Sign in with
Sign up | Sign in
Your question

The Wi-Fi user as wireless felon

Last response: in Wireless Networking
Share
Anonymous
a b F Wireless
May 4, 2004 11:41:23 PM

Archived from groups: alt.internet.wireless (More info?)

This article will be of interest to all those who discussed the (i)legality
of accessing (un)secured wifi networks
and sharing internet connections.
http://www.theregister.co.uk/2004/05/04/us_wi_fi_legisl...
Regards,
Martin

More about : user wireless felon

Anonymous
a b F Wireless
May 4, 2004 11:41:24 PM

Archived from groups: alt.internet.wireless (More info?)

I think the article is missing the point of legitimately "free" Wi-Fi
access. It uses Bryant Park (NY City) as an example of a place where people
go to get a free hotspot, then it tries to make the argument that it's
illegal, if I'm understanding it right. However, The Bryant Park
Organization sponsors that free signal for the sole purpose of providing
free internet access in Bryant Park.

So where is the crime?

"Martin²" <never@give.one> wrote in message
news:ntRlc.39777$Y%6.5376204@wards.force9.net...
> This article will be of interest to all those who discussed the
(i)legality
> of accessing (un)secured wifi networks
> and sharing internet connections.
> http://www.theregister.co.uk/2004/05/04/us_wi_fi_legisl...
> Regards,
> Martin
>
>
Anonymous
a b F Wireless
May 5, 2004 12:23:15 AM

Archived from groups: alt.internet.wireless (More info?)

On Tue, 04 May 2004 19:35:17 GMT, gary spoketh

>This is a very interesting read. I find the example at the end of the
>article very odd, though. The author describes someone going to a park and
>connecting to their home router, which is hooked to a cable modem. He
>concludes, "You're busted!".
>
>Nowhere does he discuss the use of WEP or WPA on the router, which I believe
>would be a strong defense against an accusation of illegal sharing. It's one
>of the main reasons I insist on at least using WEP, even if it's imperfect.
>It is the minimal care a reasonable person could be expected to take to
>prevent illegal access.
>

I believe his point is that too few people uses WEP or anything else to
protect their WiFi networks from abuse, and the fact that it's currently
virtually impossible to know if that constitutes authorized or
unauthorized use. The point being, the law is nowhere near where it
should be WRT this technology, and it's unclear what constitutes
unauthorized access.

Lars M. Hansen
www.hansenonline.net
Remove "bad" from my e-mail address to contact me.
"If you try to fail, and succeed, which have you done?"
Related resources
Anonymous
a b F Wireless
May 5, 2004 12:26:41 AM

Archived from groups: alt.internet.wireless (More info?)

> I agree. It would be nice to be able to put in a customized HTML page in
> the router that would notify someone they have accessed the network and
> unless they have permission to so so that it would be illegal.

Huh? Where do you put that page? I mean when I connect to my home network
and then start my customary SSH session, or access my CVS repository, I don't
see any opportunity for the router to send me an HTML page.

There are other ports than 80 and 443, after all.


Stefan
Anonymous
a b F Wireless
May 5, 2004 12:26:42 AM

Archived from groups: alt.internet.wireless (More info?)

In article <jwvy8o8ueng.fsf-monnier+alt.internet.wireless@gnu.org>,
monnier@iro.umontreal.ca says...
> > I agree. It would be nice to be able to put in a customized HTML page in
> > the router that would notify someone they have accessed the network and
> > unless they have permission to so so that it would be illegal.
>
> Huh? Where do you put that page? I mean when I connect to my home network
> and then start my customary SSH session, or access my CVS repository, I don't
> see any opportunity for the router to send me an HTML page.
>
> There are other ports than 80 and 443, after all.
>
>
> Stefan
>
That's just it... there is no place to put the page... I was saying it
would be nice if the router were to provide a place to post HTML code in
memory where you could author a page that would automatically be sent by
the router to any new wireless connection being made.

