OT: Need a Campaign to Secure WIFI Sites

der.hans PLUGd at LuftHans.com
Mon Mar 20 17:26:01 MST 2017 

Am 20. Mar, 2017 schwätzte Victor Odhner so:

moin moin Vic,

> I had not heard of “always HTTPS”, thanks Vara. I will check the
> family’s traveling browsers for this option. (Most things I do are of
> course over HTTPS, or in the past were inside my system.)

"HTTPS Everywhere", it's an addon from the EFF and now available directly
from Mozilla's addon repository. Also checkout Privacy Badger from the
EFF.

> Disclaimer: my brain is somewhat damaged since I’m four years away

Only somewhat because you've had four years of recovery? :)

ciao,

der.hans

> from my long IT career. I mostly use my Linux box and MacBook for
> browsing and email. Now in the nonprofit volunteer world, I’m mostly
> fixing appliances and drywall, playing DJ and guitar teacher for kids,
> and generally free of technical stuff except painful encounters with
> Office 365. But I’ve kept the MacBook clean for four years of heavy
> use, so that’s where my paranoia about WIFI comes from.
>
> Best,
>
> Victor
> _____________________
>
> On Mar 20, 2017, at 16:32:40, der.hans <PLUGd at LuftHans.com> wrote:
>
> Am 20. Mar, 2017 schwätzte Vara La Fey so:
>
> moin moin,
>
> Anon Anon already covered the awesomeness of Vara's post :).
>
> I will add that there is no difference between open or secure hotspot from
> the general public's perspective[0]. You should consider the WiFi AP to be
> compromised and be cautious about how you send data over it. The same as
> your ISP's router when you're at home.
>
> If the data is sensitive, make sure you have end to end encryption you can
> trust. Do not trust the WiFi AP or the upstream router.
>
> The real reasons for businesses to add authentication is to reduce
> bandwidth usage and possibly help avoid liability.
>
> [0] When using corporate WiFi using corporate resources, then you should
> be able to trust they are providing adequate security for their APs and
> the internal network. I tend to run everything over SSH tunnels anyway :).
>
> ciao,
>
> der.hans
>
>> Nuh uh. Open hotspots is one of the great things about the internet, and from time to time everyone needs one - sometimes in the middle of the night or during holidays when lobbies with keys posted aren't available. Open hotspots are also a good way to maintain anonymity for dissidents, whistle-blowers, LGBT who are not "out", etc. When I have my own routers, I often run them open for all these reasons, and I always will.
>>
>> I sometimes educate family and friends about PGP, and one of these days I will run a Tor node as well, with all the censor-circumvention tools available. The more that censors and anti-anonymity Orwellianists don't like it, the more everybody should do it.
>>
>> I don't give .001% of a damn whether actual criminals use hotspots or anything else, in exactly the same ways I don't give .001% of a damn if they use guns, cars, roads, kitchen knives - or anything else.
>>
>> Instead of desiring safety over the animating quest for freedom, why don't you suggest educating people to use https? As it is, the Electronic Frontier Foundation (www.eff.org) recently reported that https use is up to 40%, IIRC.
>>
>> - Vara
>>
>>
>> On 3/20/2017 12:29 PM, Victor Odhner wrote:
>>> I’m really annoyed that so many companies offer open WIFI when it would be so easy to secure those hot spots.
>>> Restaurants, hotels, and the waiting rooms of auto dealerships are almost 100% open.
>>> I am not one to say “there ought to be a law” because we have too many doggone laws, and I’m not that into a lot of demonstrating and yelling. But I would love to help educate companies on why they should secure their routers.
>>> If I were a progressive type, I’d suggest putting stickers on those venues saying:
>>>
>>>    We don’t have passwords on our WIFI
>>>    because OUR WIFI (and YOUR passwords)
>>>    should be available to everybody
>>>    with no effort!
>>> But being more right-wing, I’d much rather recognize that they’d be happy to do the right thing if we could explain it to the right people.
>>> I’ve repeatedly thanked the mechanic shop I use (C&R Tire on Tatum) because they have a key posted and I can feel sort of safe going online while I wait for an oil change. But all the places that have open routers are corporate owned so it does no good to gripe to the folks behind the desk.
>>> Any ideas on this?
>>> Thanks,
>>> Victor
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>>
>
>

-- 
#  http://www.LuftHans.com/        http://www.PhxLinux.org/
#  "I dream of a world where the truth is what shapes people's politics.
#  Rather than politics shaping what people think is true."
#     -- Neal DeGrasse Tyson

More information about the PLUG-discuss mailing list