Bruce Schneier Has An Open Wi-Fi Network

from the share-and-share-alike dept

Bruce Schneier, one of the sharpest people in the computer security world, has a great piece about why he leaves his home wireless network open for anyone to use. When I wrote something similar a couple of years ago, I caught a lot of flack from people who said that I was opening myself up to security risks, either from people downloading child pornography with my connection or from people hacking into my home computers and stealing my data. But as Schneier points out, neither of these risks is unique to your home wireless network. Like Schneier, I've got several restaurants and coffee shops within walking distance of my apartment that offer free wi-fi access. While it's not impossible that somebody would park their car out in front of my street and use my Internet connection to do something illegal, it seems more likely that they'd do so over a cup of coffee in one of the nearby coffee shops, where they wouldn't evoke suspicion. Moreover, I have a laptop and I visit coffee shops and other locations with open wi-fi connections all the time. If my laptop has security vulnerabilities, I should be a lot more worried about getting cracked on those networks (which make it easy to target a bunch of people at once) than that I'll have the bad luck of living next to a cracker. I need to keep my laptop properly locked down in any event. Once I've done that, an open wi-fi network is a fairly minor risk. Finally, Schneier closes by pointing out that security is a trade-off. If perfect security is your standard, you shouldn't connect to the Internet at all, because there's always a risk of a security breach. Given that we're willing to accept some level of risk if we have a good reason, the question we should be asking is about the relative risks of different activities. The risk of leaving your wireless network open isn't zero, but it's probably small.Now, I should point out that all of this assumes that you're a reasonably technically savvy individual with an understanding of basic security concepts: that you know how to update your operating system on a regular basis and that you've set the administrative password on your access point to a non-default value. If you're a complete networking neophyte (not that many of those probably read Techdirt), you should probably get some advice from someone more technically savvy about good Internet security practices. Actually, you should do that whether or not you choose to open your wireless network. But on the list of potential network security threats, an open wi-fi network is probably pretty low on the list.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Bruce Schneier Has An Open Wi-Fi Network”

Subscribe: RSS Leave a comment
35 Comments
Anonymous Coward says:

Re: Re: What about neighbors?

Then why not install an open (misconfigured) proxy as well? And have a public FTP server? If you want to start talking about liability, there’s plenty of ways to claim you were “hacked” and so forth… but you still will have to explain yourselves to authorities and such. So.. like it was said, ask for problems then defend yourself? What a brilliant way of thinking. Let’s go shoot a bunch of people and say someone borrowed my gun cause I left it on the table the other day .. *sigh*

Alex says:

Who cares about security...

I sure dont, the only reason I set up a password on my access point is cause I’m bandwidth greedy. If i can shave off 50ms off my ping in COD4 by stopping my neighbor from running his BitTorrent client through my connection, then security is a very good idea. In fact I secretly go around my house and connect everyone else’s computers to other (open) networks instead of mine. Evil? Maybe. Do I care? Nope.

Anonymous Coward says:

Re: Get your packets here.

Everyone should have an open access point.

What, are you nuts? People have to be controlled! And to do that their thoughts must be controlled which means controlling their communications. Otherwise there is just no telling what kind of dangerous, destabilizing ideas might get started.

Its just good moral behavior to share.

Open-wifi is a danger to an orderly society!

I leave any wap open that I can get my hands on.
I’ve even installed open waps without anyone knowing that this was done.

The government should start patrolling for open-wifi, arresting the owners and putting them in prison where they belong! Same thing for anyone caught using one!

Information should be free!

Information should never be free. Freedom is bad for an orderly society!

Lets not place a speed limit on our highways.

We should bring back the 55 m.p.h. national speed limit!

You are wrong about everything. Turn in your party membership!

Steve says:

Missed the point

I think some of the commenters missed the point – It’s not that data, or access, should be “free” or that the writer doesn’t value his data or want to keep it secret. The point is that if the WEP key is the only thing between a hacker and your data, you’ve got bigger problems than an open wireless network.

