Whatever You Think Of The Google WiFi Settlement, It's Bad That It Requires Google To Attack Open WiFi
from the that's-just-silly dept
We’re still a bit confused about why so many people freaked out a few years back when Google’s Street View cars gobbled up some open WiFi data — since anyone can do that on an open WiFi network. Various investigations did show that Google was a bit disorganized and had some poor controls in place, which perhaps meant that it should have caught the data collection sooner. So, if you think Google should be punished for that kind of thing, then the recent settlement with a group of state attorneys general perhaps made you happy.
That said, EFF is pointing out why the settlement is stupid — not for Google, but for open WiFi and security. First, these technologically clueless attorneys general are requiring Google to create videos and ads promoting WiFi encryption… with a focus on old and bad standards like WEP, which is like saying you should be locking your front door with a cheap chain lock. It’s a “lock,” but one that could be broken by pretty much anyone in seconds.
Even worse, though, is that the settlement requires Google to push the message that the only way to protect yourself is to lock up your WiFi. But that’s ridiculous. Open WiFi, by itself, is not a bad thing. Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN. As EFF notes, end-to-end encryption is always going to make more sense than just encrypting your access point and hoping that keeps people out. And, yet, much of the settlement focuses on having Google push people to lock up their WiFi.
The solution to public surveillance problems should not involve discouraging people from providing public resources like open wireless, since this cuts against the general interest and takes away a common good. As we’ve explained elsewhere, wireless encryption provides few benefits compared to the much stronger end-to-end encryption, a technology that can thrive alongside environments with open wireless access. The settlement could have gone so much farther by educating people how to run open wireless networks safely and securely—for example, through open guest networks.
It is apparent that too little thought and analysis went into this settlement document, and, as a result, the requirements do the public a huge disservice by hurting the Open Wireless Movement.
Of course, this is the kind of thing you get when you let grandstanding politicians tell companies how they need to act concerning technology they don’t understand.
Filed Under: encryption, open wifi, privacy, wifi
Companies: google
Comments on “Whatever You Think Of The Google WiFi Settlement, It's Bad That It Requires Google To Attack Open WiFi”
this is just another situation where those that are in the position to get someone else to do something, are doing so. these ‘attorney generals may well know how to manipulate the law and the courts so as to achieve the verdict they want, but when it comes to anything/everything else, they more or less are clueless. much like Congress really. they know what to do to be able to get their pockets lined and get campaign contributions, but have no idea at all how to use the technology they are doing their best to stifle or shut down or the effects their stupidity has on innovation and progress. the latest CFAA bill proposed amendments is a good example. even more so when half the law enforcement agencies that will be affected have no clue why the changes are proposed, other than to get additions that the DoJ wanted 2 years ago back on the table.
The government, wireless carriers, ISPs, and the copyright industry all hate open WIFI. It’s gonna be killed, it’s only a matter of time.
My prediction, within five years open WIFI will be illegal. We’ll see stories about child porn, hacking, identify theft, copyright theft… etc. And we’ll gladly give it up for the sake of children and profits.
Maybe they’re taking a note from the TSA- providing an illusion of security, while ignoring the advice of experts on how to provide real security.
Fun fact I was not aware of (slightly off-topic):
You can still sniff WPA2 “encrypted” traffic if you are on the same network as other ‘suckers’ without any special tricks (well, other than enabling promiscuous mode).
This has implications when you share a encrypted-but-still-public access point with others (like at my University): any dolt with access credentials can sniff your passwords as they travel through the air.
My point? WPA2 is not a silver bullet: you are still vulnerable to all sorts of ‘fun’ attacks by people that are inside your network (eavesdropping, man in the middle, arp poisoning, etc, etc).
Re: Re:
To me the push to eliminate open WIFI actually has nothing to do with securing WIFI connections. It’s all about creating a person or entity liable for the connection.
If it’s open and child porn is being shared on it, there’s plausible deniability. “It wasn’t me, it was someone else.”
But once a connection point is required to be locked down, it’s the person or entity’s responsibility to ensure that it’s locked down. Even if someone “hacks” in, it’s still the owner’s fault for allowing it to happen.
It’s sort of like the DRM requirement of the DMCA. It’s not to stop people from copying, it’s to make people liable for allowing or facilitating copying.
Re: Re: Re:
It follows the same idiotic logic behind “dressing promiscuously” and rape. It implies that someone asked to be raped.
Re: Re: Re:
To use the obligatory car analogy:
If your car was seen being the get away car from a bank robbery, their going to come talk to you because, well, you’re responsible for your car.
As the person who opened the ISP account, you’re responsible for it’s use. Perhaps not ‘liable’, but responsible.
Obviously physical vs digital is a poor comparison, but if you left your wifi open and then someone started using ‘all’ your bandwidth…you’d pretty quickly decide that there was ‘harm’ being done to you…just like if someone stole your car and you were deprived the use of it.
The ‘connection’ is still a physical thing.