--

Ben E. Brady
http://www.clariondeveloper.com/wepgen
FREE! Effectively manage your Wi-Fi network.
Change your WEP keys often!

http://www.clariondeveloper.com/webcloak
FREE! Encrypt email addresses on your web site!
Keep spam bots from sending you spam!

http://www.firewallreporting.com
Personal firewall log analysis tools for
ZoneAlarm, BlackICE, WinRoute Pro and Windows XP
Take stock of your firewall settings and take action against intruders.

http://www.videoprofessorscam.com
Don't get stung by this scam!
May 5, 2004 1:54:37 AM

Archived from groups: alt.internet.wireless (More info?)

I still think it's odd that the article doesn't mention encryption at all.
An article that discusses arcane legal entanglements in such detail should
devote at least a paragraph to how use of encryption affects things.
Otherwise, it leaves the impression (at least with the technically
uninformed) that wifi is a nest of snakes and prosecution is imminent. In
that regard, I think the tone of the article is excessively pessimistic.

"Lars M. Hansen" <badnews@hansenonline.net> wrote in message
news:mhuf90pgrk9sqls23vdf921rjqg0jp8g3m@4ax.com...
> On Tue, 04 May 2004 19:35:17 GMT, gary spoketh
>
> >This is a very interesting read. I find the example at the end of the
> >article very odd, though. The author describes someone going to a park
and
> >connecting to their home router, which is hooked to a cable modem. He
> >concludes, "You're busted!".
> >
> >Nowhere does he discuss the use of WEP or WPA on the router, which I
believe
> >would be a strong defense against an accusation of illegal sharing. It's
one
> >of the main reasons I insist on at least using WEP, even if it's
imperfect.
> >It is the minimal care a reasonable person could be expected to take to
> >prevent illegal access.
> >
>
> I believe his point is that too few people uses WEP or anything else to
> protect their WiFi networks from abuse, and the fact that it's currently
> virtually impossible to know if that constitutes authorized or
> unauthorized use. The point being, the law is nowhere near where it
> should be WRT this technology, and it's unclear what constitutes
> unauthorized access.
>
> Lars M. Hansen
> www.hansenonline.net
> Remove "bad" from my e-mail address to contact me.
> "If you try to fail, and succeed, which have you done?"
May 5, 2004 2:18:54 AM

Archived from groups: alt.internet.wireless (More info?)

Web page hijacking is done all the time by hotspot edge servers. The first
attempt to connect to a web site from a new client - *any* web site - is
intercepted, and a splash page from the hotspot is substituted. Almost all
off-the-shelf wifi routers contain a web server to present admin pages, so
this would be a fairly trivial addition.

The real question is how you would use this. Without a secure authentication
step (need userid/password to get on the system), it doesn't accomplish
much. You could have the splash screen say that access is illegal if you are
not an authorized user, but since access would not be prevented, in practice
this would be meaningless. Anyone wishing to abuse your ISP connection would
do so. They would be completely untraceable, and your account would
eventually be terminated.

It seems to me that anything short of secure authentication, and preferably
encryption, is unworkable. It needs to be on by default, trivial to
configure, and disabled only by a conscious effort on the user's part.

Vendors and service providers can solve this problem if they want to, but
they first need to recognize it as a problem and then agree that something
needs to be done.

"Stefan Monnier" <monnier@iro.umontreal.ca> wrote in message
news:jwvy8o8ueng.fsf-monnier+alt.internet.wireless@gnu.org...
> > I agree. It would be nice to be able to put in a customized HTML page in
> > the router that would notify someone they have accessed the network and
> > unless they have permission to so so that it would be illegal.
>
> Huh? Where do you put that page? I mean when I connect to my home
network
> and then start my customary SSH session, or access my CVS repository, I
don't
> see any opportunity for the router to send me an HTML page.
>
> There are other ports than 80 and 443, after all.
>
>
> Stefan
May 5, 2004 2:30:49 AM

Archived from groups: alt.internet.wireless (More info?)

