More remote workers squatting next door's broadband The number of workers in the UK who admitted they "hijack" the wireless connection of others has gone up from six per cent to 11 per cent over the last 12 months. Globally the figure is 12 per cent*, with big increases all over the world. That's among the findings of the second annual survey of remote working commissioned by …
Goodness knows I'm not a law pedant, however I remember some poor sod was prosecuted for using the free WiFi connection of an internet cafe from outside. If I recollect correctly, it constituted tresspass. If the luckless soul had bought a coffee before doing exactly the same thing, he'd have been fine.
Point is: just because it's free, unsecured (or still on default passwords, natch), you're not supposed to hook up without the consent of the WiFi owner. It's bad, m'kay?
I'm sure there'll be a lot, but here's mine.
I was making some tweaks to my wireless router configuration the other day. Half-way through, I was logging into the admin interface once more when suddenly my password stopped working. After a couple of attempts, I thought "well, maybe somehow the router got screwed up and reset itself to factory settings", so I tried the factory default username and password, and it worked.
It was only once I'd logged in and was about to start rejigging the settings that I realized I wasn't logged in to my router at all. Mine was working fine, but during the seconds it was down, my wireless card had automatically associated with the AP of someone else nearby. Yep, they're running without any encryption and using the factory username / password. Sigh.
Use of Paris icon ought to be obvious...
Simply using someone's open WiFi connection really isn't a security risk. Hopefully the company's IT is dilligent enough to put or require anti-malware on the machine, and the VPN connection won't have a problem.
What would be a problem is if the worker's machine doesn't have any, or badly configured, filewall or anti-malware. The neighbor's machine could be infected, and then it could infect the worker's machine. But if the worker's machine is misconfigured, it would be infected any time it connected to a public network.
What's the bet that the "I can't tell if I'm using my own or my neighbour's wireless connection" excuse came from someone working in the IT sector?
Secondary to using someone else's wifi connection to do illegal stuff online and hence have any blame pointed to the unwitting wifi router owner, the main consequence to someone jacking in to your internet connection is bandwidth usage, if you're on a low GB/month service then there's a chance the jacker could tip you over the edge which would either cost you in the wallet or the connection speed depending on the ISP's bandwidth usage policy.
Ok this probably sounds somewhat hypocritical but I do have access to my neighbours wifi net access but have only used it when my own ADSL connection is for some reason or another screwed (a rarity), and only then used it minimally, very light webbrowsing & email - no file downloading or the likes of youtube because I know they don't have unlimited connections.
"remote workers feel less urgency to be vigilant in their online behavior" is that the companies for which they work have often introduced draconian and unnecessary security protocols, which IT professionals feel insulted by.
When they feel insulted, they tend to simply bypass the security when they can. If you treat them as kids, they'll behave as kids. If you insist on them having 20 passwords and changing them all once a month, you shouldn't be surprised that they write them down.
By all means lock down advanced features for those who are simply using a computer as a dumb terminal, but for those of whose who need to use our machines as computers (yes, some of us really do!), it would be nice if our managers could give us some credit for knowing best how to do our jobs, rather than just spending their time trying to cover their backsides. It's interesting how often these people need full use of their computers to knock up a few spreadsheets, but they expect me to write complex software with a crippled dinosaur.
Paris, because she's a walking dumb terminal.
Fortunately, as long as you don't saturate someone else's wifi (and as long as you don't put such a drain on it that you overrun their hidden download cap), you aren't doing any damage. I tend to justify my use of other people's wifi by having a public access point for when people are in a bind and -my- wifi is the convenient one.
Although I make sure my computers on the network are locked up tight, and the e-mail port is blocked to prevent spamming from my IP address... and if someone -does- saturate my wifi for any length of time, their MAC gets banned.
I can force others to be fairly conscientious when using my access point, but I'm the one forcing myself to be conscientious when I'm out and about. Those who 'borrow' others' wifi should all behave similarly so the public service doesn't disappear. If it's permitted, it's not theft!
Its like this story gets planted at regular intervals for a specific purpose -- the language is the giveaway. Users are "hijacking" a neighbor's connection, remote workers are "unconcerned" about security and so on. We, as technical people, should treat this article with the contempt it deserves.
