). With open Wi-Fi networks, the trail ends with the Wi-Fi operator. Generally he doesn't even know you were ever on the network. And if he does, it's doubtful he's obtained anything remotely identifying about you. You can commit whatever crimes you want and you will never be caught.
I don't think it's about communication. There are a million ways people can communicate essentially anonymously that adding open Wi-Fi networks to the mix doesn't change much.
But users of open Wi-Fi networks can do something that you can't just do on a pay phone: you can release viruses and worms, you can hack into remote systems to cover your tracks, or maybe set up some DDoS zombies and use a distributed attack against some infrastructure.
You can even TRADE MP3'S!
All of this without fear of ever getting caught. The trail stops with the Wi-Fi operator. If you're lucky, they'll convict him instead and you get off free forever.
I find it amusing that your comment implied that the government's position was to our disadvantage with respects to spam.
Anonymous, untraceable Internet connections are a spammer's dream. You can bet they would love it if there was an unlimited supply of open Wi-Fi networks from which they can carry out spam campaigns.
I will be one of the first people to say that "freedom of speech" necessarily requires anonymity. People need to be able to speak their minds anonymously without fear of getting their words traced back.
But there is NO reason true anonymity needs to extend to your IP address. There are plenty of places in the physical world where you can post something anonymously (perhaps an op-ed piece in your local newspaper). There are HTTP anonymizing services that allow you to post comments on bulletin boards anonymously. Heck, most sites and most ISP accesses are anonymous to the extent that a court order would be needed to get your identity (well, excluding some of the Patriot Act provisions). That type of anonymity may be perfectly sufficient for some. For the rest, we already have those tools.
The point is, a completely anonymous Internet connection has a very limited usefuless for those hoping to protect their freedom of speech, but it has immense value for those wanting to commit electronic crimes (spamming, intrusions, distributed denial-of-service attacks, worm injections, identity fraud, etc.). By providing immunity to the Wi-Fi operators, we're basically saying it's perfectly OK for people to start abusing these networks without fear of ever getting caught.
If you thought spam and the occasional DDoS attack was bad today, just wait...
If someone breaking into a bunch of 802.11b networks (at 10Mbps) can bring down the network of this country, the US portion of the Internet is flakier than I thought and we really have bigger problems than this.
Firstly, no one is suggesting that a denial-of-service attack from an open Wi-Fi network is a threat. But once you have anonymous connectivity, there's nothing stopping you from hacking into a few hundred hosts (maybe using a script) and setting up DDoS zombies on all of them. You can now use your anonymous connection to initiate a more severe attack without fear of getting caught.
Secondly, an open Wi-Fi network is a perfect place to release a destructive virus or worm. You don't need a lot of bandwidth to do this.