I notice I didn't address Lars' concern about clients whose first connection
is not http. Admittedly, that complicates it a little, but I'm sure that
there are several solutions. In one simple case, you could have a system
that presents no splash page at all if WEP or WPA encrytion and/or
authentication is used, but if it's open to the world, then the first IP
transaction from a client *must* be an http connection, after which the
client can do anything. If you don't want the system to behave that way, you
must either configure encryption, or take some other step to disable this
behavior. At least the user is then forced to acknowledge that he intends to
run completely open, and intends to present no barrier to entry. This is not
a suggested implementation, just an illustration that there are probably
multiple solutions to this technical issue.

In any case, it's moot. I don't think a splash page helps much without
secure authentication.

"gary" <pleasenospam@sbcglobal.net> wrote in message
news:xiUlc.24220$Zi7.21098@newssvr22.news.prodigy.com...
> I still think it's odd that the article doesn't mention encryption at all.
> An article that discusses arcane legal entanglements in such detail should
> devote at least a paragraph to how use of encryption affects things.
> Otherwise, it leaves the impression (at least with the technically
> uninformed) that wifi is a nest of snakes and prosecution is imminent. In
> that regard, I think the tone of the article is excessively pessimistic.
>
> "Lars M. Hansen" <badnews@hansenonline.net> wrote in message
> news:mhuf90pgrk9sqls23vdf921rjqg0jp8g3m@4ax.com...
> > On Tue, 04 May 2004 19:35:17 GMT, gary spoketh
> >
> > >This is a very interesting read. I find the example at the end of the
> > >article very odd, though. The author describes someone going to a park
> and
> > >connecting to their home router, which is hooked to a cable modem. He
> > >concludes, "You're busted!".
> > >
> > >Nowhere does he discuss the use of WEP or WPA on the router, which I
> believe
> > >would be a strong defense against an accusation of illegal sharing.
It's
> one
> > >of the main reasons I insist on at least using WEP, even if it's
> imperfect.
> > >It is the minimal care a reasonable person could be expected to take to
> > >prevent illegal access.
> > >
> >
> > I believe his point is that too few people uses WEP or anything else to
> > protect their WiFi networks from abuse, and the fact that it's currently
> > virtually impossible to know if that constitutes authorized or
> > unauthorized use. The point being, the law is nowhere near where it
> > should be WRT this technology, and it's unclear what constitutes
> > unauthorized access.
> >
> > Lars M. Hansen
> > www.hansenonline.net
> > Remove "bad" from my e-mail address to contact me.
> > "If you try to fail, and succeed, which have you done?"
>
>
May 5, 2004 2:34:39 AM

Archived from groups: alt.internet.wireless (More info?)

Oops! I posted this to the wrong subthread. Sorry.
----------------------------------------------------------

I notice I didn't address Stefan's concern about clients whose first
connection
is not http. Admittedly, that complicates it a little, but I'm sure that
there are several solutions. In one simple case, you could have a system
that presents no splash page at all if WEP or WPA encrytion and/or
authentication is used, but if it's open to the world, then the first IP
transaction from a client *must* be an http connection, after which the
client can do anything. If you don't want the system to behave that way, you
must either configure encryption, or take some other step to disable this
behavior. At least the user is then forced to acknowledge that he intends to
run completely open, and intends to present no barrier to entry. This is not
a suggested implementation, just an illustration that there are probably
multiple solutions to this technical issue.

In any case, it's moot. I don't think a splash page helps much without
secure authentication.

