OT: Need a Campaign to Secure WIFI Sites
Vara La Fey
varalafey at gmail.com
Sun Mar 26 00:35:07 MST 2017
I'm enjoying conversing with you, but we are getting waaaaaay off topic
for PLUG, unless we've been moved to an Ideology Room or some such. :-)
At least your method seems completely voluntary; it seems that you're
not claiming a Philsopher-King pedestal from which to begin controlling
other people. You'll win the argument or you won't. There is no other
fair way.
There is no "good ethics" which has ever, or will ever, control people
through a Nietzschean will to /political /power. Assuming that's what
you meant to imply. Forced subjugation is evil that cancels any good
that might exist in the ideology that drives the subjugation (usually
there's no good in it at all, else its proponents would rely on
persuasion rather than force).
When I have my own router again (budget!), I'll happily run it open for
the reasons I've already stated, but a thieving neighbor like yours
would sorely tempt me to secure it. You mentioned MAC address
"filtering". You lost me on that. I'm a power-user, not a network
expert. If you meant that you block your neighbor based on his MAC
address, I'd love to know how, in case the time comes that I need to do
that.
I mentioned escapist as an adjective, not as a title. But anything like
Turner Diaries won't interest me. I'm a hater of collectivism, and
racism is as collectivist as it gets. But as to Spook types, I've
written for an "extremist" publication (back when it was a
Constitutionalist thing) that better have gotten me onto a few
watch-lists, or I will be sorely disappointed. I want statists - forced
subjugationists - to know that I'm out here hating them.
It's almost exclusively the American Left that is threatening and
committing violence over ideological and factual disagreements. (Maybe
we should feel lucky that it's not the islamists.) Every day I see
examples of it - way too much of the LGBT "community" are far-Left. But
not all of us. Certainly not all.
Yes, we have to be better than that. As individuals, some of us can. As
a species average: no. Never have, never will. I wish it was otherwise.
:-( :-(
On 3/25/2017 11:45 PM, Eric Oyen wrote:
> well, even the blind have their darker sides. Also war driving can be
> a useful tool for discovering unsecured wifi devices. I have educated
> more than one neighbor around here on the virtues of proper security
> awareness. btw, the one neighbor who was using my connection without
> permission had already run afoul of the copyright police before, so he
> tried to use everyone else's connections around here. I have since
> talked with all neighbors around him and gotten them to lock down
> their routers. I can just imagine him sitting there seething trying to
> figure out how everyone around him became so secure all of the sudden.
>
> btw, I am also publishing a little how to in the local neighborhood
> newsletter here for all those who use fat pipe internet services (cox,
> DSL, DSS, Dish, etc.) and putting together a tutorial on how to lock
> down and limit access to a router. This got included in the last
> publication of the SPARC news letter in both English and SPanish The
> first of these was called "setting your router password and disabling
> remote access". I also included my email for those who have model
> specific questions. So, isn't it a wonder that said email box had a
> lot of responses in it with questions on how to do a great many
> things. Most of them start with the question: how do I find the ip
> address for my router? It's a basic question that a lot of people
> never think to ask until they are required to.
>
> It is interesting that you mention "the escapist". In a lot of ways,
> its a version of the "turner diaries". Some lessons to be learned from
> that reading as well. And now, I will just bet that the FBI will be
> looking at me because of the mention of just 1 title. ah well, I am
> well read. :)
>
> anyway, there are going to always be those in any community who will
> seek to control others through their will to power. Depending on their
> ethics, this could be a good thing, or a very bad thing. Right now,
> there is a lot of the latter going on here in the general public these
> days (what with people shouting down others or threatening violence
> because they don't agree with their politics). we have to be better
> than that.
>
> -eric
> from the central office of the Technomage Guild, rare books Dept.
>
> On Mar 25, 2017, at 6:58 PM, Vara La Fey wrote:
>
>> Ok, not a big deal. I won't worry about typing emoticons and such,
>> since your reader has prolly handled them since the alpha version.
>> I'm just always impressed by how well blind people can navigate,
>> since we are highly visual creatures building highly visual cultures.
>> But I know very little about the actual methods.
>>
>> There will always be exploiters, even blind wardrivers - and I'm not
>> sure if I'm happy about /that /kind of equal accessibility. :-P But
>> the existence of exploiters doesn't mean society needs to remove
>> every exploitable item.
