Oh, it's not your logic that I have a problem with, only your premises.
Most people don't know how to secure their wrouters. They need to be much better educated (and I spend some time each week trying to explain to the Joe and Jane Sixpacks in my life why they should secure their wrouters, and how to do it).
You guys keep asserting that unsecured means free to use. Why? Because unsecured means free to use. Nobody thus far is supporting this statement AT ALL, and this includes yourself. "Let's see...encrypted for sure means go away...so unencrypted MUST mean 'Come in!'" No. Unencrypted only means there are two options: "Come in" and "Go away." You are choosing among them and glossing over that choice.
The best argument I've seen so far is that plenty of people's laptops have at some point connected to a wrouter named "linksys" and so will connect to ANY wrouter named "linksys." In fact I see nothing unethical when people unwittingly connect to an AP. But you ought to know better, and what's more, you KNOW this. You're just trying to justify mooching.
This only holds true if you can assume everyone who owns an AP knows how to secure it. I do not think that is a valid assumption, although perhaps 5 years from now when the populace is better educated, it may be.
One skateboarder is one thing. Twenty of them is something else entirely...although even one would in fact adversely affect mileage (just not very much). My issue is that, in principle, what's the difference between one and twenty, in principle? They can assume he doesn't mind their riding back there because there are no spikes to keep them at bay?
You continue to ignore that you can't have it both ways. If you tell people that they can't use open access points because a technically open access point might not be intended to be open, you also tell the access point owner that they don't need to worry about securing their access points.
Except that I don't. As I have stated twice now, I make an effort to inform people about the security risks of running an open AP. I help people in my building secure their access points. So, not only are YOU ignoring what I'm writing, you're trying to spin a straw man argument (that is, you are arguing against statements that I did not make). Quite explicitly, I did not say anywhere that accessing an open AP should be illegal. I merely argued that it was unethical. I think it would probably be inappropriate to bring the force of law into this, but your position is untenable.
You are very astute about false negatives: there is a tradeoff between false positives and false negatives (in fact, the probability of one is the inverse of the other). This is well covered on Wikipedia as well. So the question I put to you--again--is if you're going to make one error or the other, would you rather mooch a resource that someone meant to secure, or would you rather pass up the opportunity for free wifi?
Your presumption is that you are somehow "entitled" to free use of other people's resources unless they explicitly tell you otherwise. You seem to believe that this is true because you know things the owner of that resource does not. It is a highly unethical position that your special knowledge gives you power to take things away from others, and I find your willingness to apply the force of law to these things troubling.
Just to settle a side bet, what would you say your political affiliation is? It has nothing to do with the argument, but I am curious.
Please link to these "discussions" about lawsuits against people accessing web servers. I do not believe you.
As I have said now several times, it is impossible to set up a web server and DNS entries "accidentally." So you can safely assume that web resources are meant to be there. However, wireless access points sadly come open out of the box. It would be great if you had to set up WPA before it would even work...but this is not the case.
So when you consider accessing wifi that is not explicitly meant to be free (as in, named after the coffee shop you're in), you might either mooch a resource someone else paid for, or you might move on and miss out on that free bandwidth. Which error do you prefer to choose?
Most people here would prefer to commit the alpha error. Were I to guess at their intent, it would be that they believe they are entitled to other people's resources because they are clever enough to exploit other people's ignorance. This is wholly unethical, in principle, although in practice I doubt it leads to much if any ill.
Whooo, straw man argument. I am not arguing in favor of not using encryption. I am arguing that it is unethical to exploit other people's ignorance.
As I have said elsewhere: When you make a decision, such as whether or not to use an access point when you do not know if it's meant to be open, there are two possible errors you can make: Alpha Error (false positive) and Beta Error (false negative). So, it is possible that you will:
A: Access resources that someone merely doesn't know how to secure. B: Move on and miss out on using a resource that is meant to be open.
You automatically choose A. How does this enhance people's security? How does a thief argue in favor of people locking their homes? Your argument makes no sense.
Whoa there. You're altering the terms of the argument, hoss: the question was who was AT FAULT for the access. The parent argued that they are not responsible for the default behavior of their gear--but other people WERE responsible for the default behavior of their gear. It is a double standard. Try again, please.