"gary" <pleasenospam@sbcglobal.net> wrote in message
news:iFUlc.24234$xK7.1659@newssvr22.news.prodigy.com...
> Web page hijacking is done all the time by hotspot edge servers. The first
> attempt to connect to a web site from a new client - *any* web site - is
> intercepted, and a splash page from the hotspot is substituted. Almost all
> off-the-shelf wifi routers contain a web server to present admin pages, so
> this would be a fairly trivial addition.
>
> The real question is how you would use this. Without a secure
authentication
> step (need userid/password to get on the system), it doesn't accomplish
> much. You could have the splash screen say that access is illegal if you
are
> not an authorized user, but since access would not be prevented, in
practice
> this would be meaningless. Anyone wishing to abuse your ISP connection
would
> do so. They would be completely untraceable, and your account would
> eventually be terminated.
>
> It seems to me that anything short of secure authentication, and
preferably
> encryption, is unworkable. It needs to be on by default, trivial to
> configure, and disabled only by a conscious effort on the user's part.
>
> Vendors and service providers can solve this problem if they want to, but
> they first need to recognize it as a problem and then agree that something
> needs to be done.
>
> "Stefan Monnier" <monnier@iro.umontreal.ca> wrote in message
> news:jwvy8o8ueng.fsf-monnier+alt.internet.wireless@gnu.org...
> > > I agree. It would be nice to be able to put in a customized HTML page
in
> > > the router that would notify someone they have accessed the network
and
> > > unless they have permission to so so that it would be illegal.
> >
> > Huh? Where do you put that page? I mean when I connect to my home
> network
> > and then start my customary SSH session, or access my CVS repository, I
> don't
> > see any opportunity for the router to send me an HTML page.
> >
> > There are other ports than 80 and 443, after all.
> >
> >
> > Stefan
>
>
>
Anonymous
a b F Wireless
May 5, 2004 9:16:36 AM

Archived from groups: alt.internet.wireless (More info?)

"gary" <pleasenospam@sbcglobal.net> wrote in
news:3UUlc.24242$d%7.13889@newssvr22.news.prodigy.com:

> Oops! I posted this to the wrong subthread. Sorry.
> ----------------------------------------------------------
>
> I notice I didn't address Stefan's concern about clients whose first
> connection
> is not http. Admittedly, that complicates it a little, but I'm sure that
> there are several solutions. In one simple case, you could have a system
> that presents no splash page at all if WEP or WPA encrytion and/or
> authentication is used, but if it's open to the world, then the first IP
> transaction from a client *must* be an http connection, after which the
> client can do anything. If you don't want the system to behave that way,
> you must either configure encryption, or take some other step to disable
> this behavior. At least the user is then forced to acknowledge that he
> intends to run completely open, and intends to present no barrier to
> entry. This is not a suggested implementation, just an illustration that
> there are probably multiple solutions to this technical issue.

That's what I would want. If you don't authenticate first, then you can't
make a connection on any other port. As far as authentication goes, I would
like something like multi-factor authentication, like SecureID, but I know
that costs too much for most people.
Anonymous
a b F Wireless
May 5, 2004 8:20:07 PM

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, gary mused:
|
| I still think it's odd that the article doesn't mention encryption at all.
| An article that discusses arcane legal entanglements in such detail should
| devote at least a paragraph to how use of encryption affects things.
| Otherwise, it leaves the impression (at least with the technically
| uninformed) that wifi is a nest of snakes and prosecution is imminent. In
| that regard, I think the tone of the article is excessively pessimistic.

If you are a frequent reader of The Register, you'll quickly see that
many of the articles posted there are unnecessarily sensationalized in such
ways. With this particular article, there are far too many usages of "if,"
"possible," "maybe," "could," etc to be viewed as anything more than a
general discussion of the issue.

Personally, this issue will not get resolved until the first few test
cases go to the US courts. I would wager that security in place by the
hose, and the actions of the client while connected to the host will be the
two mitigating factors in the decision for or against. If I were a betting
sort of person, I would say that if there is no security in place by the
host, and no other "criminal activity" by the client other than connecting
and browsing the internet, there will likely be no serious consequence.
Anonymous
a b F Wireless
May 5, 2004 8:22:53 PM

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, gary mused:
|
| In any case, it's moot. I don't think a splash page helps much without
| secure authentication.

