Future, sharing-friendly WiFi design

The Electronic Frontier Foundation's staff technologist Peter Eckersley writes in "Why We Need An Open Wireless Movement" about the positive aspects of sharing your WiFi with your neighbors and passers-by and about the tragedy of the commons that is puts those of us who generously share our networks with the world at risk. He proposes future direction for protocol and hardware design that allow us to share while keeping our traffic private and while maintaining a minimum amount of bandwidth for our own use.
The problem that's really killing open WiFi is the idea that an unlocked network is a security and privacy risk.

This idea is only partially true. Computer security experts will argue at great length about whether WEP, WPA and WPA2 actually provide security, or just a false sense of security. Both sides are partially correct: none of these protocols will make anyone safe from hacking or malware (WEP is of course trivial to break, and WPA2 is often easy to break in practice), but it's also true that even a broken cryptosystem increases the effort that someone nearby has to go to in order to eavesdrop, and may therefore sometimes prevent eavesdropping.

It doesn't really matter that WiFi encryption is a poor defense against eavesdropping: most computer users only understand the simple message that having encryption is good, so they encrypt their network. The real problem isn't that people are encrypting their WiFi: it's that the encryption prevents them from sharing their WiFi with their friends, neighbours, and strangers wandering past their houses who happen to be lost and in need of a digital map.

Why We Need An Open Wireless Movement

(Image: WiFi signal, a Creative Commons Attribution (2.0) image from nnova's photostream)


    1. I was going to say the same thing: As long as I can be arrested or sued for what goes on with my network, I’ll keep it as secure as possible, TYVM. With the gubmint indiscriminately arresting everyone or seizing domain names, we’re more likely to see the proverbial frozen hell before we see wifi open everywhere.

      1. That’s been my exact reasoning against opening my WiFi router as well. I would LOVE to leave it open as a courtesy to my neighbors, but as long as the risk of false government accusations exists my desire to provide that service is not great enough to make the risk worth it.

  1. Two things, 1—my home internet is now capped at 149GB, it would be hard for me to use that much but with others I could.

    2—smart phones will make the need for portable wifi obsolete. Not only can I get a map, but my phone already knows exactly where I am and can give me directions by car or public transit anywhere I want to go.

  2. I’d love to share my WiFi with the public, but I would only do so under the following conditions:

    1- I can open a more limited open access, alongside my encrypted and protected network.

    2- I can easily prevent most forms of intrusion into my own local network. I’m not asking for perfect protection, but some kind of reasonable protection that would prevent my neighbors from looking at my files is a requirement.

    3- I only want to share about 10% of my bandwidth, allowing perhaps up to 20% when I’m not using it myself. I want my own traffic to be prioritized, and if I’m doing some major data transfers, the shared bandwith should go down to about 1%. Basically, I’m happy to share, as long as it doesn’t interfere much with my own usage.

    4- I don’t want to be legally responsible for whatever illegal actions which are perpetrated using my shared connection.

    The first 3 points would be easy to implement, in my opinion, and I bet some routers already support this sort of configuration (and if not, why not?). Point 4 is the one I don’t expect to see anytime soon.

    Until it’s not legally dangerous to share your WiFi with strangers, few people are going to do it. And that’s a shame, because there have been a lot of places where a free, shared WiFi connection could have helped me out, and I’m sure I’m not alone in this.

  3. We also need this movement to work on the liability aspect. In most European countries the subscribers are responsible for any kind of misuse from a third person. (e.g. file sharing, intrusion)

  4. That’s what I was about to say.
    You could be held legally responsable for anything done using your network unless you can positively prove otherwise.
    Even if you can prove it wasn’t you, it could be argued in near future that by leaving your network open you may be complicit (or at least negligent) in any activity.

  5. does ANYONE even bother even skimming the article linked to before posting?

    The EFF proposal is for routers to have a data sideband that is unsecured and bandwidth capped. It would have link-layer encryption so that users cannot watch other users data streams – regardless of whether they are in the main channel or sidebar.

    FWIW – unless the cell companies are willing to put a tower in every subscribers back yard, wifi with fiber/cable backhaul has the potential to deliver orders of magnitude more bandwidth.

    FON already has pretty solid network sharing product that would be a great starting point: http://corp.fon.com/en

    1. No no one reads that. Don’t worry about the bandwidth needed for cell signals, that’s why they are poised to steal the over the air TV signal killing CBS etc in the process. It’s hard to compete with technology that is already in place and easy to use.

  6. Easy fix in the meantime: Get a second router (used 802.11b units should be available cheap), hook it to the public/insecure side of your network, and run it open. Worst that can happen is that the cops come knocking on your door asking why someone sent a kiddie-porn death threat to the President from your network…

    (The whole Internet Protocol, and all the layers on top of it, would benefit from a rewrite with both security and non-repudiability designed in — the former to protect your data, the latter to keep spammers from being able to hide behind someone else’s identity.)

  7. You have to avoid the free rider problem though, where some responsible generous people open their networks and the rest just stop paying for internet and mooch off their neighbors.