I do not think these analogies are contributing anything to the discussion.
It is impossible to accidentally build a public restroom or set up a web server (IIS notwithstanding). In the event that a restaurant does not want you in a bathroom, they need to tell you because every other business lets you use the restroom. So in an area where you cannot tell open (free) wifi offered from Starbucks from open ("merely unsecured") wifi offered by your neighbor, you can probably be excused from accessing the "wrong" AP.
Otherwise, however, you are simply deciding to use someone else's resource because you can without caring if they want you to, or not.
I named my access point "Not Free" for a while but left WEP off. People still used it. I think in practice your argument falls apart.
If you wish to contribute, I ask that you take on some of the direct questions, such as why you believe by default that an open access point is meant to be that way. They come that way. Therefore, all things being equal, you have a 50/50 chance of trespassing. You choose not to err on the side of caution because you would rather mooch than miss up an opportunity to mooch (see the alpha/beta error entries in Wikipedia for a discussion of the two basic errors you can make here).
This has been covered elsewhere in the thread. It is not possible to "accidentally" set up a DNS server or web server to offer content (maybe you could offer the wrong content through misconfiguration)...so this analogy is flawed (which is why I suggested we stop trying to use them).
I asked some fairly simple questions early on -- such as why people who mooch wireless believe that they are justified in assuming that the owner wants them to use the resource -- and you have only said that assuming otherwise is "nonsense." Please try harder.
Anyone who argues that open access points should not be treated as public access points is doing computer illiterates a tremendous disservice by encouraging unsafe wireless networking.
Really? I had no idea that people mooching wireless were doing so in order to teach the AP owners a lesson in security. If that is the case, and they're not doing it because they're too cheap to pay for their own service, then you're certainly correct that it ends the argument. Of course, with so many well-wishers on the air, it's a wonder we still have ANY open APs in this country at all, isn't it?
On the other hand, a month ago I used a Bumblebee (borrowed from work, don't ask) to find an open AP in my building and left a note on the person's door: "Do you have a wireless access point labeled "belkin54g?" It is configured to allow anyone to access it, and for anyone to see all your network traffic. If you want to learn how to change this, e-mail me at..." I can see how you might interpret that as a genuine disservice to the owner.
Ok, smartass commentary aside, you're entirely correct that the AP and the client have to do an equal amount of work. So, aside from conditions where the AP says "Hello there" and the client says "Hey, give me an IP"--that is, where the client connecting requires a decision by the user--what would you say initiates the connection? Seems to be the user, in my opinion.
Don't you think it's strange that people denigrate clueluess users who don't know how to restrict access to their wrouter...and yet feel they have a valid defense if they can't control what their laptop connects to?
Wow. This is an entirely new standard: The ethics of whether or not you gain access depend upon someone complaining.
Funny story: Where I work we have this pen testing appliance that not only runs exploits "to see if they work" but fully compromises systems, escalating privileges and installing rootkits. I keep wondering what would happen if I simply plugged it into our wrouter and sicced it on anyone who leased an IP.
To apply the logic of some posters here, it is completely acceptable for me to exploit some 0-day and pwn your laptop since you are at fault for not patching and keeping me out. Can I not expect that free access to your bank account, acquired by me exploiting a flaw in your software firewall, is what you intend?
Are you sidestepping the argument on purpose? We're back to square one now.
You're assuming you can use the AP, but this is not the case because it's more likely than not that someone simply doesn't know how to keep you out; to this assertion, people on "your" side of the argument (sorry if I'm unfairly lumping you in with other people) claim that if the owner doesn't want them to access it, then it's their fault for not securing it. This is a circular argument.
Actually, this needs to be said again and again. I erred in not pointing it out.
I suspect that perhaps there is a hereditary component to intelligence--but, it's more likely to be an issue of upbringing. So, people in squalor are mating more than people who are not in squalor. Does that sound more accurate?
So some usage methods have a lot of "leftovers" and others do not?
I suppose that makes sense, so far as the ethics of using someone else's resources go.