Well, it would be the wireless equivalent to a No Trespassing sign.
They really don't stop anyone, but people still hang them up.
Anonymous
a b F Wireless
May 5, 2004 8:24:26 PM

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, Mr. Grinch mused:
|
| That's what I would want. If you don't authenticate first, then you can't
| make a connection on any other port. As far as authentication goes, I
| would like something like multi-factor authentication, like SecureID, but
| I know that costs too much for most people.

WEP or WPA accomplish this. Having such a page after authentication via
WEP/WPA is a bit redundant. And, if you are going to require authentication
without WEP/WPA, what's the point, really?
May 5, 2004 8:35:36 PM

Archived from groups: alt.internet.wireless (More info?)

Reread my previous post. The suggestion is that the page would be presented
if and only if encryption is *not* enabled, and this would be default
behavior unless the user takes a further configuration step to disable the
splash page. The point would be to have default behavior in an unencrypted
("open") environment that warns outsiders that this is not intended to be an
open network. If you're authorized, you know who you are. If you want to get
rid of the splash page, you can, but then if you have a dispute in a court
or with your ISP over illegal sharing of your connection, the other side can
argue that you intentionally disabled the splash page and therefore
knowingly removed all barriers to illegal entry to your system.

That's a theory. In reality, I think it's worthless without real
authentication. Simply enabling encryption is authentication, on a per-frame
basis. Warning users is no barrier to entry at all. Everyone has access to
at least WEP, so even with the splash page avaible, it could be argued that
a reasonable person would be expected to use the effective tool rather than
the ineffective one.

"mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
news:_y8mc.36796$Ik.2317955@attbi_s53...
> Taking a moment's reflection, Mr. Grinch mused:
> |
> | That's what I would want. If you don't authenticate first, then you
can't
> | make a connection on any other port. As far as authentication goes, I
> | would like something like multi-factor authentication, like SecureID,
but
> | I know that costs too much for most people.
>
> WEP or WPA accomplish this. Having such a page after authentication
via
> WEP/WPA is a bit redundant. And, if you are going to require
authentication
> without WEP/WPA, what's the point, really?
>
>
>
May 5, 2004 8:54:25 PM

Archived from groups: alt.internet.wireless (More info?)

Even No Trespassing signs are hard to enforce. Enforced towing for
restricted parking is another example. In my city, you are required to mark
restricted spaces clearly, and to post several signs in visible places, with
certain language that has been enshrined by legal precedent as enforceable.
If you fail to do all of these things just right, if you have someone towed,
you may end up paying for it yourself.

Relying on a warning means that some rule has to be accepted about how the
warning is worded. This has to be tested in court - if it's too vague, or
doesn't meet some obscure civil code requirement, it's not enforceable. If
you want vendors to put these splash pages in the router, then the wording
has to work in every state, and every state, county, and city will have
local laws and ordinances that affect interpretation. But wait - they market
in Europe, too. Is any of this legal or even meaningful in Europe? Vendors
aren't going to bother to put in this feature unless it actually works, at
least in the U.S. Now, they could put in a feature that allows the user to
configure the page. But now we're talking about increased cost - they have
to design an interface to let you modify the page, allocate flash memory to
store the modifications, and so on. And, in the end, the splash page now has
to be configured and selected by the user. The whole original point was that
it should be a trivial out-of-box thing that works by default unless the
user takes steps to disable it.

Plus, you always have the much stronger tool of encryption available. Given
how ineffective a warning is compared to encryption, why would courts decide
to accept the warning as sufficient due diligence, if a much stronger
medicine is available on every 802.11 router manufactured today, and is part
of the standard?


"mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
news:xx8mc.36792$Ik.2317683@attbi_s53...
> Taking a moment's reflection, gary mused:
> |
> | In any case, it's moot. I don't think a splash page helps much without
> | secure authentication.
>
> Well, it would be the wireless equivalent to a No Trespassing sign.
> They really don't stop anyone, but people still hang them up.
>
>
>
Anonymous
a b F Wireless
May 6, 2004 2:02:50 AM

Archived from groups: alt.internet.wireless (More info?)

"gary" <pleasenospam@sbcglobal.net> wrote in message
news:5%8mc.24405$py7.9486@newssvr22.news.prodigy.com...
> Even No Trespassing signs are hard to enforce. Enforced towing for
> restricted parking is another example. In my city, you are required to
mark
> restricted spaces clearly, and to post several signs in visible places,
with
> certain language that has been enshrined by legal precedent as
enforceable.
> If you fail to do all of these things just right, if you have someone
towed,
> you may end up paying for it yourself.

Web access seems over complex - what happens if i have a wireless device
that doesnt understand http, or isnt driven by a user (maybe a background
email sync process on a PDA?)

if all you need is to show that this isnt a connection intended for
"unfettered" access, then why not show that within the SSID?

Naming it something like "no_trespassing" or "private" seems pretty
unambiguous.
>
> Relying on a warning means that some rule has to be accepted about how the
> warning is worded. This has to be tested in court - if it's too vague, or
> doesn't meet some obscure civil code requirement, it's not enforceable. If
> you want vendors to put these splash pages in the router, then the wording
> has to work in every state, and every state, county, and city will have
> local laws and ordinances that affect interpretation. But wait - they
market
> in Europe, too. Is any of this legal or even meaningful in Europe? Vendors
> aren't going to bother to put in this feature unless it actually works, at
> least in the U.S. Now, they could put in a feature that allows the user to
> configure the page. But now we're talking about increased cost - they have
> to design an interface to let you modify the page, allocate flash memory
to
> store the modifications, and so on. And, in the end, the splash page now
has
> to be configured and selected by the user. The whole original point was
that
> it should be a trivial out-of-box thing that works by default unless the
> user takes steps to disable it.
>
> Plus, you always have the much stronger tool of encryption available.
Given
> how ineffective a warning is compared to encryption, why would courts
decide
> to accept the warning as sufficient due diligence, if a much stronger
> medicine is available on every 802.11 router manufactured today, and is
part
> of the standard?
>
>
> "mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
> news:xx8mc.36792$Ik.2317683@attbi_s53...
> > Taking a moment's reflection, gary mused:
> > |
> > | In any case, it's moot. I don't think a splash page helps much without
> > | secure authentication.
> >
> > Well, it would be the wireless equivalent to a No Trespassing sign.
> > They really don't stop anyone, but people still hang them up.
--
Regards

Stephen Hope - return address needs fewer xxs
May 6, 2004 2:02:51 AM

Archived from groups: alt.internet.wireless (More info?)

Good point, but lots of people accidentally connect to open wifi nets
without even knowing they are doing so. For example, they may be configured
to autoconnect to the strongest signal available. In this case, they never
even see the SSID.

As for PDAs synching email over wifi, can't they be configured to use WEP?
The example proposed not using the splash page if encryption is enabled, and
giving you a way to disable it if you really want to run wide-open and
unsecured.

The whole thing is moot, because I can't imagine courts actually finding
that you did all that could be reasonably expected to prevent your internet
connection from being abused, when everybody with a wifi router has
encryption available, however imperfect it is.