First up, if you don't want your AP to be used by the public, secure it. Some people like the idea of offering connectivity, some don't. The choice is theirs.
Secondly, if you're a remote worker then you're almost certainly using a VPN. If you're using a Windows computer (probably) then the thing should be equipped with decent anti-virus and firewall software to keep probing code out. The VPN should deal with keeping work data confidential.
Thirdly, it is possible for random computers to accidentally connect to a neighbor's connection. It happened to me once with a lab system which, by its nature, was just a 'pure' XP release. It caught a virus in about 20 seconds. I learned my lesson.
Ultimately it'd bankrupt all the ISPs.
Given current technology they can only provide people with a 10mbit connection for 25 quid a month or whatever on the basis that they don't actually use it all the time. No ISP has anywhere near enough backhaul for all the connections it provides to actually be 100% (or even 20%, really...) utilized at once.
If everyone was sharing everyone else's internet connection, the ISPs would see their revenues decrease and their usage increase, simultaneously and significantly. Result: massively degraded connections and ISPs with no money to upgrade the backhaul.
It's not that a system where there were far fewer points of connection direct to the ISP couldn't work out for all parties concerned - but it'd require a much more sensible transition strategy than "let's all buy a wifi card and cancel our DSL contract". In the same way as shared apartment buildings can get bulk deals for cable TV, it would certainly be possible to build a system on this model, but doing it on the basis of half a neighborhood sharing one 30 quid a month connection is just not going to work.
Given that, if too many people start sharing their connections intentionally, ISPs are going to start using draconian and annoying measures (MAC restrictions, black box routers and the like) to stop people doing it, which isn't ultimately in anyone's best interest. They will *have* to do this to stay in business. Of course, they'll do it earlier and far more drastically than they strictly need to, because all big businesses are fundamentally like that - see, I'm a good old socialist too.
Actually I'd quite like the idea of a system where you only need one connection back to the ISP per, say, 50 people, and the cost of that connection is shared out among the people. Cuts down a lot on infrastructure; it's as fundamentally wasteful to have 100 ADSL modems in one block of flats as it is to have 100 satellite dishes. But you'd have to really design the system that way for it to be viable.
I went out to someone the other week to fix their Wireless Internet problem, when I asked them who provided their service, they looked at me blankly. Next I asked to see their wireless router, but they didn't have a clue what I meant. Turns out that they'd bought a laptop a year ago and assumed that their neighbour's wireless was 'just the wireless Internet that came with the laptop'. I'd already fixed the neighbour's computer and added WPA security a few days before. Needless to say, she was not happy that I advised her to start paying for an ISP instead of "sorting out the fault"...
So your router only has so many 1's and 0's and they are a scarce resource?
No.
About the only way this could be "bandwidth theft" is if the owner of the link didn't want to share and was limited in their download capacity. If they weren't using it at the time, it made no difference to them.
But if being unable to access the internet by the owner is to be considered "theft", then when the network is down, that is theft of service by the ISP. If using up the download cap is theft, then throwing away any unused download cap is theft by the ISP.
You sure you want to go there?
If you don't want to share, close your network.
If you can't, pay someone to do so or get legislation that any AP must default to closed and you must configure it open. Have the password/key printed on the device in the same way as the Mac address is printed on network cards and devices.
If someone comes through even the weak WEP protocol, they KNOW they broke in.
Usr phones up my colleague, he's "visiting family" for the weekend and needs help getting on their wireless using his works laptop.
After about 5 minutes of talking him through it we ask him what the network id is
"No idea, its not mine"
"OK go as the family member who set it up and get the wireless key as well"
"Oh right, theres a couple of networks showing up here"
"Yes but you'll still need the key"
"But they aren't around just now, can't i just connect to someone elses?"
He called back 4 times over the next hour and a half trying to convince someone to talk him through jumping onto next doors network - we didnt break it to him there were only 2 of us on that afternoon.....
I did some checking.
An OC3 pipe (155Mbps) costs about $5000 a month (US figures, but if it's £5000 we're getting ripped off badly).
Most places that are confident enough to print contention ratios show 50:1.
