Please don't fuck this up
At the moment, the only safe public WiFi that I can use is in McDonalds (here in France). It is reasonably unrestricted, enough that I can connect up and then set a VPN connection running so my comms will be encrypted even over a public AP. Useful for stuff using older send-password-in-the-clear protocols like POP3.
The alternative? Go to a KFC. Not only is their WiFi AP so locked down that only the common protocols work , any attempt to visit an SSL site throws an error on my iPad because KFC are trying to pass off a fake certificate. Always the same one, no matter what https address I go to. It is an active, deliberate, MITM which completely undermines any end-user security whatsoever. Essentially my communications would go to KFC's box, be decrypted, then re-encrypted for the journey out. But what happens in the middle? Oh, sure, they'll probably give some spin about piracy and paedos, while glossing over the part where they would have full access to all data passing. Online banking? Cheers, thanks for your full login details. Checking your Amazon or eBay sales? Thanks for the username and password.[1]
I fear that if public providers are made to be liable for what passes through their network (as dumb as this is, refer to the hyperbole examples above), then we will see less openness, less willingness to permit VPN and the like, and more attempts to pass off fake certificates. One must already assume that any communication on a public AP is available to be read by anybody else in the room; therefore if opportunities to privacy are removed in order to satisfy liability, it will make public APs less and less useful, possibly to the point where they aren't useful at all.[1]
1 - while at KFC, I switch on my Bouygues phone. They permit tethering on a pay-as-you-go card, so I go online via Bouygues. Can't VPN, but at least my mail password is not available to everybody in the room and SSL is not messed with.
Biting the hand that feeds IT
