๐Ÿ‘คzoowar๐Ÿ•‘14y๐Ÿ”ผ133๐Ÿ—จ๏ธ55

(Replying to PARENT post)

>We need WiFi that is open and encrypted at the same time!

There is currently no WiFi protocol that allows anybody to join the network, while using link-layer encryption to prevent each network member from eavesdropping on the others. But such a protocol should exist.

It boggled my mind, repeatedly, when I discovered that non-password-protected wireless networks don't generate a unique encryption key for each connection. Boggle, I say. Sure, public key cryptography used to be too computationally expensive, but not any more. And even if it were, Diffie-Hellman has been around for quite a while, go ahead and use symmetric keys.

What the hell is wrong with our standards groups? And hardware manufacturers? There are trivial solutions to this, why haven't they pushed them?

๐Ÿ‘คGroxx๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

Eckersley overlooks one other useful permutation: an open wifi node that only lets people tunnel to a remote VPN.

This neatly solves both the problem with local eavesdroppers, and much of the problem where an ISP or law-enforcement fingers you, the billing contact, for the activity of third parties. Their traffic emerges at the other end of the VPN tunnel โ€“ somebody else's problem.

And, it doesn't require any new local crypto protocols โ€“ just mundane destination/port filtering.

๐Ÿ‘คgojomo๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

I ran an open network for years, only giving up on it a couple of months ago. I tried to set up DD-WRT like they suggest in the article (high bandwidth encrypted network + and open encrypted network), but I didn't get it working properly and gave up. I'll switch my network over to this setup if somebody gives me pointers on an easy way to do it.
๐Ÿ‘คbryanlarsen๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

Pfft. My ISP got two nastygrams from the MPAA for people riding on my open WiFi, and said on the third one they'd shut me down, so secure it immediately.

What's my recourse? Not sure I have any.

๐Ÿ‘คVivtek๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

๐Ÿ‘คJoakal๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

In the UK something like this exists already, in a limited form: British Telecom has a service called FON which anyone with one of their wifi routers can opt in to for free. When you opt in, you agree to share a limited amount of the bandwidth on your router; in return, you get the ability to connect through the router of anyone else who's opted in.

It doesn't always work quite as well as you might hope - connecting can be a bit of a pain sometimes - but it's a great idea. They've provided a real incentive for people to share their bandwidth.

๐Ÿ‘คvilya๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

Is it sufficiently secure if the WiFi is setup with WPA2 TKIP and the SSID and passphrase are set to the same value? By sufficiently secure, I mean one node on the WiFi cannot snoop in on other nodes even for HTTP traffic. What if we all open WiFi SSIDs are set to "Open*" and the passphrase is easily guessable (could be same as the SSID, could be the zipcode, could be just OpenOpenOpen)?

The goal is not to prevent someone some getting on the network but rather to keep all clients separated. Is that possible using existing devices/protocols?

๐Ÿ‘คchime๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

The article misses one critical security aspect, which is probably the most important aspect. Security in WiFi is only partially about encrypting the traffic such that no other users in the same WiFi can eavesdrop on your data. Most mail providers offer some sort of encryption (HTTPS, POPS, ...) that can be used to transfer data from the own computer to a server securely.

However, the main security concern with open WiFi networks is that everybody can use them to do anything on the web. The person who runs the hotspot is responsible for the traffic that comes from this hotspot. If someone is using your internet connection to do anything illegal such as downloading child porn or something like that, there's no way to trace that back to the person who uses your WiFi.

The real issue is not about encryption, it is about identifying the users of a WiFi such that it holds strong in court if there are claims and one wants to prove his innocence. And I personally can't think of a secure out-of-the-box and easy-to-use solution that offers exactly that: protection from actions/attacks performed by others in your name over your WiFi without making them register and somehow prove their identity.

๐Ÿ‘คWA๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

My WPA2-protected router's SSID is 'Try "password"'. Guess what the password is?
๐Ÿ‘คrfugger๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

Something I didn't see mentioned in the piece that I see as THE major hurdle to that noble, if utopian, idea is that more and more ISPs in the US are capping bandwidth (Comcast, AT&T U-Verse to name the biggest ones). I guess you could have a setting at the router level that could be used to limit the amount of data going through the open part of the WiFi but I still don't think most people would agree to that kind of selfless generosity. In any case, no such idea can be implemented while the capping issue is left out of the equation.
๐Ÿ‘คBlazingFrog๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0

(Replying to PARENT post)

Is it ironic that the EFF website appears to be serving an invalid security certificate?

http://min.us/lkTYMq

๐Ÿ‘คRyanMcGreal๐Ÿ•‘14y๐Ÿ”ผ0๐Ÿ—จ๏ธ0