My feeling is that he largely did this as a “publicity stunt” and to start the conversation that we’re having, which is good.

I’d only say that for most people, WEP or other wireless security is an easy thing to enable to make the casual bandwidth hog continue down the road to the coffee shop rather than to use your WAP.

I’d agree that you need more security internally regardless of your wireless security, and that wireless security is not the whole answer, but if it is enough to make someone who isn’t looking for YOUR data to go find an easier network to connect to then it’s worth having.

Pedro says:

Well that’s a dumb logic… wow. Potentially allow others to do harm, then defend yourself? You could be charged just for “encouraging” others to do harm by willingly leaving your wireless connection open to those who seek exactly that. At least use a lame 64bit WEP key that any kiddie can crack, that way you’re at least a little safer from prosecution.

“If perfect security is your standard, you shouldn’t connect to the Internet at all, because there’s always a risk of a security breach.” — That coming from a so-called security expert? Remind me never to listen to him? heh. He;s like the church isn’t he? Saying abstinence is better than a condom? Most ridiculous thing I’ve read all week.

Anonymous Coward says:

Re: Re: Re:

Yeah, sadly this article has put Bruce quite a few steps lower on the totem pole than he was yesterday. It’s very irresponsible of him to say the least.

Being the world renowned expert that you are, ehrichweiss, I’m sure that as soon as Mr. Schneier hears of your disapproval he’ll immediately recant. If only he’d had the good sense to ask you first!

Killer_Tofu (profile) says:

Re #10 & My Open WAP

Re #10:
He is a security expert. And quite respected by anyone who watches the field or knows a lot about it. He has my respect and I don’t even frequent his stuff by any means.

My WAP:
It is open, no encryption at all. But I also live in the woods, and it is also in my basement, which happens to be underground.
I have tested and its signal doesn’t go overly far from the house.
Anyone accessing it I could see sitting in my yard or next to my house. =)

Derek Kerton (profile) says:

Don't Assume That Short Range Is Security

RE #12

I do this as well, sometimes, by turning down, or even disconnecting and antenna or two. But don’t kid yourself that this is providing MUCH security (sure, it provides some obscurity).

A determined “visitor” will come with a better client side antenna than anything you’re using. For example, I have a Cantenna that gains me about 12dbi. If I aim that at your house, I might be able to get a signal further than your laptop. Someone with a dish could do better. Actually, you probably know exactly what you’re doing, but I’m writing this to clarify the point.

Unlikely, for sure, but “security through obscurity” should be taken for what it is.

Pro says:

A slice

I’ve always thought that routers should have the ability to donate a small (5% perhaps) part of their bandwidth for public consumption. So when my neighbor’s network goes down, he could use mine to help debug his problems and vice versa. These local networks should also be in touch with each other – so you could run neighborhood message boards, etc…

Ven'Tatsu says:

Re: A slice

That is not an uncommon set up, although depending on the details it can take some work to set up. My router prioritizes traffic from known MAC addresses before unknown MAC addresses rather than giving only 5%, but it is the same concept.
I don’t know of any off the shelf home routers that support that but a DIY Linux (and most likely *BSD, etc.) router can do it if your willing to take the time.

Mac Dude says:

Security

Leave your Wireless open and have a spammer drive by and transmit 100k of spam over your internet connect. I’m sure DSL and Cable will understand. When it happens in Tulsa, they shut your connection down, mail you a form to sign that says you are aware of their anti-spam and usage policies, then MAYBE you will be back up in a week. It’s happened a few times that I know of.

Cafe’s usually don’t have this problem because you register with your web browser before any other online activity. It doesn’t mean they will verify your identity, but at least they can shut the account down.

Anonymous Coward says:

open access with less danger

I have installed an open access point but with conditions. I used two routers. The first open and connected to internet access and the second connected to the first which has the network attached to it and the wireless secured. This way the customers can use the open point but the network is as safe as if it was with no open access.