"shope" <stephen_hope@xntlxworld.com> wrote in message
news:sBcmc.221$2A5.110@newsfe1-win...
>
> "gary" <pleasenospam@sbcglobal.net> wrote in message
> news:5%8mc.24405$py7.9486@newssvr22.news.prodigy.com...
> > Even No Trespassing signs are hard to enforce. Enforced towing for
> > restricted parking is another example. In my city, you are required to
> mark
> > restricted spaces clearly, and to post several signs in visible places,
> with
> > certain language that has been enshrined by legal precedent as
> enforceable.
> > If you fail to do all of these things just right, if you have someone
> towed,
> > you may end up paying for it yourself.
>
> Web access seems over complex - what happens if i have a wireless device
> that doesnt understand http, or isnt driven by a user (maybe a background
> email sync process on a PDA?)
>
> if all you need is to show that this isnt a connection intended for
> "unfettered" access, then why not show that within the SSID?
>
> Naming it something like "no_trespassing" or "private" seems pretty
> unambiguous.
> >
> > Relying on a warning means that some rule has to be accepted about how
the
> > warning is worded. This has to be tested in court - if it's too vague,
or
> > doesn't meet some obscure civil code requirement, it's not enforceable.
If
> > you want vendors to put these splash pages in the router, then the
wording
> > has to work in every state, and every state, county, and city will have
> > local laws and ordinances that affect interpretation. But wait - they
> market
> > in Europe, too. Is any of this legal or even meaningful in Europe?
Vendors
> > aren't going to bother to put in this feature unless it actually works,
at
> > least in the U.S. Now, they could put in a feature that allows the user
to
> > configure the page. But now we're talking about increased cost - they
have
> > to design an interface to let you modify the page, allocate flash memory
> to
> > store the modifications, and so on. And, in the end, the splash page now
> has
> > to be configured and selected by the user. The whole original point was
> that
> > it should be a trivial out-of-box thing that works by default unless the
> > user takes steps to disable it.
> >
> > Plus, you always have the much stronger tool of encryption available.
> Given
> > how ineffective a warning is compared to encryption, why would courts
> decide
> > to accept the warning as sufficient due diligence, if a much stronger
> > medicine is available on every 802.11 router manufactured today, and is
> part
> > of the standard?
> >
> >
> > "mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailSPäM.com> wrote in message
> > news:xx8mc.36792$Ik.2317683@attbi_s53...
> > > Taking a moment's reflection, gary mused:
> > > |
> > > | In any case, it's moot. I don't think a splash page helps much
without
> > > | secure authentication.
> > >
> > > Well, it would be the wireless equivalent to a No Trespassing
sign.
> > > They really don't stop anyone, but people still hang them up.
> --
> Regards
>
> Stephen Hope - return address needs fewer xxs
>
>
Anonymous
a b F Wireless
May 6, 2004 6:42:03 PM

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, gary mused:
|
| That's a theory. In reality, I think it's worthless without real
| authentication. Simply enabling encryption is authentication, on a
| per-frame basis. Warning users is no barrier to entry at all. Everyone
| has access to at least WEP, so even with the splash page avaible, it
| could be argued that a reasonable person would be expected to use the
| effective tool rather than the ineffective one.

We are in agreement, that was pretty much the point of my reply. Since
everyone has at least WEP, it makes (really) no sense for any wireless
network to be unencrypted unless your goal *is* to allow anyone and everyone
to connect.
Anonymous
a b F Wireless
May 6, 2004 6:46:43 PM

Archived from groups: alt.internet.wireless (More info?)

Taking a moment's reflection, gary mused:
|
| I generally agree with what you say. Personally, I don't think many cases
| will make it to court, at least not soon. As I've said before, ISPs have
| no incentive to pay court costs. All they need to do is drop your
| connection if it's been abused. They don't care who is doing the abusing
| (with wifi, the abuser is nearly impossible to find anyway). They own the
| service, so they don't really owe you an explanation. They can terminate
| it without cause, at any time.

Agreed. I think that's the other thing that people are missing.
Tracking down trespassers is difficult, and unless you have a packet
sniffer/reconstructor running at the time of the trespass, you really have
no information (other than the WLAN card MAC Address) to go on.
!