OT: Need a Campaign to Secure WIFI Sites

Mon Mar 20 17:15:55 MST 2017

Thanks, everyone.

I’ve learned something in this discussion, and it led me to re-visit what I did know, which was refreshed here:
https://security.stackexchange.com/questions/35867/why-isnt-open-wifi-encrypted <https://security.stackexchange.com/questions/35867/why-isnt-open-wifi-encrypted>

So, one basic point is that giving out a lame password does indeed give each user a unique encryption but increases the risk of access to open points internally. I’m clueless about some issues, like an AP not wanting to be identified.

I had not heard of “always HTTPS”, thanks Vara. I will check the family’s traveling browsers for this option. (Most things I do are of course over HTTPS, or in the past were inside my system.)

Disclaimer: my brain is somewhat damaged since I’m four years away from my long IT career. I mostly use my Linux box and MacBook for browsing and email. Now in the nonprofit volunteer world, I’m mostly fixing appliances and drywall, playing DJ and guitar teacher for kids, and generally free of technical stuff except painful encounters with Office 365. But I’ve kept the MacBook clean for four years of heavy use, so that’s where my paranoia about WIFI comes from.

Best,

Victor
_____________________

On Mar 20, 2017, at 16:32:40, der.hans <PLUGd at LuftHans.com> wrote:

Am 20. Mar, 2017 schwätzte Vara La Fey so:

moin moin,

Anon Anon already covered the awesomeness of Vara's post :).

I will add that there is no difference between open or secure hotspot from
the general public's perspective[0]. You should consider the WiFi AP to be
compromised and be cautious about how you send data over it. The same as
your ISP's router when you're at home.

If the data is sensitive, make sure you have end to end encryption you can
trust. Do not trust the WiFi AP or the upstream router.

The real reasons for businesses to add authentication is to reduce
bandwidth usage and possibly help avoid liability.

[0] When using corporate WiFi using corporate resources, then you should
be able to trust they are providing adequate security for their APs and
the internal network. I tend to run everything over SSH tunnels anyway :).

ciao,

der.hans

> Nuh uh. Open hotspots is one of the great things about the internet, and from time to time everyone needs one - sometimes in the middle of the night or during holidays when lobbies with keys posted aren't available. Open hotspots are also a good way to maintain anonymity for dissidents, whistle-blowers, LGBT who are not "out", etc. When I have my own routers, I often run them open for all these reasons, and I always will.
> 
> I sometimes educate family and friends about PGP, and one of these days I will run a Tor node as well, with all the censor-circumvention tools available. The more that censors and anti-anonymity Orwellianists don't like it, the more everybody should do it.
> 
> I don't give .001% of a damn whether actual criminals use hotspots or anything else, in exactly the same ways I don't give .001% of a damn if they use guns, cars, roads, kitchen knives - or anything else.
> 
> Instead of desiring safety over the animating quest for freedom, why don't you suggest educating people to use https? As it is, the Electronic Frontier Foundation (www.eff.org) recently reported that https use is up to 40%, IIRC.
> 
> - Vara
> 
> 
> On 3/20/2017 12:29 PM, Victor Odhner wrote:
>> I’m really annoyed that so many companies offer open WIFI when it would be so easy to secure those hot spots.
>> Restaurants, hotels, and the waiting rooms of auto dealerships are almost 100% open.
>> I am not one to say “there ought to be a law” because we have too many doggone laws, and I’m not that into a lot of demonstrating and yelling. But I would love to help educate companies on why they should secure their routers.
>> If I were a progressive type, I’d suggest putting stickers on those venues saying:
>> 
>>    We don’t have passwords on our WIFI
>>    because OUR WIFI (and YOUR passwords)
>>    should be available to everybody
>>    with no effort!
>> But being more right-wing, I’d much rather recognize that they’d be happy to do the right thing if we could explain it to the right people.
>> I’ve repeatedly thanked the mechanic shop I use (C&R Tire on Tatum) because they have a key posted and I can feel sort of safe going online while I wait for an oil change. But all the places that have open routers are corporate owned so it does no good to gripe to the folks behind the desk.
>> Any ideas on this?
>> Thanks,
>> Victor
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> 
> 

-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  veni, vidi, wiki - I came, I saw, I documented---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20170320/da50b21a/attachment.html>