Open wireless access points and the theft analogy

Many homes and small companies are using Wi-Fi access points so that their computers can establish a wireless connection to the internet. It is still not uncommon for such access points, the devices with antennae that can transmit and receive data, to have no measures implemented to prevent undesired connections by other computers.

It has often been asked whether people who log into unprotected access points are stealing. The analogy often used is that it’s like being able to walk onto your neighbour’s house just because his front door isn’t locked, then tapping into his cable TV connection, run the cable back to your house and then watch TV for free.

This analogy, however, is false. An excellent analogy I have read goes as follows: You ring the doorbell of your neighbour’s house, the butler opens the door. Then you ask if it’s OK to watch cable TV, the butler then answers “sure, no problem.” So are you stealing cable television? No, you’re not.

The butler is simply carrying out his masters instructions, or otherwise used his own discretion when the master fails to provide explicit instructions. The open access point device is to internet access, what the friendly butler is to cable TV.

In other words: people with open access points have delegated decisions, regarding who to grant access to the network, to the access point’s software. It can decide for itself who gets permission to access your network, as you have implicitly or explicitly given it permission to do. That means that it is broadcasting its presence to the world, and any computer in the vicinity who kindly asks permission to log on, is indeed given permission to do so. This is not a mistake, this is by design.

Believe it or not, there are quite a few individuals who deliberately want to leave their access points open. It’s a philosophical decision for some, who hope that someday internet access will be open and freely available everywhere on earth, through open access points.

So there is nothing wrong about accessing open access points, and it’s certainly not stealing.

Advertisements

4 Responses to Open wireless access points and the theft analogy

  1. danny says:

    So you basically agree that tapping into your neighbour’s wireless is like tapping into their cable tv or telephone and therefore stealing.

    But you assume that because it is an open access point they have given you or anyone consent to use it.

    But that also assumes that the neighbour is knows how to lock down their router and is fully aware of the security implications. And this is what I don’t buy. The routers are very open out of the box and must be locked down but people forget to do it, don’t know it has to be done and/or don’t know how.

    Have you ever met a butler, or can you even imagine one that, will let a complete stranger into the house and let them use all the facilities just because the master of the house forgot to tell him “Don’t let strangers in the house.” This is the usual case with wireless access the owner has forgotten to lock it down. A human butler’s initial reaction to a person at the door is to ask for identification and then to ask the master of the house for permission to either let you in or ask you to leave. Just like a locked down router you have id yourself with a password and sometimes a mac address.

    If you find an open access point in your neighbourhood and want to use it because you can’t afford to pay for your own the polite and ethical thing to do is: find the source and ask permission of the owners.

  2. Menzonius says:

    Hi, thanks for your reply!

    I think I understand your point of view, but I’m not entirely convinced by your arguments.

    But that also assumes that the neighbour is knows how to lock down their router and is fully aware of the security implications. And this is what I don’t buy.

    That may be true, but this argument cuts both ways. We may also assume that I have no idea how to make my wireless card *not* automatically associate with open access points (which is the default configuration of most wireless cards, for exactly the same reason that access points are open by default). But I think that just as you may assume that I know my wifi card’s configuration, I should be able to assume that you know your access point’s configuration.

    Have you ever met a butler, or can you even imagine one that, will let a complete stranger into the house and let them use all the facilities just because the master of the house forgot to tell him “Don’t let strangers in the house.”

    Since quite a few access points here in Amsterdam are *intentionally* left open (for example hot-spots in cafés, but also in some homes), it would appear that there are quite a lot of crazy butlers at work in this city ;-)

    If you find an open access point in your neighbourhood and want to use it because you can’t afford to pay for your own the polite and ethical thing to do is: find the source and ask permission of the owners.

    Beyond the ethical considerations, I think it is quite difficult to drive around with an open laptop in front of an apartment building, and then guess which apartment on which floor has the open access point your laptop automatically associated with.

    For example, as I am writing this message there are currently seven(!!!) other access points besides my own that I could potentially associate with. However, it is worth noting that they are *all* closed and secured, as is my access point. So most people here seem to know how to read the manual, which supports my opinion that it is a reasonable default assumption that open access points are left open by choice, rather than by default configurations and ignorance of the owners ;-)

  3. SillyBilly says:

    Open internet for all is a welcome thing. But still, everyone should have an ID on the internet, that cannot be stolen. In real life, you go about your business freely, except every once in a while the police stops you to check why you’re doing something that might be illegal, and then you always pull your wallet, and show an ID, a picture ID at that. Otherwise your ID is your face (unless you’re wearing a mask). On the internet your face is your IP address, but you still need an ID in your wallet. Open internet access would then be possible to all, all open wireless access points would have to do is ask for your ID, look it up in the verisign/thawte/geotrust database, that come up with a challenoge question that (you) or your computer gets asked, such as last 4 digits of social, or favorite color, etc., to make sure it’s not a stolen or fake ID (like underage drinkers use.) This way the security companies take on the liability of identity management, and the whole world can leave their wireless connections open, with internet access no matter where you find yourself. Then the only issue becomes bandwidth sharing. Actually, if everyone pools their connections together, traffic being routed through 15 servers including your own server in your house, that adds security in the sense that everyone only gets part of your communications, there is proof of communication in 15 places, and there are ways for sophisticated load balancing including extreme burst speeds. Price discrimination though would be harder, in that people who want to get superfast access and willing to pay for it, but not share it away where it degrades to the common denominator. By the way these two methods could coexist, open and nonopen, just fine, but even with WPA there is still that need that everyone has a unique, paid for digital ID, used for voting, bank access, etc., that’s simply not present on the internet today. IP addresses are not the way, because IP address at say at a school or library computer is not personalized, and the extensive logs of which student id or library card # used a given ip at what time is very fragmented and impossible to manage on a global scale. If everyone had a “license” to use the internet it would make bank access and indentity theft that much harder, and it would be a direct, global way of proving identity per person, managed by at least 3 equal competitors, such as verisign, thawte and geotrust, under gov’t/UN supervision. Google and Microsoft would probably want to get in on the whole thing too, but they are such overwhelming powers that they would drench and choke any competitor to death and then how can you trust and be left at the whim of a single overwhelming global power entity who can pull the plug on your whole life just by controlling your digital ID? Maybe the localized ip/student-library ID is like localized police, communities manage their own lives instead of one central entity in washington managing the minute details of everyone’s life, with too much power, too concentrated power. Then what about open access internet, having internet no matter where you find yourself, as opposed to being locked away in an emergency? Locally managed ID#s are too much hassle. There is still a national global SS# registry that local police uses, there is concentration of power anyway, but it’s in the hands of government wishing to govern and keep order and help everyone as opposed to private business who’s only interested in profit, and if what it takes is blackmailing you for an ID, they’ll find it very hard to resist. What’s the price of maintaining an SS#, or digital ID challenge question issuing servers? It’s in your IRS taxes, but there is no blackmailing in the name of huge profit margins going on. So I guess 3 competitors, verisign/thawte/geotrust won’t work, it will have to be government doing it, or private business with a very heavy utility-like regulated govt oversight.

  4. SillyBilly says:

    Bah, I just read http://en.wikipedia.org/wiki/Web_of_trust and I finally understand PGP and GnuPG. That’s the real identity proving system, decentralized.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: