to make it so it works in between you and your provider. I do it all the
time. See the above link for a how-to.
> Aaron, please explain this in more detail for the non-pros here. Thanks.
>
> Stephen
>
> On 6/10/19, 12:00 PM, "PLUG-discuss on behalf of
> plug-discuss-request@lists.phxlinux.org" <
> plug-discuss-bounces@lists.phxlinux.org on behalf of
> plug-discuss-request@lists.phxlinux.org> wrote:
>
> Send PLUG-discuss mailing list submissions to
> plug-discuss@lists.phxlinux.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0
> or, via email, send a message with subject or body 'help' to
> plug-discuss-request@lists.phxlinux.org
>
> You can reach the person managing the list at
> plug-discuss-owner@lists.phxlinux.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of PLUG-discuss digest..."
>
>
> Today's Topics:
>
> 1. Privacy on Public WiFi (trent shipley)
> 2. Re: Privacy on Public WiFi (Aaron Jones)
> 3. Re: Privacy on Public WiFi (Stephen Partington)
> 4. Re: Privacy on Public WiFi (Michael Butash)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 9 Jun 2019 21:13:09 -0700
> From: trent shipley <trent.shipley@gmail.com>
> To: Main PLUG discussion list <plug-discuss@lists.phxlinux.org>
> Subject: Privacy on Public WiFi
> Message-ID:
> <
> CAEFLybLM7VYYy8LrD0gVBc1_e14hCqX0VZnKJyAb_ixHUotz+w@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> A while ago I was at the downtown Scottsdale public library with my
> computer. They had open, public WiFi--which I was NOT going to use. I
> tried to use my mobile phone data, but the reception inside the
> building
> was Terrible!
>
> It seems like the problem of insecure public WiFi should be
> surmountable.
>
> How hard would it be do develop technology that puts a key on a $1 or
> $2
> USB, that you buy (put a deposit on) at the reception desk (or from a
> machine). You also get an FOSS app. The app takes the key on the
> cheap
> USB and securely logs you into the library's (or Starbucks) public
> WiFi.
> The library determines how long the key(s) on the USB is (are) good
> for.
>
> When you're done. You turn the little USB in for your deposit. The
> library wipes the usb clean, puts another key on the usb, and vends it
> again.
>
> 1) Does this exist at "trivial" cost to the WiFi user?
> 2) If not, how feasible is it?
> 3) If it does not exist, and is feasible, who would be interested in
> this
> as a project with a goal of a demo install at a local library,
> non-profit
> coffee house, etc. and RFC?
>
> Trent
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190609%2F43223bb7%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=HN%2F%2F%2B1bvhtIb4n3NovAae6N2x2FwyYDmMc7NAsy0GVM%3D&reserved=0
> >
>
> ------------------------------
>
> Message: 2
> Date: Mon, 10 Jun 2019 04:05:47 -0700
> From: Aaron Jones <retro64xyz@gmail.com>
> To: Main PLUG discussion list <plug-discuss@lists.phxlinux.org>
> Subject: Re: Privacy on Public WiFi
> Message-ID: <547F0823-BFD0-41AD-86CB-E9F80AF44896@gmail.com>
> Content-Type: text/plain; charset=utf-8
>
> Use a Raspberry Pi as a middle man and a reliable VPN. No cost for the
> library and 20x safer for you.
>
> Don’t plug stuff into your ports.
>
> > On Jun 9, 2019, at 9:13 PM, trent shipley <trent.shipley@gmail.com>
> wrote:
> >
> > A while ago I was at the downtown Scottsdale public library with my
> computer. They had open, public WiFi--which I was NOT going to use. I
> tried to use my mobile phone data, but the reception inside the building
> was Terrible!
> >
> > It seems like the problem of insecure public WiFi should be
> surmountable.
> >
> > How hard would it be do develop technology that puts a key on a $1
> or $2 USB, that you buy (put a deposit on) at the reception desk (or from a
> machine). You also get an FOSS app. The app takes the key on the cheap
> USB and securely logs you into the library's (or Starbucks) public WiFi.
> The library determines how long the key(s) on the USB is (are) good for.
