<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Victor, I can't even <i>find </i>the "use https" option in my
Firefox anymore. I'd guess it's automatic now. In 2012-ish people
were complaining about the redirect to https, so Mozilla's
inclusion goes back at least that far.</p>
<p>- Vara<br>
</p>
<br>
<div class="moz-cite-prefix">On 3/20/2017 5:15 PM, Victor Odhner
wrote:<br>
</div>
<blockquote cite="mid:E2C46F5D-826E-45C4-8D2A-77E4769C09FF@cox.net"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div class="">Thanks, everyone.
<div class=""><br class="">
</div>
<div class="">I’ve learned something in this discussion, and it
led me to re-visit what I did know, which was refreshed here:</div>
<div class=""><a moz-do-not-send="true"
href="https://security.stackexchange.com/questions/35867/why-isnt-open-wifi-encrypted"
class="">https://security.stackexchange.com/questions/35867/why-isnt-open-wifi-encrypted</a></div>
<div class=""><br class="">
</div>
<div class="">So, one basic point is that giving out a lame
password does indeed give each user a unique encryption but
increases the risk of access to open points internally. I’m
clueless about some issues, like an AP not wanting to be
identified.<br class="">
</div>
<div class=""><br class="">
</div>
<div class="">I had not heard of “always HTTPS”, thanks Vara. I
will check the family’s traveling browsers for this option.
(Most things I do are <i class="">of course</i> over HTTPS, or
in the past were inside my system.)</div>
<div class=""><br class="">
</div>
<div class="">Disclaimer: my brain is somewhat damaged since I’m
four years away from my long IT career. I mostly use my Linux
box and MacBook for browsing and email. Now in the nonprofit
volunteer world, I’m mostly fixing appliances and drywall,
playing DJ and guitar teacher for kids, and generally free of
technical stuff except painful encounters with Office 365. But
I’ve kept the MacBook clean for four years of heavy use, so
that’s where my paranoia about WIFI comes from.</div>
<div class=""><br class="">
</div>
<div class="">
<div class="">Best,</div>
<div class=""><br class="">
</div>
<div class="">Victor</div>
</div>
</div>
<div class="">_____________________</div>
<div class=""><br class="">
</div>
<div>
<div class="">On Mar 20, 2017, at 16:32:40, der.hans <<a
moz-do-not-send="true" href="mailto:PLUGd@lufthans.com"
class="">PLUGd@LuftHans.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">Am 20. Mar, 2017 schwätzte Vara La Fey so:<br
class="">
<br class="">
moin moin,<br class="">
<br class="">
Anon Anon already covered the awesomeness of Vara's post :).<br
class="">
<br class="">
I will add that there is no difference between open or
secure hotspot from<br class="">
the general public's perspective[0]. You should consider the
WiFi AP to be<br class="">
compromised and be cautious about how you send data over it.