Since ADSL doesn't seem to be able to get many people 8Mbps, we'll make the maths easier and call it 5Mbps.
So that's 31 5Mbps connections with each connection given to 50 people. Call it 1500 users. That's about $3.50 each. £2. Even 20Mbps comes to £8. A month.
I've also heard that bulk transport rates across backbone is about $0.06/GB. 3p a gigabyte.
OK you have to pay the workers at the ISP, the routers etc. But that's a fixed cost and doesn't increase with the bandwidth they use. And much of that is because they spend a lot of time trying to stop people using it.
If you've got UK figures, put them here.
But it doesn't look like £20pcm is in danger of a loss if they double capacity for an extra £2pcm loss of profit...
>> My neighbour doesn't know so it's OK
>>
>> Fantastic, I'll use that one when sleeping with my neighbours wife!
If he is as good at securing his wife as he is his WiFi - you best not forget your rubberwall.
BTW John Leyden - "Thou shalt not covet thy neighbour's Wi-Fi" Lester Haines must be spitting
My computer asks their router if it's okay to connect. Their router either says yes, come on in, or no give me a wep key (or just straight out no).
As long as their router is configured to say yes please use me it can't possibly be theft.
If you come to my house and knock on my door and I say come in, and you come in, is that tresspassing? I don't think so...
Well, er, you're sort of missing the point. You're factoring in a contention ratio of 50:1. The contention ratio is the whole *point* of my post. That's what I mean when I say "No ISP has anywhere near enough backhaul for all the connections it provides to actually be 100% (or even 20%, really...) utilized at once." That's the whole reason contention ratios work - because not everyone uses their connection at full speed all the time.
The whole point of my post is that if lots of people share a smaller number of connections (rather than one person per connection, or only a single household per connection), those contention ratios just aren't going to work any more.
I'm with Michael Martin and Robert Long... At the moment we don't actually have our wireless open for all, but I plan to by the end of the year (need time to set it up).
My plan is:
Open WiFi on broadcast SSID tagged to VLAN 2 (or some other number).
Private WPA secured non-broadcast SSID on VLAN 1.
Switches configured to keep open wifi off our LAN.
Router configured to limit bandwidth and ports available to open wifi users.
BTW, my APs are HP Procurve 420's. Brilliant devices but expensive unfortunately.
And yes, this is at home :-)
Simon, your example is more like:
I knock on your door, there is no answer.
I try the handle, your forgot to lock the door.
I come in, and take food out of your fridge and make coffee.
I sit down and watch your telly, and that video tape you made of you and the mrs.
I leave.
You are an idiot for not locking your door, but I have still committed trespass and theft.
The icon is Paris, because of the video tape
"Frankly, if I can set outsiders to have a lower priority than my own traffic then I'm happy for them to use my spare bandwidth. Why not?"
Because when someone parks outside your house and uses your connection to download kiddie porn or surf terrorism sites, do you honestly believe the "unsecured wifi" defence will work in NuLabour Database Britain? All I know is, I'm not the one to be taking that chance.
Oh . . my . . God.
Anyone who actually believes that should be slapped with a restraining order forbidding him/her to go anywhere near a keyboard or mouse.
The internet is certainly NOT becoming safer - if only because the skript kiddies of yesteryear have now been replaced by hardened criminals that are intent on getting your money and are ready to do any and everything needed to get there.
Today's spam is not just a useless nuisance in your mailbox and on the network, there is a very good chance that it is actually a possible trojan that seeks to hook into your computer like a parasite and find your banking details.
Same thing with dodgy websites.
Going on the internet is like taking a stroll through the bad part of town at night - in your underwear with your money in hand. If you don't beef up your security measures, you're just begging to get mugged.
But the £20 per month would allow 5:1 contention. And if the ISP was expecting people to use no more than 1/50th their connection, they'd see nowt during the day when people are off at work, so a dayworker is using bandwidth that isn't being used.
See what I'm saying? The cost to handle TWICE the load they have is 10% of the cost they ask of the customer. So halving the problem is cheap.
But they'd rather claim it was stealing bandwidth so they don't have to pay out.
Jason, how about I walk past your house and your curtains are open. I can see SkyTV Movies Plus being played. Have I now "stolen service" from you or your cable provider?