> >
> > When you're done. You turn the little USB in for your deposit. The
> library wipes the usb clean, puts another key on the usb, and vends it
> again.
> >
> > 1) Does this exist at "trivial" cost to the WiFi user?
> > 2) If not, how feasible is it?
> > 3) If it does not exist, and is feasible, who would be interested in
> this as a project with a goal of a demo install at a local library,
> non-profit coffee house, etc. and RFC?
> >
> > Trent
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060219780&sdata=aYnH1yYB9vEAE2NpvKbbPZ%2FWGSBFzSFdW7jCKWF0fIc%3D&reserved=0
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 10 Jun 2019 07:54:53 -0700
> From: Stephen Partington <cryptworks@gmail.com>
> To: Main PLUG discussion list <plug-discuss@lists.phxlinux.org>
> Subject: Re: Privacy on Public WiFi
> Message-ID:
> <
> CACS_G9wC4XnfBWMxO5WrudPvu8snzOx7wgpz0XPwvGjVuvWGUg@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> This is exactly what VPN is designed for.
>
> The reason public wifi is insecure is that it is shared among
> everyone. Now
> if you could build your router to prevent anyone from talking to each
> other
> and just the outside world that would have your desired effect. Or
> maybe a
> partnership with a VPN provider.
>
> On Sun, Jun 9, 2019 at 9:13 PM trent shipley <trent.shipley@gmail.com>
> wrote:
>
> > A while ago I was at the downtown Scottsdale public library with my
> > computer. They had open, public WiFi--which I was NOT going to
> use. I
> > tried to use my mobile phone data, but the reception inside the
> building
> > was Terrible!
> >
> > It seems like the problem of insecure public WiFi should be
> surmountable.
> >
> > How hard would it be do develop technology that puts a key on a $1
> or $2
> > USB, that you buy (put a deposit on) at the reception desk (or from a
> > machine). You also get an FOSS app. The app takes the key on the
> cheap
> > USB and securely logs you into the library's (or Starbucks) public
> WiFi.
> > The library determines how long the key(s) on the USB is (are) good
> for.
> >
> > When you're done. You turn the little USB in for your deposit. The
> > library wipes the usb clean, puts another key on the usb, and vends
> it
> > again.
> >
> > 1) Does this exist at "trivial" cost to the WiFi user?
> > 2) If not, how feasible is it?
> > 3) If it does not exist, and is feasible, who would be interested in
> this
> > as a project with a goal of a demo install at a local library,
> non-profit
> > coffee house, etc. and RFC?
> >
> > Trent
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
>
>
>
> --
> A mouse trap, placed on top of your alarm clock, will prevent you from
> rolling over and going back to sleep after you hit the snooze button.
>
> Stephen
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2F680cacac%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=ksjjZFJScFOAEU%2FBHezjykpGPat6X6eUWBcZxV2j5EE%3D&reserved=0
> >
>
> ------------------------------
>
> Message: 4
> Date: Mon, 10 Jun 2019 10:02:06 -0700
> From: Michael Butash <michael@butash.net>
> To: Main PLUG discussion list <plug-discuss@lists.phxlinux.org>
> Subject: Re: Privacy on Public WiFi
> Message-ID:
> <CADWnDst7FzSqH89gWx_bUHvVcZpYnfvDR0_Dhf86ERSb3=-
> p6Q@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I don't see much of an issue with using public wifi so long as you know
> whatever you're doing that is important/sensitive is encrypted. I
> don't
> use any public wifi any more than absolutely required, but otherwise
> almost
> every *responsible* website or service uses tls for https traffic today
> anyways, or as stated - you use a vpn to ensure no one locally at
> least is
> sniffing your wifi session. If your websites or services aren't using
> https, you shouldn't use them, as even a vpn has to egress to regularly
> internet somewhere that has a government (or other) black box sniffing
> it
> too.
>
> I agree, it would be nice if there were a better method of getting
> public
> users encrypted, but without some unique key exchange per user, or at
> very
> least a white-list method (remember the wps buttons that generated a
> weak
> numerical pin?) to make strong, or at least random, it'll remain weak
> at
> best, and probably eventually exploitable.