The same as<br class="">
your ISP's router when you're at home.<br class="">
<br class="">
If the data is sensitive, make sure you have end to end
encryption you can<br class="">
trust. Do not trust the WiFi AP or the upstream router.<br
class="">
<br class="">
The real reasons for businesses to add authentication is to
reduce<br class="">
bandwidth usage and possibly help avoid liability.<br
class="">
<br class="">
[0] When using corporate WiFi using corporate resources,
then you should<br class="">
be able to trust they are providing adequate security for
their APs and<br class="">
the internal network. I tend to run everything over SSH
tunnels anyway :).<br class="">
<br class="">
ciao,<br class="">
<br class="">
der.hans<br class="">
<br class="">
<blockquote type="cite" class="">Nuh uh. Open hotspots is
one of the great things about the internet, and from time
to time everyone needs one - sometimes in the middle of
the night or during holidays when lobbies with keys posted
aren't available. Open hotspots are also a good way to
maintain anonymity for dissidents, whistle-blowers, LGBT
who are not "out", etc. When I have my own routers, I
often run them open for all these reasons, and I always
will.<br class="">
<br class="">
I sometimes educate family and friends about PGP, and one
of these days I will run a Tor node as well, with all the
censor-circumvention tools available. The more that
censors and anti-anonymity Orwellianists don't like it,
the more everybody should do it.<br class="">
<br class="">
I don't give .001% of a damn whether actual criminals use
hotspots or anything else, in exactly the same ways I
don't give .001% of a damn if they use guns, cars, roads,
kitchen knives - or anything else.<br class="">
<br class="">
Instead of desiring safety over the animating quest for
freedom, why don't you suggest educating people to use
https? As it is, the Electronic Frontier Foundation (<a
moz-do-not-send="true" href="http://www.eff.org"
class="">www.eff.org</a>) recently reported that https
use is up to 40%, IIRC.<br class="">
<br class="">
- Vara<br class="">
<br class="">
<br class="">
On 3/20/2017 12:29 PM, Victor Odhner wrote:<br class="">
<blockquote type="cite" class="">I’m really annoyed that
so many companies offer open WIFI when it would be so
easy to secure those hot spots.<br class="">
Restaurants, hotels, and the waiting rooms of auto
dealerships are almost 100% open.<br class="">
I am not one to say “there ought to be a law” because we
have too many doggone laws, and I’m not that into a lot
of demonstrating and yelling. But I would love to help
educate companies on why they should secure their
routers.<br class="">
If I were a progressive type, I’d suggest putting
stickers on those venues saying:<br class="">
<br class="">
We don’t have passwords on our WIFI<br class="">
because OUR WIFI (and YOUR passwords)<br class="">
should be available to everybody<br class="">
with no effort!<br class="">
But being more right-wing, I’d much rather recognize
that they’d be happy to do the right thing if we could
explain it to the right people.<br class="">
I’ve repeatedly thanked the mechanic shop I use (C&R
Tire on Tatum) because they have a key posted and I can
feel sort of safe going online while I wait for an oil
change. But all the places that have open routers are
corporate owned so it does no good to gripe to the folks
behind the desk.<br class="">
Any ideas on this?<br class="">
Thanks,<br class="">
Victor<br class="">
---------------------------------------------------<br
class="">
PLUG-discuss mailing list - <a moz-do-not-send="true"
href="mailto:PLUG-discuss@lists.phxlinux.org" class="">PLUG-discuss@lists.phxlinux.org</a><br
class="">
To subscribe, unsubscribe, or to change your mail
settings:<br class="">
<a moz-do-not-send="true"
href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss"
class="">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a><br
class="">
</blockquote>
<br class="">
<br class="">
</blockquote>
<br class="">
-- <br class="">
# <a moz-do-not-send="true" href="http://www.lufthans.com/"
class="">http://www.LuftHans.com/</a> <a
moz-do-not-send="true" href="http://www.phxlinux.org/"
class="">http://www.PhxLinux.org/</a><br class="">
# veni, vidi, wiki - I came, I saw, I
documented---------------------------------------------------<br
class="">
PLUG-discuss mailing list - <a moz-do-not-send="true"
href="mailto:PLUG-discuss@lists.phxlinux.org" class="">PLUG-discuss@lists.phxlinux.org</a><br
class="">
To subscribe, unsubscribe, or to change your mail settings:<br
class="">
<a moz-do-not-send="true"
href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss"
class="">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></div>
</div>
</div>
<br class="">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">---------------------------------------------------
PLUG-discuss mailing list - <a class="moz-txt-link-abbreviated" href="mailto:PLUG-discuss@lists.phxlinux.org">PLUG-discuss@lists.phxlinux.org</a>
To subscribe, unsubscribe, or to change your mail settings:
<a class="moz-txt-link-freetext" href="http://lists.phxlinux.org/mailman/listinfo/plug-discuss">http://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></pre>
</blockquote>
<br>
</body>
</html>