Please remember that using WiFi means that you DO NOT have to trespass. Tresspass (as you pointed out in your detailed scenario) requires that I WALK on to your property. Not that I'm near it.
Paul, if you invite me on your property and then shoot me down for trespass, this is murder (even in Texas).
Simon was saying that IF YOU SAY "COME IN" it isn't trespass.
YOU are saying IF YOU DON'T SAY "COME IN" it is trespass.
See, both of you are right, but you were wrong in implying that Simon was wrong by asking a question.
Would I be OK saying "Yes, but if I locked you in my house, that would be kidnapping."? 'cos you should be thinking "WTF has locking me in a basement got to do with WiFi?"
I imagine the law that would be applied isn't trespass but the computer misuse act. If I remember correctly the act makes it an offense to access a computer or network without authorisation.
In fact here it is:
http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1#pb1-l1g1
1 Unauthorised access to computer material
(1) A person is guilty of an offence if—
(a) he causes a computer to perform any function with intent to secure access to any program or data held in any computer;
(b) the access he intends to secure is unauthorised; and
(c) he knows at the time when he causes the computer to perform the function that that is the case.
(2) The intent a person has to have to commit an offence under this section need not be directed at—
(a) any particular program or data;
(b) a program or data of any particular kind; or
(c) a program or data held in any particular computer.
(3) A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
Under the computer misuse act, it is illegal to even attempt to gain access to a system that you aren't specifically authorised to use.
Now then, the part that hasn't been tested in court is the automatic nature of Windows Wifi client (I can't speak for linux or other devices) is that they automatically try to connect to the nearest wireless access point and if it finds an unsecured one will connect to it automatically.
Unfortunately, the law does not define an open public network in any terms and so this would have to be tested. Although, the chap that was arrested and convicted of stealing his neighbours wifi was convicted under the act. But if I remember correctly he was dealt with particularly harshly because knowing about the act and its implications was a specific part of his daily job.
Paris because....hey, do I need a reason?
Where'd you find that tape, by the way? We've been looking for it for ages... You could have washed the coffee mug too, y'tinker.
How about the poor sod living next door to Kylie who keeps hearing her singing in her shower? Does he owe her royalties for the live performance he receives every morning?
In computer system terms
Having your wireless name broadcast and unsecured is like leaving your door unlocked and having a tape player hooked up to loud speakers yelling for all those outside to hear -
"THIS IS MY HOUSE, I AM AWAY, AND MY DOOR IS UNLOCKED - THIS IS MY HOUSE, I AM AWAY, AND MY DOOR IS UNLOCKED - THIS IS MY HOUSE, I AM AWAY, AND MY DOOR IS UNLOCKED"
And if you do that - you're stupid and deserve to have your house robbed.
Apples an pears
"I can see SkyTV Movies Plus being played. Have I now "stolen service" from you or your cable provider?"
By stealing someone elses internet, its like you changing the channel on the Skybox, or like running a cable from their system to your house. Ask Sky if thats considered theft
In the UK, the most expensive bit of the picture for most people on most ISPs is the bit between BTwholesale (who provide the "access network" that connects to punters premises) and the ISP's own network (be it AAISP or Zen or anyone in between). There is also an "IPstream line rental" component which is roughly £10/month per line, less if you're in an area where LLU is catching on.
BTwholesale call this connection between IPstream access network and ISP backbone network the "BT Central", and it is effectively priced per megabit/second, and it is very very very expensive in comparison with ISP bandwidth costs of any other kind.
The UK LLU ISPs don't have this cost, or indeed the cost of the BT IPstream access rental, hence they can offer "free broadband" (which is usually worth every penny afaict) as part of a bigger locked-in anti-competitive bundle.
There's lots of background facts on BT Central pricing and the impact of heavy users on (for example) www.adslguide.org.uk in their news section, just search for Central.
Meanwhile, BT themselves are trying the "share everyone's WiFi" game - I forget what their offering is called.
>Simon, your example is more like:
>I knock on your door, there is no answer.
>I try the handle, your forgot to lock the door.
>I come in, and take food out of your fridge and make coffee. <snip>
No it's not. There is an answer. There is a verification process for joining my network, and if I set it up to say come right in, then it's not theft.