    What if you could charge other people for access? There could be some kind of automated payment system that would allow you to set a price for your wireless connection, ranging from free to whatever you want.

    A stranger trying to log in might get a message like this on their iphone:

    “PHIL’S INTERNET is a pay for access network with a per minute charge [of X CENTS] per [QUANTITY OF DATA]. Would you like to access this network and have this charge added to your phone bill?”

    The stranger would get billed that amount, and Phil would have that amount deducted from their wireless internet bill.

    1. Free riders have always been the real concern – not the users’ concern, but the ISPs’, especially the cable modem companies. You may not mind if your neighbor is sharing your bandwidth, and you might even be splitting the cost with your neighbor, but Big Cable would get really upset if half their customer base stopped paying $X/month for service and started sharing with their neighbors. Sure, they also care about getting extra security-response expense from dealing with spammers and viruses, and extra bandwidth consumption, but it’s really about the number of subscribers and Average Revenue Per User.

      The security standards industry hasn’t helped – the wireless security standards have been focused more on preventing unauthorized access to wireless networks than protecting sessions from encryption (though they got better about that after the WEP crack showed what a hopelessly bad job they’d done), because the main customers who cared about wireless security were businesses trying to protect their networks, not home users trying to protect their privacy. While it is easier to protect against man-in-the-middle attacks if you also restrict access to authenticated users, that’s not always what users really want. (I left my system open for years because I’d rather have guest access, in spite of being a crypto geek.)

      And yes, there really are times that it’s convenient for two neighbors to share wifi access even though both have their own ISPs. I’ve had times that my DSL went out because the phone company miswired something down the street, and piggybacked on a neighbor’s wifi instead, or been out on my porch where I get a better signal from them than me, and I assume they’ve done the same when cable was flaky. (Now that everybody’s got 802.11n, they’ve generally turned on encryption, though.) It beats driving to Starbucks and sitting outside after they’ve closed for the evening, or trying to get VPNs to work over free Google Wifi.

  8. I’d look at a sideband for data, but it doesn’t strike me as ideal for the anonymity/liability reasons others commented on. If it was part of some sort of load-balancing mesh network where you can split up your traffic over a few different connections, I’d be willing to donate my entire monthly bandwidth allowance and run all my traffic through that system.

  9. There are a ton of unworkable parts of this proposal, starting with the notion that the problem is a lack of access, when I think it’s a lack of secure end-to-end anonymity. You can get access for free all over the place in North America: libraries, Starbucks, McDonald’s, bookstores, cafes, etc. Airports are increasingly going for-fee. In Europe and other places, it seems that free Wi-Fi is much harder to find, but that’s partly because of the back-end tariffs that are involved. If you’re a venue owner and are metered and paying a fortune, you can’t afford to give it away for nothing.

    The bigger problem to my mind is that once you have access, it’s trivially easy over Wi-Fi for a host of people and entities to snoop. A VPN or Anonymizer or other tools can prevent that. But I’d rather have a simpler system that was easy to activate for people’s activities to bypass local sniffing and snooping, whether from neighbors, cafe habitues, or law enforcement.

  10. Umm, their argument is contradictory to itself?

    1. I pay for cable internet.
    2. I have a wifi network, free and open.
    3. My neighbor does the same.
    4. Unless I can tie my bandwidth to my neighbor and vice versa, then I never have a reason to hop on their network…(other than so to do things that were illegal.)

    So what’s the incentive other than some random stranger might stop in front of my house to use my internet for a few mins?

    Hell why not just have it run by the municipality and be billed for general use like everything else, just a flat fee every month. Open and prepaid for all.

    -Oh wait that completely undermines the free market and the telecos can’t be having that now.

  11. About the free rider problem: as I mentioned in my first post, I would only share a small part of my bandwidth, and only share more when I wasn’t using it. (And I use a lot of bandwidth).

    A lot of people would still keep paying for service, because the shared WiFi would rarely be fast enough for more intensive usage.

    For instance, forget about streaming Netflix over shared WiFi. Forget about watching HD videos on Youtube. Forget about downloading large torrents. And so forth.

    The free, shared access many of us would like to offer aims to serve occasional users, and low-bandwidth users.

    Basically, all it would undermine, on the commercial level, is lower-tier ISP plans, which would then become obsolete. I may be overly optimistic, here, but such a situation could actually drive ISPs to offer more bandwidth, faster speeds, and lower prices.

  12. I have the best of both worlds. I have a WRT54g with DD-WRT installed on it. I have a private encrypted network as well as a guest (public) unencrypted one. The guest network can’t acces my private network, and I have the ports limited to certain types of traffic to prevent from too much bandwidth use via torrent (I know it isn’t perfect). I also have QoS rules set up so that the guest network is a bulk class (basically meaning that if my router has to decide to let the traffic from my Netflix movie through or my neighbor watching porn, I’m still watching my movie in full HD).

    I LOVE this set up. I encourage more people to do the same.