I’m in favor of open wifi, but it comes with responsibility.
Re: Re: Re: Re:
And if you left that car on the street (let’s say it’s an old car) with a sign that says: “Drive it whenever you want, just bring it back today,” and somebody uses it as a getaway car in a bank robbery and parks it back at your house, you better believe you’re going to have a tough time convincing the cops that it wasn’t you.
I disagree with Mike. The liability is too high for an individual to offer free wifi.
Re: Re: Re: Re:
Seeing your car isn’t enough. They still have to put you in the car at the time or prove you had knowledge of its’ intended use when you lent it out.
Internet is different. You must prove your innocence. Bass ackwards to the real world where we don’t have imaginary property.
Re: Re: Re:
And to back up your point…the RFID chips being put in Credit Cards are exactly to limit the liability of the card issuer – not the user.
They can then say, well your card was clearly there because we read the RFID chip. Completely ignoring that those things can be cloned.
It ain’t for you, it’s for them, just like what you say about locked wifi. Though I’d disagree about the ‘if they hacked in its your fault’ argument. You’d need to prove it, but if you locked your doors it’s good faith you tried to stop it.
Re: Re: Re:
“It’s all about creating a person or entity liable for the connection.”
They are looking for responsibility in the wrong node of the network.
It used to be true that you could reasonably place the blame on the account owner, because there was really only one device attached to the network, but that ship has sailed a long time ago.
Slap a half-decent router on that connection, and now you can have hundreds of computers sharing the same access point.
It is no longer reasonable to hold the owner of that connection (or the router operator) for what goes on on that connection. He/she should merely be treated as an ISP would: do some local discovery, request the logs and work on that.
(There are probably a few caveats that I am missing, but I think this is reasonable)
@ "Open WiFi, by itself, is not a bad thing."
Well, neither is potassium cyanide. It’s when you get bad actors into the mix that problems arise.
I keep mentioning that Mike NEVER sees even a possibility of bad actors existing. That’s the ODD point.
I don’t think locking up your WiFi is an incomprehensible or unreasonable precaution to take against bad actors who might use your generosity to get YOU into trouble. Why would you take even a slight risk for the benefit of strangers?
Now, on the “VPN” (Dare I venture even writint those letters with all the fanboys ready to yet again say I just don’t understand it? Sure. What have I got to lose?) — How can you use a VPN and still have it be Open WiFi? — Yes, I know you can split it or give out keys, but WITHOUT risk as above? You’re right I don’t see that. ‘Splain, then.
Re: @ "Open WiFi, by itself, is not a bad thing."
“Why would you take even a slight risk for the benefit of strangers?”
That’s actually an interesting philosophical question.
Why do you have an army? Or police? Why would those people stick their necks out for you?
I believe that there are some among us that are willing to suffer when “shit gets tough” so that others may gain access to things they would not have otherwise: Freedom and security in case of police and army (debatable, but let’s leave that for another time).
Or, as in the case of open-wifi, something much simpler and mundane: internet access for when you are in the middle of a city without mobile internet. It has certainly been useful to me once, and I am still thankful to that anonymous person.
Re: @ "Open WiFi, by itself, is not a bad thing."
Well, maybe the DMCA isn’t so bad, except that bad actors get into the mix and problems arise.
Maybe cutting people’s heads off upon six accusations of thoughtcrime isn’t so bad, except that bad actors get into the mix and problems arise.
Are we seeing a pattern yet?
Re: @ "Open WiFi, by itself, is not a bad thing."
this is just like when I log into the “work” network, my wife can still surf the net even though I am using a VPN.
I have a neighbor that has 6 children and a disabled wife, he works 38 to 40 hours a week @ 7.25 an hour. I have open wifi so his CHILDREN can use the laptop i gave them to do school work….
think of the children OOTB…
(yes my wifi is open but I have MAC filtering on)
Re: Re: @ "Open WiFi, by itself, is not a bad thing."
Isn’t MAC sniffing/cloning pretty easy?
Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."
Three off the top of my head:
Apple:
ifconfig, built into the OS
Windows:
Netstumbler
SMAC
Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."
sure it maybe easy but with MAC filtering on you cannot have two of the SAME MAC numbers on
Re: @ "Open WiFi, by itself, is not a bad thing."
“Why would you take even a slight risk for the benefit of strangers? “
Indeed. You don’t, of course, leave the house do you? It’s a dangerous risky world out there.
Re: Re: @ "Open WiFi, by itself, is not a bad thing."
You have swallowed the government line that you can’t trust your neighbour, let alone strangers. This makes it much more difficult to deal with the problems, because you cannot organise any political opposition to the existing government.
Re: Re: Re: @ "Open WiFi, by itself, is not a bad thing."
Whoosh.
Goverment agencies much prefer encrypted wifi to end to end encryption. The latter gives them problems in monitoring people. Further open wifi is harder to shut-down that cell towers.
The EFF is just bummed they're not getting the money
It must be nice to lose a case and settle by giving money to the group that lobbies on your behalf. In the Buzz settlement, Google gave the EFF more than EFF netted in membership fees.
http://www.theregister.co.uk/2011/06/03/google_settlement_rewards_privacy_groups_wtf/
Re: The EFF is just bummed they're not getting the money
Yawn.
Not quite.
“Yes, unencrypted data could be exposed, but the better answer is to encrypt your data, such as by using a VPN.”
So have locked safe that anyone can copy and attack locally at their location?
Encryption is important, but not leaving your front door open is the first step to security; and yes not with WEP but other more secure protocols.
Re: Not quite.
Actually, I would say locking your front door is good, but an even better idea is to have an open shed. A guest network that is separate from the private LAN is basically giving people what they want so they don’t bother hacking into your personal network. Even WPA2 can be hacked, it’s takes a bit longer and needs traffic to be active but it’s already been compromised.
Re: Re: Not quite.
“Even WPA2 can be hacked”
WRONG
“needs traffic to be active but it’s already been compromised.”
No.
Why recommend good security...
…when you can opt to lull people into a false sense of security, foster Us-versus-Them thinking, and set up a joke of a fence that any government official can penetrate?
How about teaching people how radio actually works?
Put out a series of PSA’s that teaches people how radio works.
Explain that their WiFi hotspot is like a little radio station.
Explain that anybody can listen to that radio station, and that it’s even legal to do so.
Personally, I think leaving your home WiFi open is a bad idea; you’re leaving some doors pretty wide open for abuse. But businesses like Starbucks and McDonald’s use WiFi hotspots as an inducement to get people to shop there. People need to know that their packets CAN be sniffed while they’re browsing Facebook at McDonald’s or email at Starbucks.
Then show them how to fix it: use a VPN. Use https when it’s available.
People are upset because they lack knowledge. They didn’t know that this kind of sniffing was not only possible but legal.
Give them the knowledge they need, and they won’t need to be angry, because they’ll be able to take care of themselves.
Re: How about teaching people how radio actually works?
Huh? Who would have thought: Teach people correct principles and they govern themselves.
Wow what a concept.
The government would never encourage encryption, then they can’t see what you are doing. Similarly, they need to encourage you to secure your WIFI so they can more easily identify likely users of the system.
IPV 6 is the wet dream of the DOJ and MAFIAA, but people aren’t implementing it fast enough to suit them, so…
I honestly, don’t think the politicians are as stupid as you think. They are pandering to the likes of the DOJ and the MAFIAA. Before long it will be a crime not to secure your WIFI and not to keep logs for it as well. As has been pointed out here on TechDirt 6 Strikes will close many open WIFI connections. That is meant to have the same effect, make it easier to nail someone to the wall.
Because… Piracy… Terrorism… Hackers! Oh and it is for the children.
Re: Re:
“IPV 6 is the wet dream of the DOJ and MAFIAA”
Bull.
I hope Google makes a video explaining how to use WEP, then shows why it’s not a great idea and explains all the better ways to protect your data and leave your wifi open.
They shouldn’t just pander to the government, they should take the ball and run with it. After all, it’s clear that a lot of people need to be educated.
…but..but when everyone is encrypting their data streams, that’ll be contra-productive to our surveillance efforts, you know, with all those terrorist, pirates, cyber-something all abound. And let’s not forget child porn/molesters/rapist. If you don’t care about all that, surely you’ll care about children.
I’ve been to the US in 2009. And in 2012. It was much harder to find open wi-fi in 2012 (I did go to completely different places though). Overall this is bad for the public. And as a tourist I can tell how open wi-fi are important and help with all sorts of things such as checking the surroundings map online, getting directions, searching for points of interest or simply uploading pics so your friends can share the moment with you.
It’s very easy to point the dangers of open wi-fi being exploited and ignore the good sides that simply push these bad uses to a second and unimportant place. Shall we start pushing for the elimination of planes because they can crash and kill hundreds at a time? What about banning genetic engineering because it can be used to produce biological weapons? Hell, ban chemistry since it’s used to produce chemical weapons and explosives!
WEP is so broken that it is the equivalent of open wifi.
Re: Re:
No.
Open wifi means anyone has the right to listen (including Google), and anyone can try to connect.
But (weak) encryption means that it is forbidden.
Anonyone who runs an open Wifi router has to use filtering, no questions asked. I have the “Deluxe” subsription on OpenDNS, on level below Enterprise, which allows me to filter both my WiFi routers, and the VPN I run as part of the SoftEther project.
If you run Open WiFi, filtering is a must.
Encryption
Totally agree about open WIFI, but on encrypting email – okay, I am going to email my sister to say “Hi” – encrypt! Wait, why? Well, I am going to send an email about how someone is doing – ENCRYPT! Wait, why?
Maybe we can agree that open WiFi is okay, AND unencrypted email is okay (depending on how sensitive the data is, of course).