If you break in and plug your computer into my network, THAT is unauthorised because no-one said you could plug your computer in. However with wifi, you are asking if it's permissable. The person is OPENLY advertising they have a network available (They dont HAVE to broadcast their SSID). Using your analogy this would be akin to a sign on the door saying "Welcome!". Even though there is a sign it's not guaranteed they are gonna let you in.
My wireless network is broadcasting openly, it says Welcome! and then after you step into the door it checks your credentials and says yes or no.
Consider a library, or a guy that wants to offer his wifi for free to anyone nearby (as people on this very discussion have suggested they do), or any public access point. Isn't it the same?
Are you suggesting if I open a shop and you walk in I am in my right to arrest you for tresspassing? The shop says Welcome and it's not locked, and being a shop that is advertising its services via a sign on the door you're not exactly going to expect it to be a crime to enter are you?
As for the case in the UK being a one off I suggest the actual conclusion was somewhat different, or perhaps the guy failed to bring what I have said to light and merely said 'Yeah I went in last week and it said free wifi if you buy a drink and I thought heheheh I'll park outside and use it for free'.
>Having your wireless name broadcast and unsecured is like leaving your door unlocked and having a tape player hooked up to loud speakers yelling for all those outside to hear -
>"THIS IS MY HOUSE, I AM AWAY, AND MY DOOR IS UNLOCKED - THIS IS MY HOUSE, I AM AWAY, AND MY DOOR IS UNLOCKED - THIS IS MY HOUSE, I AM AWAY, AND MY DOOR IS UNLOCKED"
Almost right, I'd actually phrase it as "I AM AWAY, BUT IF YOU WANT TO COME IN JUST ASK AND I WILL LET YOU NO PROBLEM"
which I cannot see as a crime.
> Under the computer misuse act, it is illegal to even attempt to gain access to a system that you aren't specifically authorised to use.
I don't think that applies or how could I visit the register? They never said I could connect to their site but I found their website off a mate... Oh wait, that's right my computer connects, asks if its ok, and I dont get a FORBIDDEN reply so off I go...
> Jason, how about I walk past your house and your curtains are open. I can see SkyTV Movies Plus being played. Have I now "stolen service" from you or your cable provider?
If you don't interfere in any way, I don't believe it is theft of his service (it might be illegal for spying though!). In the same way that, if you sit your laptop on listen and listen to any wifi signals it's not illegal, but if you start transmitting then it's akin to shooting your remote control through his window in an attempt to influence his choice of channel.
> Because when someone parks outside your house and uses your connection to download kiddie porn or surf terrorism sites, do you honestly believe the "unsecured wifi" defence will work in NuLabour Database Britain? All I know is, I'm not the one to be taking that chance.
Now we hit the law about the guy who ran one of those whatcha callit servers, basically an anonymous proxy. Or even google if you upload kiddie porn and google indexes it. If I use wifi at a library is the library liable for my actions? I don't know how this area of the law works but it's unlikely to cause you any trouble if sharing your connection isn't illegal and you are not deliberately trying to run a child porn ring. You might have some explaining to do mind you!
Aye and when my computer tries to connect through your open AP, my computer asks "can I come in" and your AP authorises it.
If a human is always required, then security locks in businesses need a lot more guards on them. After all, the only thing that otherwise authorises my access to the restricted area is that my card asks the lock "can I come in" and it says "yes" and unlocks.
Jason, if you're at work, you aren't using the internet connection there.
If you're emailing, you don't need 8Mbps.
In which case, the person using your connection is using nothing that you are using. In the same way, me watching sky through your window while on the street is using photons you aren't using. If I were standing in your way, that would be different.
So there ain't no apples and pears, it's all apples.
What IS an apples and pears situation is your codicil at the end: that requires I walk on to your land, connnect a line to your machine and drag it to my house. That isn't needed in WiFi.
Oh, and look at my responses earlier regarding "if limiting your ability to use the service is theft, then a network downtime is thefy of service by your ISP".
It's only tresspass if you have some lame-ass encryption on that I break or if I spoof myself as your machine (which really is fraud more than trespass, but could be both).