>>
>> And if you had implemented only the security proposed in Victor's
>> "educational" nanny system, how would that have stopped your neighbor
>> from hacking your router? How much "educational" material, to prevent
>> how many types of exploit, is enough?
>>
>> I'd love to see a non-intrusive education program made easily available.
>>
>> Or a security-checking app that fine-tooths the user's system and
>> covers the basics in a wider scope than malware-stompers and such
>> currently do. Presumably they're out there, but I haven't ever
>> actually noticed one - or looked for one. All I've ever seen (other
>> than a few specifics I've researched) is piecemeal stuff here and
>> there: WinDOS "PC issues" alerts, the usual stompers, the usual setup
>> prompts, the usual "important" updates (which often are more trouble
>> than worth and get rolled back). I've noticed nothing coherent and
>> integrated.
>>
>> Either way, I'm always going to call out people who self-righteously
>> think they're superior enough take up my time lecturing me about my
>> actions for my own alleged "good". Always. If the Steve Litt types
>> get offended, I'm ok with that.
>>
>> Bova is a name I haven't encountered in a while. Every now and then I
>> could stand to read some good escapist (semi-?) libertarian fiction.
>>
>>
>> On 3/24/2017 2:29 PM, Eric Oyen wrote:
>>> totally blind here.
>>> I use a screen reader, and a braille device. I still run into
>>> problems with sites that just aren't usable with either (and
>>> sometimes I am even forced to go to windows just to use a browser I
>>> can't use on this mac). as for feeling sorry, don't. I don't make a
>>> big deal of it and neither should you.
>>>
>>> btw, getting back on subject here, I recently had a run-in with my
>>> ISP (cox) when they sent me a nasty note claiming I was sharing
>>> infringing content. I tracked it down to the router (which had
>>> apparently been hacked). Stupid little Linksys device didn't have
>>> very good security on it. So, I burned in a dd-wrt image, changed a
>>> lot of settings and now I don't have that neighbor using my
>>> connection for his bit torrent activities. btw, I found the exploit
>>> that said neighbor used over on wikileaks vault7 page. Right now, I
>>> am testing the device with a linux laptop using reaver and john the
>>> ripper (and pwgen to create the rainbow file). So far, it has taken
>>> a better part of 2 days and it still hasn't guessed the passphrase.
>>> One of the first things I did after replacing the system image on
>>> the router was to turn off the PIN for the device. WIth that on,
>>> Reaver was able to take just 5 minutes to break the connection and
>>> gain entrance.
>>>
>>> so, if I can do this here at home, its a sure bet that some of these
>>> places with a wide open router are getting a lot of illicit traffic
>>> (and its also a sure bet that someone is pulling a man-in-the-middle
>>> attack to get info they shouldn't have). so, believe me, if it can
>>> happen to me (an experienced IT person), it can happen to anyone who
>>> doesn't take the time to secure their devices.
>>>
>>> btw, to give you an idea of how strong my passphrase is, its a
>>> minimum of 200 characters (including spaces), run through a jive
>>> converter and then converted to 1337 using one of the known
>>> converter websites. so, good luck guessing it. :) I also use mac
>>> address filtering here and even have my SSID broadcast hidden.
>>>
>>> btw, back on the subject of accessibility for a moment… the guys who
>>> developed Reaver got contacted by me several years back. I asked
>>> them if it could be possible to include a couple of packages on
>>> their live CD (specifically ORCA and an audio driver). They did and
>>> the tool is completely accessible for the blind war driver. :) so,
>>> it doesn't hurt to ask. :)
>>>
>>> -eric
>>> from the central office of the Technomage Guild, network breakages R
>>> us Dept.
>>>
>>> On Mar 23, 2017, at 9:45 PM, Vara La Fey wrote:
>>>
>>>> Oooh, now your sig places you with the Brave New World dept. Heh.
>>>> Perfect timing.
>>>>
>>>> I'd love to de-Google, but as with Fakebook, that's where the party
>>>> is. Even worse is that Google's products are pretty good.
>>>>
>>>> Speaking of FB, they keep hitting me with a security verification
>>>> when I go to my page to login. Fortunately my Firefox gives me its
>>>> usual login screen and easily bypasses that.