I don't think this speaks to actually getting ON the AP in the first place, though. I also don't know where your suggestion that I determine my neighbor's usage patterns sits in the context of other people's arguments that most rogue users 'accidentally' get on someone else's router (not that I'm putting the burden of proving their argument on you).
Not at all. The FCC's laws at most cover Layer 1. You do not just happen to be looking the other way while your communications, by themselves, exactly match the Layer 3 negotiations required for you to get on the AP. Also, since you are actively listening for packets, you cannot possibly charge someone because you "happened" to receive them; by that logic, you could be...wait for it...charged for sending packets to their AP.
Out of curiosity, do you really equate laziness, incompetence, and ignorance? They're the same thing to you? I ask because I have lazy students who are brilliant, and I have students who don't know how do, for example, run a PCR because I haven't taught them yet--not because they are stupid or unwilling to learn. I wonder if those words mean what you think they mean.
I agree with you 100%. Further towards the local little business district there are tons of APs. It's so saturated that any random AP I hop onto could as likely be a clueless user as a business owner offering free connectivity.
So far as moral issues go, as you pointed out someone might be using up a little of your bandwidth to do something innocuous--big deal, right? I suppose I really just have an issue with the superior attitude some posters have--they have knowledge that the doofus with the linksys wrouter lacks, so they take advantage of him rather than help him out...that is for some reason very offensive to me.
In the end, I do not see any technical solution aside from having a step requiring the user to explicitly state that access should be open or restricted before the wrouter "works."
There is a bioinformatics professor at Villa Julie College in Maryland who has pointed out, in his lecture series, that people in some disciplines (physics, engineering) tend to think and argue with analogies, while in "higher" or "more complex" disciplines people speak and argue with homologies. I think it's because in physics or IT it's easier to talk about how things function than about what they are (their structure). The professor is John Bodnar and his work is worth reading.
I think I remember an episode of "The Simpsons" where Bart said something similar: "Lisa, I'm going to walk around swinging my arms, and if I hit you, it's not my fault."
Simply because you can transmit on a frequency does not mean you can negotiate a connection: Layer 1 is free to use (within the confines of FCC regulations, I suppose) but your argument does not, I think, speak to Layer 2 on up.
Please, can we stay away from the analogies? I don't think they're especially productive.
You argued that if I don't know how to control the behavior of the technology I bought, then I'm still at fault for the results. So if someone's client connects to my AP because they don't know how to modify its default behavior, why are they not at fault? I submit that this is a double standard.
I have to disagree here regarding the signs. Say people have a resource that they want kept private (like a gold mine) because it is of some value to them--but they don't know that they have recourse to "Keep Out" signs.
You brought up "accidental" use of the AP by clients. You're the second person tonight I've seen use this language: If you accidentally get on my access point because you don't know how to control the default behavior of your client, then you don't think you should be at fault (I tend to agree). But also, if I ALLOW you to get on my AP because I don't know how to control the default behavior of my DHCP server, then...I am at fault.
I'm sorry, but this appears to be a double standard applied by people who want free wireless internet access to people who are not clever enough to know they're providing it.
Point of information--does applicability in the real world affect how apt an analogy is?
Obviously analogies that make sense in real terms are better than those without (frankly I don't know any rich people with ten very stupid chauffeurs), but I don't think that point alone makes them fail...does it?
Well, you guys keep saying "Broadcasting an SSID means I'm allowed to connect" but I'm not seeing any arguments that support this assertion. Can you elaborate?
I especially just don't get this: "Default behavior is never my fault, it's always someone else's fault, although they cannot use that logic themselves" suggestion. Isn't that a double standard?
I wouldn't go so far as to say you're a bad person for mooching wireless. Maybe I'm just being pedantic here, because it's not like you're taking food out of someone's mouth by checking your gmail, is it? But people justify this behavior with some shaky assertions, I think.
Oh, sure. I agree with you 100%. But this only means at most that you're free to observe someone's traffic. I do not see anywhere in your argument provisions for communicating back to the AP, negotiating a connection, leasing an IP, and coming to Slashdot.
As has been noted elsewhere, you are assuming "laziness" or incompetence on the part of the "sysadmin" where mere ignorance performs as well. Which explanation do you suppose Occam would select?
Slashdot Mirror
Oh, it's not your logic that I have a problem with, only your premises.