Anonymous Coward says:

Not sure what the point trying to be made here is… If your router has security, enable it… Saying the risk is minimal is stupid when all you have to do is go into the config and turn it on. Whoever the hell Bruce Schneier is, he doesn’t sound like any sort of knowledgable person on this subject. Let alone the fact that he is TELLING you that his access point is wide open, which only adds to the risk.

Nick says:

Conscious decision versus carelessness

As others here have noted, opening up your wi-fi is likely to be fine, provided a few conditions are met:

1. You don’t have any download quotas on your Internet connection
2. You either don’t play online games or have a router that is smart enough to prioritise your own machines above external connections
3. You have a second firewall between the Wi-fi router and any network accessible internal resources (printers, network drives, media PC)
4. Your wi-fi equipped devices are set up to use a VPN or other mechanism (e.g. SSH tunnels) to get access to the resources on the internal network
5. The network accessible resources themselves are also locked down reasonably well

So, if the rest of the home network is properly secured, then sure, leave the wi fi open because it doesn’t matter – you can “pay it forward” as Bruce puts it without any real inconvenience to yourself. On the other hand, if you don’t have those extra layers of defence in place, then having WPA (*not* WEP) switched on in your wi-fi and having all incoming connections from the Internet blocked in your router are both *very* good ideas. Sure, neither of those defences is likely to stand up to a concerted attack, but we’re talking about a home network here – the idea is to keep out script kiddies, not serious professionals.

Tarek (user link) says:

Bruce's Warriors

Almost a year ago, Bruce Schneier asked in his blog if we really need a security industry.

“As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?”, Bruce Schneier
http://www.schneier.com/blog/archives/2007/05/do_we_really_ne.html

I think his opinion about making Wifi open consists with what he wrote. He is pushing people to train the warriors instead of relying on untrained warriors with a lot of shields around their bodies.

But the problem is that I have the feeling that he is somehow confused and cannot tell when the warrior’s body ends and when his shields start.

Fast Eddie says:

I hear ya on the bandwidth- the more, the better- and the faster I get as time goes on I simply will not deal with anything slower!

My neighbors don’t use bittorrents or peer to peer programs, so I charge them per connection- the difference in bandwidth is very minimal, so it isn’t a big deal.

This is probably illegal, but technically so is leaching off other people’s networks without their consent (according to some articles I’ve read about people getting arrested for it).

As far as security goes, yes security is important and always will be- I have the wireless network on a different subnet and a couple other measures in place, so I feel fine in that regard.

I’ve got the speed, They’ve got the need, everyone’s happy 🙂

wilder_card says:

Pedro said:

“You could be charged just for “encouraging” others to do harm by willingly leaving your wireless connection open to those who seek exactly that. At least use a lame 64bit WEP key that any kiddie can crack, that way you’re at least a little safer from prosecution.”

So now charity is illegal? I don’t think that argument would ever fly in a criminal prosecution. Unfortunately the bar for a civil suit is much lower, they might actually convince a jury that “logic” makes sense.

Nasty Old Geezer says:

Giving away what's not yours

Talk about false dichotomies…

If a coffee shop makes a business decision that they are more competitive by offering no-charge Internet access, then they create an agreement with their ISP that allows them to do so. The theory is that ey will sell enough $10 cups of coffee to cover the ISP charges. This will proably cost a few hundred dollars a month — several time the usual cost of a residential ISP connection.

So, if a residential customer decides to give away access via a wireless AP, they are in effect stealing the difference between a residential and a commercial connection fee. That is why your ISP TOS prohibits you from reselling or giving away indescriminate access.

Yes, there is some small risk of liability from illegal activity — warez, spam, porn, hacking, DDOS — lots of criminals out there, not so many near my house.

The law has not caught up with technology and never will, and there are a lot of people that don’t want to respect the rights of ISP companies. (Yes, they have rights even if they behave unethically in other areas.)

I secure my home network because my ISP agreement obligates me to do so.

PS: There are some signs the all-you-can-surf model may eventually go away, or be a premium level of service. If we go back to the pre-AOL metered model, you unsecured people may find out the cost of wht you thought was free.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...