Column from PC Magazine: The Right Analogy for Wireless Signal Spill —
We’re starting to see more and more articles in local newspapers with various slants on the fact that people are routinely poaching the spillover signals coming from unprotected Wi-Fi networks. Some researchers indicate that as many as two-thirds of Wi-Fi signals in the U.S. are not secured by WEP or any sort of encryption or tunneling.
Since it doesn’t really take much to secure a network, you can assume that people do not mind you taking their Wi-Fi signals to do your e-mail. What people probably would not appreciate would be you loading up on porn or making terrorist threats on their dime with their IP address. What to do?
This column, triggered by a discussion on the Twit.Tv podcast and a previous column I’ve written got me a lot of email. The most compelling is this one.
Dear Mr. Dvorak,
YOU HAVE MISSED THE POINT!
In your article on WiMax you correctly determine that the Telco’s and Cable Companies are trying to control the market, yet you fail to make the association with unsecured Wi-Fi networks. Who is hurt by this practice of Telco’s and Cable companies giving away unsecured wireless routers to their clients? The clients or their competitors? I just shut down a pay Wi-Fi service because of the plethora of signal traffic in a small town. When, in my area, Verizon shipped me a router, it had wireless capability and the wireless signal was on by default. There is no mention of this in the manual that comes with the router, and even when the router was set to bridge mode the router continued to broadcast causing signal disruption for other Wi-Fi signals including my own AP!
In our town, there are many Bed and Breakfasts and homes with Verizon or Time Warner service who were given a wireless router by these same companies, but do not even know that they are broadcasting! There is even a research institute in town that has a wide open network. My 18 year old son has been to many of these same businesses and homes, which are owned by his classmates parents, and informed them of their open Wi-Fi signal and NOT ONE of them was aware that they even had Wi-Fi. If they had known they would have advertised this to potential guests!
Do you really think in these times of terrorism, phishing and identity theft, that anyone in this country would leave their signal and network wide open if they knew?
It is, in my opinion, a subtle method of sabotage by the Telco’s and Cable companies to undermine the independent pay Wi-Fi services thus preserving and protecting their market share.
I for one smell a pack of rats.
The send wishes to remain anonymous. But I told him that as interesting as this conspiracy theory sounds, I cannot see these guys being that smart!
I know my wi-fi is open. I perfer tp leave it that way. I live in the country and would not mind if MOST people borrow a little bit of bandwidth. I borrow it when I am away from home to get email and do short searchs on the internet. I agree with John if you do not know enough to lock down or do not care to then the signal is free game!
A simpler explanation is that the companies that manufacture wireless routers naturally assume that the people who buy them want to use the wireless feature, so it’s turned on by default.
I believe this is more likely the influence of technical support.
They probably made the decision to leave it enabled and unsecure so that they did not have to answer all the calls from novices on how to set up a wireless network properly.
I don’t use WEP mainly because it becomes a pain for someone visiting with a laptop to jump on my connection to go online or transfer files to one of my PCs. Many cards have different connection profiles which, when they work, helps – but most cheap cards do not. So then it becomes a chore of writing down their current WEP, entering in my WEP, and making sure to re-enter their original WEP before they leave. Invariably they have problems connecting to their router when they get home thus necessitating a phone call. Besides, any webpage that has an SSL logon is encrypted already so sniffing out my packets isn’t going to reveal any personal information.
I think he has it all wrong. Most non tech people that do know their router is sending out a wireless signal get it working first without any kind of encryption. Once it is set up they look through the manual and see words like “SSID” & “WEP” and “128 bit”. They have no clue what any of this means but it doesn’t matter because their wireless network is now working – and they probably don’t realise how easy it is pick up their signal.
The poster says: “Do you really think in these times of terrorism, phishing and identity theft, that anyone in this country would leave their signal and network wide open if they knew?”.
I say damn right they will – they are either too lazy to turn on any encryption or too lacking in the knowledge they need to work out what to do to turn it on.
All manfacturers of wifi equipment shoud redo their firmware and give users a choice between advanced user setup and “no nothing” setup.
Instead of “broadcast SSID?” it would say “do you want to let everyone near your house know you have a wireless network?”
Instead of “use WEP” it would ask “do you want to stop other people using your internet connection?”