Who is at fault if terrorist information or child porn is downloaded from your router? Illegal music? Dodgy DVD ISOs? YOU are. Doesn't matter if it was actually a bloke sat in a car outside or the bloke next door or you. Can't prove it wasn't you? Tough. You're nicked. I have mine locked down, encrypted and switch it off at the mains when I'm not using it - over night, when I'm at work, etc. I DON't want anyone using it. Nothing to do with is it theft or not, if I could 100% guarantee that people would use it sensibly then I'd allow them to use it. And I monitor what my kids are up to on the net. Already found some things we've had to have strong words about!
>Can't prove it wasn't you? Tough. You're nicked.
A court of law has to prove beyond reasonable doubt that you are guilty. If you are an average guy, with no previous convictions, no trace of porn on any of your computers, and have been running an unsecure wireless connection that people outside your house can access, I am fairly sure that there is a lot of doubt as to whether you did it or are just a victim of circumstance.
>In which case, the person using your connection is using nothing that you are using. In the same way, me watching sky through your window while on the street is using photons you aren't using. If I were standing in your way, that would be different.
>So there ain't no apples and pears, it's all apples.
Sorry I didnt include both replies together (oops)
I think it is slightly different, because listening to radio transmissions is fine, but using someones wifi is a bit like reaching over someones fence with a long stick and doing stuff. Radio is purely listening but wifi is actually interfering with your computer. However this is a seperate issue, whether its acceptable or not is not determined by the fact you can do it, but if the person is allowing you to.
UK Law historically for civil cases seeks to establish the damage caused to an individual.
So taking criminal law away for a moment; if you use someone elses wireless service, and they are not "damaged" in any mannner, i.e. they don't incur extra costs, or negative impact on what they are trying to do then there has been no damage caused. This doesn't mean that you won't be found guilty, just that the "compensation" will be miniscule.
However I believe the computer missuse laws are criminal laws therefore they don't really care about "damage" as much and really just care about whether you can be proven to have "done it". In the case of wireless presumably a prossecutions case would focus on the arguement that you had to turn your wireless card on/ plug it in/ install drivers etc and therefore you knowingly comitted a crime. As IT professionals the prossecution would push the fact that you should have known better so ignorance was not a defence. Also bare in mind you would be on trial in front of a jury of 12 "non-techies", or an old and crusty judge or magistrates etc...!
And MY issue (which is why the law doesn't make sense to assume that an IT person isn't ignorant of the law: we know more about that law than the judges do) is that how do we know if the user wants us to or not?
How can we tell the difference between an honestly open AP and one where the luser doesn't care to close it?
So if we want this law, then from an IT perspective, permission IS granted. By nature of the protocol. It's only from a layman's perspective (Where they don't know what is supposed to happen, only what they want to happen) that there's any trespass. And so all routers should come locked down. At the very least the CD that comes with the drivers et al should have a program that turns ON the wireless point AND adds encryption. Even lusers know that if the installation CD is put in windows and the application says "please enter a password to access your wireless router (if you enter none, then anyone can access it, whether you can see them or not)" then they put in a password. That password is used as the key for other machines, where you enter the CD and it prompts you.
Easy peasy and users already know how to work that coffee holder.
And now we know that if there IS an open AP it is open for use (with the knowledge that the AP owner may be snooping on us).
And that would also be my plea to the jury and judge: I cannot be held responsible for a law written without knowing what it means. If they want to make the law stick, change the default setting so you HAVE to deliberately open up your system.
I tend to agree with you on the plea. This may be a IT centered site but computer literate users are in the minority when you compare to all internet users out there. I personally bought a Mac and when I turned it on at home, hey presto, an Airport connection. I know better. It's not my wifi, it's the travel agencies across the hallway. But someone who doesnt know is gonna think it came with the computer. Now granted that UK law (and many other European laws as well) effectively penalises wifi mooching, but that doesn't mean it's a well-thought out law. Until the pre-computer generation is replaced by the one born during the information age, then we're certainly going to see a lot of piggybacking.
A solution would indeed be for the retailers to have the default settings so that you have to turn open your wifi to others as mark says rather than drawing up excessive regulation on the subject.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