Most people don't know how to secure their wrouters. They need to be much better educated (and I spend some time each week trying to explain to the Joe and Jane Sixpacks in my life why they should secure their wrouters, and how to do it).
You guys keep asserting that unsecured means free to use. Why? Because unsecured means free to use. Nobody thus far is supporting this statement AT ALL, and this includes yourself. "Let's see...encrypted for sure means go away...so unencrypted MUST mean 'Come in!'" No. Unencrypted only means there are two options: "Come in" and "Go away." You are choosing among them and glossing over that choice.
The best argument I've seen so far is that plenty of people's laptops have at some point connected to a wrouter named "linksys" and so will connect to ANY wrouter named "linksys." In fact I see nothing unethical when people unwittingly connect to an AP. But you ought to know better, and what's more, you KNOW this. You're just trying to justify mooching.
This only holds true if you can assume everyone who owns an AP knows how to secure it.
I do not think that is a valid assumption, although perhaps 5 years from now when the populace is better educated, it may be.
*sigh* more analogies.
One skateboarder is one thing. Twenty of them is something else entirely...although even one would in fact adversely affect mileage (just not very much). My issue is that, in principle, what's the difference between one and twenty, in principle? They can assume he doesn't mind their riding back there because there are no spikes to keep them at bay?
You continue to ignore that you can't have it both ways. If you tell people that they can't use open access points because a technically open access point might not be intended to be open, you also tell the access point owner that they don't need to worry about securing their access points.
Except that I don't. As I have stated twice now, I make an effort to inform people about the security risks of running an open AP. I help people in my building secure their access points. So, not only are YOU ignoring what I'm writing, you're trying to spin a straw man argument (that is, you are arguing against statements that I did not make). Quite explicitly, I did not say anywhere that accessing an open AP should be illegal. I merely argued that it was unethical. I think it would probably be inappropriate to bring the force of law into this, but your position is untenable.
You are very astute about false negatives: there is a tradeoff between false positives and false negatives (in fact, the probability of one is the inverse of the other). This is well covered on Wikipedia as well. So the question I put to you--again--is if you're going to make one error or the other, would you rather mooch a resource that someone meant to secure, or would you rather pass up the opportunity for free wifi?
Your presumption is that you are somehow "entitled" to free use of other people's resources unless they explicitly tell you otherwise. You seem to believe that this is true because you know things the owner of that resource does not. It is a highly unethical position that your special knowledge gives you power to take things away from others, and I find your willingness to apply the force of law to these things troubling.
Just to settle a side bet, what would you say your political affiliation is? It has nothing to do with the argument, but I am curious.
Please link to these "discussions" about lawsuits against people accessing web servers. I do not believe you.
As I have said now several times, it is impossible to set up a web server and DNS entries "accidentally." So you can safely assume that web resources are meant to be there. However, wireless access points sadly come open out of the box. It would be great if you had to set up WPA before it would even work...but this is not the case.
So when you consider accessing wifi that is not explicitly meant to be free (as in, named after the coffee shop you're in), you might either mooch a resource someone else paid for, or you might move on and miss out on that free bandwidth. Which error do you prefer to choose?
Most people here would prefer to commit the alpha error. Were I to guess at their intent, it would be that they believe they are entitled to other people's resources because they are clever enough to exploit other people's ignorance. This is wholly unethical, in principle, although in practice I doubt it leads to much if any ill.
Whooo, straw man argument. I am not arguing in favor of not using encryption. I am arguing that it is unethical to exploit other people's ignorance.
As I have said elsewhere:
When you make a decision, such as whether or not to use an access point when you do not know if it's meant to be open, there are two possible errors you can make: Alpha Error (false positive) and Beta Error (false negative).
So, it is possible that you will:
A: Access resources that someone merely doesn't know how to secure.
B: Move on and miss out on using a resource that is meant to be open.
You automatically choose A. How does this enhance people's security? How does a thief argue in favor of people locking their homes? Your argument makes no sense.
Whoa there. You're altering the terms of the argument, hoss: the question was who was AT FAULT for the access.
The parent argued that they are not responsible for the default behavior of their gear--but other people WERE responsible for the default behavior of their gear. It is a double standard. Try again, please.