>>>>
>>>> I'm sorry to hear that you're blind, but I'm also curious how you
>>>> navigate so well. I've never heard of a captcha solver, but now and
>>>> then I'll click the gimme-a-new-one button or the say-it-aloud
>>>> button. And my vision isn't good, but not blind. Can you see the
>>>> captchas at all, or do you navigate by text-to-speech and a braille
>>>> keyboard?
>>>>
>>>>
>>>> On 3/23/2017 8:34 PM, Eric Oyen wrote:
>>>>> yes, they are. I even have a captcha solver tool here, but it's
>>>>> only effective 50% of the time. Google is, by far, the worst
>>>>> offender of the lot when it comes to this type of http
>>>>> interception and presentation scheme.
>>>>>
>>>>> -eric
>>>>> from the central office of the Technomage Guild, Brave new world Dept.
>>>>>
>>>>> On Mar 23, 2017, at 6:07 PM, Vara La Fey wrote:
>>>>>
>>>>>> Mmm hmm. But at least nobody will know that you're streaming the
>>>>>> footage of his arrival.
>>>>>>
>>>>>> Are these captcha-blockings you mention the same as when Google
>>>>>> and others intercept you when they detect that you're not trying
>>>>>> to login from the same IP as your previous logons? Back when I
>>>>>> last used Tor to actually login to an account, sites I used
>>>>>> weren't doing that kind of interception. I've merely browsed with
>>>>>> Tor since.
>>>>>>
>>>>>> - Vara
>>>>>>
>>>>>>
>>>>>> On 3/23/2017 5:13 PM, Eric Oyen wrote:
>>>>>>> That is the other problem I have seen with TOR. Any slower and
>>>>>>> the second coming of christ will arrive sooner. :)
>>>>>>>
>>>>>>> -eric
>>>>>>> from the central office of the Technomage Guild, Editors choice
>>>>>>> dept.
>>>>>>>
>>>>>>> On Mar 23, 2017, at 4:02 PM, Vara La Fey wrote:
>>>>>>>
>>>>>>>> I'm all for education. I'm a trans-girl, and believe me, I
>>>>>>>> would like to educate people a little about us. But I wouldn't
>>>>>>>> take it upon myself to intrude on their time for a 3 Minute
>>>>>>>> Love unless they're trying to hurt someone.
>>>>>>>>
>>>>>>>> I don't want people semi-forcing content on me. And the desired
>>>>>>>> "campaign" is exactly that. It's sad that everyone here who
>>>>>>>> comments keeps asserting the "safety" benefits, without a care
>>>>>>>> in the world about the sheer intrusiveness and the obvious
>>>>>>>> socio-political abuses of systems like that becoming
>>>>>>>> commonplace. Which hopefully they won't.
>>>>>>>>
>>>>>>>> I don't need a VPN and have never set one up, but I don't doubt
>>>>>>>> the security of a VPN/Tor combination. And if you are really
>>>>>>>> afraid of snoops and spooks, encrypt all your text traffic with
>>>>>>>> large PGP keys. But I rarely use Tor because it's horribly
>>>>>>>> slow, and PGP because it's an extra few steps. But they are
>>>>>>>> always there for those special occasions. :-)
>>>>>>>>
>>>>>>>> - Vara
>>>>>>>>
>>>>>>>>
>>>>>>>> On 3/23/2017 3:16 PM, Eric Oyen wrote:
>>>>>>>>> well, if you don't want to deal with bad certs, redirected
>>>>>>>>> https,etc, you can either not use that router/service or get a
>>>>>>>>> VPN and secure all your traffic. And yes, I will not use
>>>>>>>>> paywall systems of any kind, they have no business knowing
>>>>>>>>> what my credentials are.
>>>>>>>>>
>>>>>>>>> Lastly, if I want real security, a combo of VPN and TOR cannot
>>>>>>>>> be beat. I use private internet access for the VPN and also
>>>>>>>>> have a TOR node setup here. the TOR node will not be connected
>>>>>>>>> until after the VPN comes up. why let my ISP know I am running
>>>>>>>>> a TOR node here at home? The only issue I have with this is
>>>>>>>>> that my search engine queries don't work right (mostly, I get
>>>>>>>>> blocked and asked to solve a captcha, which is not doable for
>>>>>>>>> the blind most times)
>>>>>>>>> Anyway, do what you must, but education should be the first
>>>>>>>>> item on the list when it comes to net security.