>
> A hardware solution is a non-starter though. Where does a phone or
> tablet
> have a usb slot to get on? Certainly whoever made it wouldn't support
> linux, or a foss solution as it doesn't incentivise anyone to produce
> said
> hardware. Hand out yubikeys, but client software and use is still
> problematic even with u2f per os for something like wifi use.
>
> If you did hardware, I'd imagine nfc-based for mobiles, make them come
> up
> and swipe a token to get the pass of the day to get on, and it changes
> every day. PC's you just rotate a common key to give to customers
> every
> day and print/display for users inside the establishment every day.
> Even
> just use a one-time token generator with a numeric key held by
> *someone(s)*. I've seen medical offices handling guest wifi by
> changing
> keys daily for at least any guest ssid and just printing the daily
> guest
> wifi inside reception, which keeps persistent users from access
> outside the
> establishment doing probably nothing good.
>
> This can be done with any enterprise-ish wifi solution that supports
> Private-PSK functions, or many-to-one passwords for the same ssid.
> Aerohive, Cisco, Juniper/Mist, Aruba, etc all tend to do this,
> leverage otp
> generation via Duo, Google Authenticator, or other "app".
>
> Even once encrypted, do you still trust the internet source though,
> that
> their router isn't infected from running a 10yr old firmware? You
> shouldn't, again vpn, or at least ensuring who you're accessing is
> using
> tls, and you trust their cert.
>
> Interestingly enough being in Santa Monica CA on business. their public
> library gets swarmed daily with homeless that really love their free
> public
> wifi there (seems even homeless all have cell phones these days), that
> I
> can only imagine the cesspool of devices there that could be
> hijacked/man-in-the-middle'd easily on non-encrypted wifi. Even just
> build
> a fake public access ap to mitm, then infect... Being that I'm there
> doing
> work *for* the city, it's something I have mentioned to folks as a
> problem.
>
> -mb
>
>
>
> On Sun, Jun 9, 2019 at 9:13 PM trent shipley <trent.shipley@gmail.com>
> wrote:
>
> > A while ago I was at the downtown Scottsdale public library with my
> > computer. They had open, public WiFi--which I was NOT going to
> use. I
> > tried to use my mobile phone data, but the reception inside the
> building
> > was Terrible!
> >
> > It seems like the problem of insecure public WiFi should be
> surmountable.
> >
> > How hard would it be do develop technology that puts a key on a $1
> or $2
> > USB, that you buy (put a deposit on) at the reception desk (or from a
> > machine). You also get an FOSS app. The app takes the key on the
> cheap
> > USB and securely logs you into the library's (or Starbucks) public
> WiFi.
> > The library determines how long the key(s) on the USB is (are) good
> for.
> >
> > When you're done. You turn the little USB in for your deposit. The
> > library wipes the usb clean, puts another key on the usb, and vends
> it
> > again.
> >
> > 1) Does this exist at "trivial" cost to the WiFi user?
> > 2) If not, how feasible is it?
> > 3) If it does not exist, and is feasible, who would be interested in
> this
> > as a project with a goal of a demo install at a local library,
> non-profit
> > coffee house, etc. and RFC?
> >
> > Trent
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> > To subscribe, unsubscribe, or to change your mail settings:
> >
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://eur02.safelinks.protection.outlook.com/?url=http%3A%2F%2Flists.phxlinux.org%2Fpipermail%2Fplug-discuss%2Fattachments%2F20190610%2Fae831f2c%2Fattachment-0001.html&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=zessCihj8YyH8ohLnXQ8OZy0x1iTannv2nWgRXCnaEE%3D&reserved=0
> >
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
>
> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.phxlinux.org%2Fmailman%2Flistinfo%2Fplug-discuss&data=02%7C01%7C%7C18286fbd325b4789400d08d6edd5d8f6%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636957900060229785&sdata=l35B90p9HK1tBnXrNgsQJkRqI2tlu4B75o1QkSCqzFY%3D&reserved=0
>
>
> ------------------------------
>
> End of PLUG-discuss Digest, Vol 168, Issue 5
> ********************************************
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> https://lists.phxlinux.org/mailman/listinfo/plug-discuss
(text/plain)