I do not think these analogies are contributing anything to the discussion.
It is impossible to accidentally build a public restroom or set up a web server (IIS notwithstanding). In the event that a restaurant does not want you in a bathroom, they need to tell you because every other business lets you use the restroom. So in an area where you cannot tell open (free) wifi offered from Starbucks from open ("merely unsecured") wifi offered by your neighbor, you can probably be excused from accessing the "wrong" AP.
Otherwise, however, you are simply deciding to use someone else's resource because you can without caring if they want you to, or not.
I named my access point "Not Free" for a while but left WEP off. People still used it. I think in practice your argument falls apart.
Please! Enough with the weak analogies.
If you wish to contribute, I ask that you take on some of the direct questions, such as why you believe by default that an open access point is meant to be that way. They come that way. Therefore, all things being equal, you have a 50/50 chance of trespassing. You choose not to err on the side of caution because you would rather mooch than miss up an opportunity to mooch (see the alpha/beta error entries in Wikipedia for a discussion of the two basic errors you can make here).
This has been covered elsewhere in the thread.
It is not possible to "accidentally" set up a DNS server or web server to offer content (maybe you could offer the wrong content through misconfiguration)...so this analogy is flawed (which is why I suggested we stop trying to use them).
I asked some fairly simple questions early on -- such as why people who mooch wireless believe that they are justified in assuming that the owner wants them to use the resource -- and you have only said that assuming otherwise is "nonsense." Please try harder.
Anyone who argues that open access points should not be treated as public access points is doing computer illiterates a tremendous disservice by encouraging unsafe wireless networking.
Really? I had no idea that people mooching wireless were doing so in order to teach the AP owners a lesson in security. If that is the case, and they're not doing it because they're too cheap to pay for their own service, then you're certainly correct that it ends the argument. Of course, with so many well-wishers on the air, it's a wonder we still have ANY open APs in this country at all, isn't it?
On the other hand, a month ago I used a Bumblebee (borrowed from work, don't ask) to find an open AP in my building and left a note on the person's door: "Do you have a wireless access point labeled "belkin54g?" It is configured to allow anyone to access it, and for anyone to see all your network traffic. If you want to learn how to change this, e-mail me at..." I can see how you might interpret that as a genuine disservice to the owner.
Ok, smartass commentary aside, you're entirely correct that the AP and the client have to do an equal amount of work. So, aside from conditions where the AP says "Hello there" and the client says "Hey, give me an IP"--that is, where the client connecting requires a decision by the user--what would you say initiates the connection? Seems to be the user, in my opinion.
Don't you think it's strange that people denigrate clueluess users who don't know how to restrict access to their wrouter...and yet feel they have a valid defense if they can't control what their laptop connects to?
Wow. This is an entirely new standard: The ethics of whether or not you gain access depend upon someone complaining.
Funny story: Where I work we have this pen testing appliance that not only runs exploits "to see if they work" but fully compromises systems, escalating privileges and installing rootkits. I keep wondering what would happen if I simply plugged it into our wrouter and sicced it on anyone who leased an IP.
To apply the logic of some posters here, it is completely acceptable for me to exploit some 0-day and pwn your laptop since you are at fault for not patching and keeping me out. Can I not expect that free access to your bank account, acquired by me exploiting a flaw in your software firewall, is what you intend?
Are you sidestepping the argument on purpose? We're back to square one now.
You're assuming you can use the AP, but this is not the case because it's more likely than not that someone simply doesn't know how to keep you out; to this assertion, people on "your" side of the argument (sorry if I'm unfairly lumping you in with other people) claim that if the owner doesn't want them to access it, then it's their fault for not securing it. This is a circular argument.
Actually, this needs to be said again and again. I erred in not pointing it out.
I suspect that perhaps there is a hereditary component to intelligence--but, it's more likely to be an issue of upbringing.
So, people in squalor are mating more than people who are not in squalor. Does that sound more accurate?
So some usage methods have a lot of "leftovers" and others do not?
I suppose that makes sense, so far as the ethics of using someone else's resources go.