>>>>>>>>>
>>>>>>>>> -eric
>>>>>>>>> from the central office of the Technomage Guild, Security
>>>>>>>>> applications dept.
>>>>>>>>>
>>>>>>>>> On Mar 23, 2017, at 2:50 PM, Vara La Fey wrote:
>>>>>>>>>
>>>>>>>>>> First you were talking about open hotspots. Then you were
>>>>>>>>>> talking about https. Now you are talking about ssl.
>>>>>>>>>>
>>>>>>>>>> But all the while you're still just talking about monitoring
>>>>>>>>>> and restricting the activity of 3rd parties on 4th party
>>>>>>>>>> systems. And it seems really important to you for some reason.
>>>>>>>>>>
>>>>>>>>>> Please, waste time and effort and money patenting your
>>>>>>>>>> /spyware /chaperone system that monitors web activity with
>>>>>>>>>> the intent of /creating consequences /for activity which you
>>>>>>>>>> - or your intended customer - opines is "invalid". I doubt
>>>>>>>>>> very many people will buy into it because there is no upside
>>>>>>>>>> for them. Even when they alter it to fit their own agenda,
>>>>>>>>>> they just anger their customers who can click OK for EULAs
>>>>>>>>>> and enter logins, but cannot bypass your 3 Minute Hate.
>>>>>>>>>>
>>>>>>>>>> If it can detect an "invalid" certificate, then by changing a
>>>>>>>>>> couple code lines (if even), it can detect anything else
>>>>>>>>>> about an attempted site visit. Of course this ability is
>>>>>>>>>> ancient now, but less evil implementations of it merely
>>>>>>>>>> censor by blocking, which is bad enough. Yours is
>>>>>>>>>> "educational" - and it's interesting that /you /put the
>>>>>>>>>> quotes around that word yourself - for the purpose of taking
>>>>>>>>>> up other people's time with propaganda.
>>>>>>>>>>
>>>>>>>>>> If it became common, it would become a mandatory advertising
>>>>>>>>>> medium anytime anyone clicked on a competitor's site, or a
>>>>>>>>>> site with bad reviews for your customer. If it became law, it
>>>>>>>>>> would become a mandatory propaganda delivery system anytime
>>>>>>>>>> anyone clicked on a site containing any kind of dissenting
>>>>>>>>>> viewpoint.
>>>>>>>>>>
>>>>>>>>>> Are you hoping to create one of those conditions? If so, which?
>>>>>>>>>>
>>>>>>>>>> Because this sure looks like more than just wanting to
>>>>>>>>>> manipulate lesser people into a system designed to reinforce
>>>>>>>>>> your wishful feelings of superiority. There has to be a more
>>>>>>>>>> compelling reason that you're this overly concerned about
>>>>>>>>>> what 3rd parties do on 4th party systems.
>>>>>>>>>>
>>>>>>>>>> Which, btw, brings up the fact that your system is not
>>>>>>>>>> equivalent to EULAs or logins or pay systems, because the
>>>>>>>>>> connection provider has the right to set conditions for using
>>>>>>>>>> their connection. Your spyware idea is to harass people who
>>>>>>>>>> are using /other people's/ connections.
>>>>>>>>>>
>>>>>>>>>> I'm not an expert on web connection technology per se, but it
>>>>>>>>>> seems that Tor would nicely wire around all SSL issues after
>>>>>>>>>> the initial connection to the now-restricted hotspot. You
>>>>>>>>>> certainly make a great case for using it, even if just on
>>>>>>>>>> general principle. So what would you do about that?
>>>>>>>>>>
>>>>>>>>>> I don't think your grandmother wants you monitoring her
>>>>>>>>>> activity. I don't think /anyone /wants you monitoring their
>>>>>>>>>> activity. But you seem to want to do it anyway. And no one
>>>>>>>>>> but me is saying boo to you. :-(
>>>>>>>>>>
>>>>>>>>>> As to the trivia: I personally have never had trouble from
>>>>>>>>>> visiting a site with an "invalid certificate" of any kind,
>>>>>>>>>> because that stuff simply isn't 100% maintained. Obviously I
>>>>>>>>>> am careful where I go and what I click and download anyway. I
>>>>>>>>>> do not so easily ignore "known malware site" warnings, and if
>>>>>>>>>> in doubt about a site I reflexively check the web address.