Then they need to change the software for the wireless cards in the PC to fit these questions too. Then and only then will the majority of users turn encryption on.
I have to agree that for the most part when faced with the choice of stupidity or conspiracy, you can safely say stupidity.
MOre than likely the Telcos/Cable providers are receiving devices whose manufacturers have them defaulting to unsecured wireless and either they can’t change the defaults or they are choosing to make it as easy as possible for thier customers to get online (ie Making them as insecure as possible)
To take the obsurdity farther…I’ll sue anyone who’s wifi intudes onto my property. They are interfering with my enjoyment of my network and possibly causing my forgetfulness.
Maybe next we’ll have an “Wifi Priracy Inducement Act” where anyone who ‘induces me to steal their wifi would be punished.
I don’t usually agree with you but on this issue you almost get it right.
What a great summer job for Mr “miss the point”‘s son! He could go around with a wireless sniffer, find folks who have a wireless connection, contact them and offer to either shut off the service or encrypt it. He could show them the large amounts of money they’d be saving as a result of limiting the usage of their wireless service.
“–“
Quote marks, you just came up with a GREAT business scheme for kids during the summer. Nice idea. The downside is they’d probably get busted by some very ignorant police.
Oh, by the way, the sign “-” is a quoted ‘dash’, as close as I can get to a simple n-dash most places.
But, yes, a summer job! Or an extremely good deed for a boy scout! It might lead to a new merit badge: sysops.
“–“
That’s not all. On many of these systems you can login and change the settings to suit your tastes. I actually know the name of the person whose wireless connection I am using, just from looking through his router settings(which I was doing to help my cousin set up her own router.)
I work in tech support for Verizon. The modem you are talking about is the Westell Versalink Gateway 327W. That is a combo modem/router with a large antenna sticking out the back. Most of the people I talk with have enough trouble telling the difference between their “large modem”/”Hard drive” (computer) and the “little black box” (DSL modem). Because Verizon requires that we keep our average time under about 13 minutes, I can’t always help the customer the way I want.
Perhaps another metaphor might be:
I leave my door open and people come in and enjoy the infrared radiation from the fireplace. Unless I ask them to leave they have broken no law by accepting my tacit offer of hospitality. However if they take something, such as data, then they are knowingly in violation of the law.
this is really an issue of common law.
An interesting aside is what happens if they are injured somehow while on my premisis. Should they contract a virus, that I have not taken reasonable measures to contain, perhaps I am liable?
Perhaps, for the sake of everyone, I’d better keep the door shut and alert others of my desire for privacy.
John: great article. I always enjoy your articles.
The problem we are facing with technology today is that the average user just dosn’t have a clue whats going on behing that computer screen. they never did.
Its too technical even for the more advanced users.
A year or so before AOL announced it was part of the internet everyone including parents and grand parents rushed out and brough thier first PC. “AOL made online communications experience seem simple” They flocked on to the world wide web naked.
Most of the time its difficult enough for the average person set up a wireless net work. When they call customer support. over in some other land support is only concerned with get the system to work.
Security is another issue that is not supported
Paul brought up a good point.
Whven even broadcast the fact that you have a wireless connection.
on a certain frequency. Plus IP address and whos system your on.
Years back anything broadcasted via the airwaves was considered free. Since Direct TV the laws changed.
I admit to having an unsecured wireless network, until yesterday, that is. As an earlier poster noted, my router had no security turned on by default and since the network was working, I left well enough alone. And I didn’t mind if a neighbor happened to borrow a cup of bandwidth, as long as I still had plenty I was fine. However, I wasn’t thinking about the risks associated with file sharing. I have a bunch of wired PC’s on my network and had always allowed file sharing. I didn’t change any of that when I added wireless for the family laptops. But then yesterday, while checking the DHCP Client table in my router interface, I found a machine named “Jack” and suddenly felt completely and stupidly vulnerable. It took me a couple of hours(!) to get my wireless security working correctly (it kept dropping connections after five minutes), but I feel safer now. My point? I want to stress that this isn’t just an issue of the relatively harmless use of bandwidth. There is an issue of personal data being at risk, which I believe should be routinely added to the unsecured wireless threat list along with loading up porn and using your IP address to make terrorist threats.