I don't think this speaks to actually getting ON the AP in the first place, though. I also don't know where your suggestion that I determine my neighbor's usage patterns sits in the context of other people's arguments that most rogue users 'accidentally' get on someone else's router (not that I'm putting the burden of proving their argument on you).
Not at all. The FCC's laws at most cover Layer 1. You do not just happen to be looking the other way while your communications, by themselves, exactly match the Layer 3 negotiations required for you to get on the AP. Also, since you are actively listening for packets, you cannot possibly charge someone because you "happened" to receive them; by that logic, you could be...wait for it...charged for sending packets to their AP.
Out of curiosity, do you really equate laziness, incompetence, and ignorance? They're the same thing to you?
I ask because I have lazy students who are brilliant, and I have students who don't know how do, for example, run a PCR because I haven't taught them yet--not because they are stupid or unwilling to learn. I wonder if those words mean what you think they mean.
I agree with you 100%. Further towards the local little business district there are tons of APs. It's so saturated that any random AP I hop onto could as likely be a clueless user as a business owner offering free connectivity.
So far as moral issues go, as you pointed out someone might be using up a little of your bandwidth to do something innocuous--big deal, right? I suppose I really just have an issue with the superior attitude some posters have--they have knowledge that the doofus with the linksys wrouter lacks, so they take advantage of him rather than help him out...that is for some reason very offensive to me.
In the end, I do not see any technical solution aside from having a step requiring the user to explicitly state that access should be open or restricted before the wrouter "works."
There is a bioinformatics professor at Villa Julie College in Maryland who has pointed out, in his lecture series, that people in some disciplines (physics, engineering) tend to think and argue with analogies, while in "higher" or "more complex" disciplines people speak and argue with homologies. I think it's because in physics or IT it's easier to talk about how things function than about what they are (their structure). The professor is John Bodnar and his work is worth reading.
I think I remember an episode of "The Simpsons" where Bart said something similar: "Lisa, I'm going to walk around swinging my arms, and if I hit you, it's not my fault."
Simply because you can transmit on a frequency does not mean you can negotiate a connection: Layer 1 is free to use (within the confines of FCC regulations, I suppose) but your argument does not, I think, speak to Layer 2 on up.
Please, can we stay away from the analogies? I don't think they're especially productive.
You argued that if I don't know how to control the behavior of the technology I bought, then I'm still at fault for the results. So if someone's client connects to my AP because they don't know how to modify its default behavior, why are they not at fault? I submit that this is a double standard.
I have to disagree here regarding the signs. Say people have a resource that they want kept private (like a gold mine) because it is of some value to them--but they don't know that they have recourse to "Keep Out" signs.
You brought up "accidental" use of the AP by clients. You're the second person tonight I've seen use this language: If you accidentally get on my access point because you don't know how to control the default behavior of your client, then you don't think you should be at fault (I tend to agree). But also, if I ALLOW you to get on my AP because I don't know how to control the default behavior of my DHCP server, then...I am at fault.
I'm sorry, but this appears to be a double standard applied by people who want free wireless internet access to people who are not clever enough to know they're providing it.
Point of information--does applicability in the real world affect how apt an analogy is?
Obviously analogies that make sense in real terms are better than those without (frankly I don't know any rich people with ten very stupid chauffeurs), but I don't think that point alone makes them fail...does it?
Well, you guys keep saying "Broadcasting an SSID means I'm allowed to connect" but I'm not seeing any arguments that support this assertion. Can you elaborate?
I especially just don't get this: "Default behavior is never my fault, it's always someone else's fault, although they cannot use that logic themselves" suggestion. Isn't that a double standard?
I wouldn't go so far as to say you're a bad person for mooching wireless. Maybe I'm just being pedantic here, because it's not like you're taking food out of someone's mouth by checking your gmail, is it? But people justify this behavior with some shaky assertions, I think.
Oh, sure. I agree with you 100%. But this only means at most that you're free to observe someone's traffic. I do not see anywhere in your argument provisions for communicating back to the AP, negotiating a connection, leasing an IP, and coming to Slashdot.
As has been noted elsewhere, you are assuming "laziness" or incompetence on the part of the "sysadmin" where mere ignorance performs as well. Which explanation do you suppose Occam would select?