>>>>>>>>>> MyBank.Phishing.com <http://MyBank.Phishing.com/> and
>>>>>>>>>> Phishing.com/MyBank <http://Phishing.com/MyBank> do not get
>>>>>>>>>> clicks from me. But that's all beside the point.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 3/20/2017 9:57 PM, Brien Dieterle wrote:
>>>>>>>>>>> On Mar 20, 2017 3:36 PM, "Vara La Fey" <varalafey at gmail.com
>>>>>>>>>>> <mailto:varalafey at gmail.com>> wrote:
>>>>>>>>>>>
>>>>>>>>>>> OMG!!
>>>>>>>>>>>
>>>>>>>>>>> First of all, you'd be mis-educating them if telling
>>>>>>>>>>> them that certificate "validity" has any real meaning.
>>>>>>>>>>> (But now you're talking about http.)
>>>>>>>>>>>
>>>>>>>>>>> I mean validity as in trusted roots that have been shipped
>>>>>>>>>>> with your OS or browser. Surely you don't mean these are
>>>>>>>>>>> meaningless. AFAIK they are very reliable as long as you
>>>>>>>>>>> never accept bogus certs. If you accept bogus certs "all the
>>>>>>>>>>> time", I really hope you know what you're doing. Pretty much
>>>>>>>>>>> any important site should have working SSL.
>>>>>>>>>>>
>>>>>>>>>>> There is a reason why all the browsers freak out when you
>>>>>>>>>>> get a bad cert, but users still click "add exception". My
>>>>>>>>>>> captive education portal would give real consequence to this
>>>>>>>>>>> with the 3 minute power point slideshow and mandatory quiz.
>>>>>>>>>>> I wonder if this is already patented. . .
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Second, why do you think you have any right to put speed
>>>>>>>>>>> bumps in the way of people who are doing nothing to you?
>>>>>>>>>>>
>>>>>>>>>>> Plenty of businesses do this already for captive portals and
>>>>>>>>>>> forcing users to log in, pay, or accept an EULA. They are
>>>>>>>>>>> already tampering with your SSL connection in order to
>>>>>>>>>>> redirect you to the portal. I'm just suggesting to use this
>>>>>>>>>>> technology for "educational" purposes.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Third, if your grandmother needs internet "safety"
>>>>>>>>>>> education, just educate her, or refuse to keep fixing
>>>>>>>>>>> the problems she encounters in her ignorance - if she
>>>>>>>>>>> really is all that ignorant. I hope you wouldn't install
>>>>>>>>>>> a browser re-direct without her consent, because then
>>>>>>>>>>> you'd be just any other malware propagator with just any
>>>>>>>>>>> other self-righteous rationalization.
>>>>>>>>>>>
>>>>>>>>>>> Well, I'm lazy. I'd much rather have an ongoing passive
>>>>>>>>>>> education program for anyone that uses that router. Maybe
>>>>>>>>>>> only 1 in 1000 requests trigger the "test", or once a month
>>>>>>>>>>> per mac address maybe. If grandma fails the test I can get
>>>>>>>>>>> an email so I can call her up and gently chastise her.
>>>>>>>>>>> "Grandmaaaa, did you accept a bogus SSL certificate again?
>>>>>>>>>>> Hmmm?"
>>>>>>>>>>>
>>>>>>>>>>> As far as consent goes, I'm only talking about routers you
>>>>>>>>>>> own or have permission to modify. That should go without
>>>>>>>>>>> saying.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Fourth, if /you /need educational "speed bumps" on /your
>>>>>>>>>>> /router, /you /are free to have them. One of the great
>>>>>>>>>>> things about freedom - from government or from meddling
>>>>>>>>>>> busybodies - is that /you /get to be free too.
