<div dir="ltr">I don't see much of an issue with using public wifi so long as you know whatever you're doing that is important/sensitive is encrypted. I don't use any public wifi any more than absolutely required, but otherwise almost every *responsible* website or service uses tls for https traffic today anyways, or as stated - you use a vpn to ensure no one locally at least is sniffing your wifi session. If your websites or services aren't using https, you shouldn't use them, as even a vpn has to egress to regularly internet somewhere that has a government (or other) black box sniffing it too.<div><br></div><div>I agree, it would be nice if there were a better method of getting public users encrypted, but without some unique key exchange per user, or at very least a white-list method (remember the wps buttons that generated a weak numerical pin?) to make strong, or at least random, it'll remain weak at best, and probably eventually exploitable.</div><div><br></div><div>A hardware solution is a non-starter though. Where does a phone or tablet have a usb slot to get on? Certainly whoever made it wouldn't support linux, or a foss solution as it doesn't incentivise anyone to produce said hardware. Hand out yubikeys, but client software and use is still problematic even with u2f per os for something like wifi use.</div><div><br></div><div>If you did hardware, I'd imagine nfc-based for mobiles, make them come up and swipe a token to get the pass of the day to get on, and it changes every day. PC's you just rotate a common key to give to customers every day and print/display for users inside the establishment every day. Even just use a one-time token generator with a numeric key held by *someone(s)*. I've seen medical offices handling guest wifi by changing keys daily for at least any guest ssid and just printing the daily guest wifi inside reception, which keeps persistent users from access outside the establishment doing probably nothing good. </div><div><br></div><div>This can be done with any enterprise-ish wifi solution that supports Private-PSK functions, or many-to-one passwords for the same ssid. Aerohive, Cisco, Juniper/Mist, Aruba, etc all tend to do this, leverage otp generation via Duo, Google Authenticator, or other "app".</div><div><br></div><div>Even once encrypted, do you still trust the internet source though, that their router isn't infected from running a 10yr old firmware? You shouldn't, again vpn, or at least ensuring who you're accessing is using tls, and you trust their cert.</div><div><br></div><div>Interestingly enough being in Santa Monica CA on business. their public library gets swarmed daily with homeless that really love their free public wifi there (seems even homeless all have cell phones these days), that I can only imagine the cesspool of devices there that could be hijacked/man-in-the-middle'd easily on non-encrypted wifi. Even just build a fake public access ap to mitm, then infect... Being that I'm there doing work *for* the city, it's something I have mentioned to folks as a problem.</div><div><br></div><div>-mb</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Sun, Jun 9, 2019 at 9:13 PM trent shipley <<a href="mailto:trent.shipley@gmail.com">trent.shipley@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">A while ago I was at the downtown Scottsdale public library with my computer. They had open, public WiFi--which I was NOT going to use. I tried to use my mobile phone data, but the reception inside the building was Terrible!<div><br></div><div>It seems like the problem of insecure public WiFi should be surmountable.</div><div><br></div><div>How hard would it be do develop technology that puts a key on a $1 or $2 USB, that you buy (put a deposit on) at the reception desk (or from a machine). You also get an FOSS app. The app takes the key on the cheap USB and securely logs you into the library's (or Starbucks) public WiFi. The library determines how long the key(s) on the USB is (are) good for. </div><div><br></div><div>When you're done. You turn the little USB in for your deposit. The library wipes the usb clean, puts another key on the usb, and vends it again.</div><div><br></div><div>1) Does this exist at "trivial" cost to the WiFi user?</div><div>2) If not, how feasible is it?</div><div>3) If it does not exist, and is feasible, who would be interested in this as a project with a goal of a demo install at a local library, non-profit coffee house, etc. and RFC?</div><div><br></div><div>Trent</div></div>
---------------------------------------------------<br>
PLUG-discuss mailing list - <a href="mailto:PLUG-discuss@lists.phxlinux.org" target="_blank">PLUG-discuss@lists.phxlinux.org</a><br>
To subscribe, unsubscribe, or to change your mail settings:<br>
<a href="https://lists.phxlinux.org/mailman/listinfo/plug-discuss" rel="noreferrer" target="_blank">https://lists.phxlinux.org/mailman/listinfo/plug-discuss</a></blockquote></div>