>>>>>>>>>>>
>>>>>>>>>>> My post is in the context of businesses or individuals that
>>>>>>>>>>> provide Internet to the public. Presumably businesses and
>>>>>>>>>>> individuals have the freedom to do this kind of SSL
>>>>>>>>>>> interception, since they've already been doing it for years
>>>>>>>>>>> without any repercussions. Personally I'm disturbed that
>>>>>>>>>>> businesses will try to get me to accept their SSL cert for
>>>>>>>>>>> their Wi-Fi portal, but I know the technology leaves little
>>>>>>>>>>> choice. One trick is to ignore the cert and try again with
>>>>>>>>>>> a non SSL address.
>>>>>>>>>>>
>>>>>>>>>>> It is pretty ironic that the first thing these captive
>>>>>>>>>>> portals ask users to do is blindly accept a bogus SSL cert.
>>>>>>>>>>> It is really just a sad state of affairs that we are
>>>>>>>>>>> literally training people to accept bad SSL certificates.
>>>>>>>>>>>
>>>>>>>>>>> For years my Firefox has had an option to "always use
>>>>>>>>>>> HTTPS", and I'm sure all other modern browsers do as
>>>>>>>>>>> well. Plus, Mozilla.org <http://Mozilla.org/> has a free
>>>>>>>>>>> plugin - I think it's from EFF.org <http://EFF.org/> -
>>>>>>>>>>> called "HTTPS Everywhere". It's all very easy to use,
>>>>>>>>>>> and will be almost entirely transparent to Grandma.
>>>>>>>>>>>
>>>>>>>>>>> This won't do anything to protect you/grandma from bogus ssl
>>>>>>>>>>> certs. Imagine connecting to a bad AP at Starbucks that is
>>>>>>>>>>> proxying all your SSL connections. Your only defense is
>>>>>>>>>>> trusted roots and knowing not to accept bogus SSL certs. If
>>>>>>>>>>> only we had a captive router-based SSL education program... ;)
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 3/20/2017 3:14 PM, Brien Dieterle wrote:
>>>>>>>>>>>> A system like I described would just be an "educational
>>>>>>>>>>>> tool" to encourage people to use HTTPS (properly). It
>>>>>>>>>>>> wouldn't stop you from accepting bogus certificates--
>>>>>>>>>>>> just a speed bump. Now that I've thought about it I'd
>>>>>>>>>>>> really like to install something like this on my
>>>>>>>>>>>> grandparent's router. . . heck, my own router. . .
>>>>>>>>>>>>
>>>>>>>>>>>> On Mon, Mar 20, 2017 at 2:50 PM, Vara La Fey
>>>>>>>>>>>> <varalafey at gmail.com <mailto:varalafey at gmail.com>> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> Oh HELL no!! What kind of hall-monitor nanny
>>>>>>>>>>>> mentality do you want people to adopt??
>>>>>>>>>>>>
>>>>>>>>>>>> I accept "bogus" certificates all the time because
>>>>>>>>>>>> the whole idea of certificates is crap in the first
>>>>>>>>>>>> place - they are NOT maintained - and years ago I
>>>>>>>>>>>> got tired of that procedure warning me about
>>>>>>>>>>>> "invalid" certificates for sites that were
>>>>>>>>>>>> perfectly valid.
>>>>>>>>>>>>
>>>>>>>>>>>> I've never had a problem. Of course I'm also
>>>>>>>>>>>> careful where I go, certificate or not.
>>>>>>>>>>>>
>>>>>>>>>>>> - Vara
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> On 3/20/2017 2:12 PM, Brien Dieterle wrote:
>>>>>>>>>>>>> Maybe every commercial router should do SSL
>>>>>>>>>>>>> interception by default. If a user accepts a bogus
>>>>>>>>>>>>> certificate they are taken to a page that
>>>>>>>>>>>>> thoroughly scolds them and informs them about the
>>>>>>>>>>>>> huge mistake they made, forces them to read a few
>>>>>>>>>>>>> slides and take a quiz on network safety before
>>>>>>>>>>>>> allowing them on the Internet. Maybe do the same
>>>>>>>>>>>>> for non-ssl HTTP traffic, etc.. .
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Mar 20, 2017 at 1:55 PM, Matt Graham
>>>>>>>>>>>>> <mhgraham at crow202.org
>>>>>>>>>>>>> <mailto:mhgraham at crow202.org>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Mon, Mar 20, 2017 at 12:29 PM, Victor
>>>>>>>>>>>>> Odhner <vodhner at cox.net
>>>>>>>>>>>>> <mailto:vodhner at cox.net>> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> I’m really annoyed that so many
>>>>>>>>>>>>> companies offer open WIFI when it would be
>>>>>>>>>>>>> so easy to secure those hot spots.
>>>>>>>>>>>>> Restaurants, hotels, and the waiting
>>>>>>>>>>>>> rooms of auto dealerships are almost
>>>>>>>>>>>>> 100% open.
>>>>>>>>>>>>>
>>>>>>>>>>>>> [snip]
>>>>>>>>>>>>> On 2017-03-20 13:20, Stephen Partington wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>> This is usually done as a means to be easy
>>>>>>>>>>>>> for their customers.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> Pretty much this. Convenience is more valuable
>>>>>>>>>>>>> than security in most people's minds.
>>>>>>>>>>>>>
>>>>>>>>>>>>> they’d be happy to do the right thing
>>>>>>>>>>>>> if we could explain it to the right
>>>>>>>>>>>>> people.
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm not sure this would happen. Setting up
>>>>>>>>>>>>> passwords and then distributing those
>>>>>>>>>>>>> passwords has a non-zero cost and offers zero
>>>>>>>>>>>>> visible benefits for most of the people who
>>>>>>>>>>>>> are using the wireless networks.[0] And as
>>>>>>>>>>>>> another poster said, what about
>>>>>>>>>>>>> football/baseball stadiums? Distributing
>>>>>>>>>>>>> passwords to tens of thousands of people is
>>>>>>>>>>>>> sort of difficult. "Just watching the game" is
>>>>>>>>>>>>> not an option; people want to FaceTweet
>>>>>>>>>>>>> pictures of themselves at the game.
>>>>>>>>>>>>>
>>>>>>>>>>>>> OTOH, the last time I looked at the access
>>>>>>>>>>>>> points visible from my living room, almost all
>>>>>>>>>>>>> of them had some sort of access control
>>>>>>>>>>>>> enabled. Maybe there's a social convention
>>>>>>>>>>>>> forming that "my access point" ~= "my back
>>>>>>>>>>>>> yard" and "open access point" ~= "a public park"?
>>>>>>>>>>>>>
>>>>>>>>>>>>> [0] Having a more educated user population
>>>>>>>>>>>>> would make the benefits more visible, but it's
>>>>>>>>>>>>> very difficult to make people care about these
>>>>>>>>>>>>> things.
>>>>>>>>>>>>>
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Crow202 Blog: http://crow202.org/wordpress
>>>>>>>>>>>>> There is no Darkness in Eternity
>>>>>>>>>>>>> But only Light too dim for us to see.
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>>> PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org>
>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your
>>>>>>>>>>>>> mail settings:
>>>>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org>
>>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>>> PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org> To
>>>>>>>>>>>> subscribe, unsubscribe, or to change your mail
>>>>>>>>>>>> settings:
>>>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org>
>>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list -
>>>>>>>>>>> PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org> To subscribe,
>>>>>>>>>>> unsubscribe, or to change your mail settings:
>>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>>> <http://lists.phxlinux.org/mailman/listinfo/plug-discuss>
>>>>>>>>>>>
>>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>> ---------------------------------------------------
>>>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org> To subscribe,
>>>>>>>>>> unsubscribe, or to change your mail settings:
>>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------
>>>>>>>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>> ---------------------------------------------------
>>>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org> To subscribe,
>>>>>>>> unsubscribe, or to change your mail settings:
>>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>>
>>>>>>> ---------------------------------------------------
>>>>>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>> --------------------------------------------------- PLUG-discuss
>>>>>> mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> <mailto:PLUG-discuss at lists.phxlinux.org> To subscribe,
>>>>>> unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>> --------------------------------------------------- PLUG-discuss
>>>> mailing list - PLUG-discuss at lists.phxlinux.org
>>>> <mailto:PLUG-discuss at lists.phxlinux.org> To subscribe, unsubscribe,
>>>> or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>> --------------------------------------------------- PLUG-discuss
>> mailing list - PLUG-discuss at lists.phxlinux.org
>> <mailto:PLUG-discuss at lists.phxlinux.org> To subscribe, unsubscribe,
>> or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20170326/ce172d06/attachment.html>
More information about the PLUG-discuss
mailing list