  13. Part of the task will simply be reminding people that opening their WiFi is the socially responsible thing to do

    Phooey, sez I. Just because I’m a swell guy who loves everybody doesn’t mean I run a phone extension out to the sidewalk in front of my house, alongside a 120VAC outlet in case someone’s phone battery is dying or they need a reading light.

    Most of us have had the experience of tremendous inconvenience because of a lack of Internet access.

    Yeah. Like every last one of us over the age of 35. How did we ever survive those dark ages? How about a retitle of the article: “Why Many Of Us Would Really Appreciate An Open Wireless Movement.”

    Yeah, I get that they’re the Electronic Frontier Foundation, but that Frontier is over there, and we live over here, George Jetson.

    And the motivations cited in the article are laughable. Jesus, kids, how helpless do you have to be?

    Being lost in a strange place with no way to find a map;

    Would it have killed you to have a dead-tree map with you? Or to have memorized directions before you left? Or to just, you know, ask somebody for directions rather than expiring of exposure and starvation because nobody had an unsecured WiFi network for you to use?

    having an urgent email to send with no way to do so;

    Can’t just call? Oh, maybe somebody needs a file attachment of some kind? Good gracious, it can’t even wait ten or fifteen minutes? And you have no 3G or 4G connectivity out there? Better never leave the house!

    trying to meet a friend with no way to contact them.

    Seriously, you can’t call or text them? Some friend.

    Honestly, I don’t mind the concept described in TFA of routers that by default support multiple secure-from-each-other channels of WiFi. Sounds great. But for this reason right here:

    If you run an open wireless network, you may be able to receive significant legal protection

    (italics mine), I don’t feel remotely obligated to share my access for which I continue to pay a non-trivial monthly fee. If routers like the proposed ones described in the article become standard equipment, count me as being on board. Until then, mooch somebody else’s WiFi, you wardriving hoboes.

    1. Please wait a minute, while we all get off your lawn!

      I fully appreciate that internet access isn’t “necessary” at all times. I think you’re taking their points a bit further than they intended, though. It’s not necessary in any of their situations, but it can be hugely helpful.

      Fact is, things have changed since everyone’s online. I’ll give you one anecdotal counter-example to your points. I have stayed with friends from high school and university when I was visiting other cities. For a lot of younger people, most contact with friends (at least, ones who you don’t see or talk to particularly frequently) goes through facebook.

      So what do you do when you’re in their city and want to contact them? You may not have planned to contact them in advance, mind you, or you probably would have gotten their phone number. But wait, you’ve got a smartphone and can send them a facebook message. But wait! AT&T’s 3G coverage in NYC can be unusable! But wait! Someone left their wi-fi open.

      I have “needed” to use open wi-fi for reasons like this in NYC, Los Angeles, and Chiang Mai, Thailand. In other places I was able to use my smartphone data connection.

      And that’s just one example. Plenty of other more trivial but extremely helpful uses for a fast mobile connection (like I said you can’t rely on your phone data connection to be usable). Mapping and getting directions in an unfamiliar place is a big one, even though you can (and I do) carry paper maps. Google Maps are a lot easier to figure out, even for a map expert like me – I’m a geologist.

      By the way, one of the best and most reliable places for free wi-fi – and free computer access if you don’t have a wi-fi device – is Apple stores. I’ve used them for free wi-fi and to look stuff up on the display computers in cities all over the US and the world. Makes the most sense in pedestrian cities like NYC and London, but can be useful anywhere.

      Here’s my trick for using my smartphone in foreign countries where I don’t have cheap data access: go to someplace with free wi-fi, and look up maps on google (or elsewhere) for the places I want to go that day. Take screenshots (requires root on android) of each map page, or use a program that will download map tiles for offline use (several available on android). Now you’ve got a fantastic offline map in your pocket with no fussing with paper.

      1. Yeah, my lawn’s especially small today. Shared WiFi, the death of cursive, the end of the shuttle program… I’m gettin’ old, son.

        Look, like I said, once the standard over-the-counter WiFi router includes secure side-channels (or whatever in tarnation they should be called), then I think open WiFi everywhere is a perfectly swell idea. I’m not worried about the radiation or anything; free WiFi everywhere you go will be swell. But I don’t think the article is being legitimately honest about the risks vs. benefits of open WiFi as matters stand right now. They can fight to bring about the widespread usage of the routers they describe toward the end of the article; that bit isn’t in question. But saying that it’s “socially irresponsible” to keep one’s WiFi access as secure and private as one can is… well, socially irresponsible.

        It’s not like I don’t understand what “the tragedy of the commons” is. It’s just that at this point in time, I fail to recognize the “tragedy” of gaps in free unsecured WiFi coverage in the civilized world. When I’m out and about and want to access the internet, I’m not comfortable hopping onto any old network I can find, largely because I have no idea how secure any given access point is if it’s not one over which I have no direct control.

        I really am a caring guy. I let strangers borrow my jumper cables, a gallon of gas, even my cell phone. But I am not tempted to leave my network unsecured to whatever risks, large or small, may be out there, just so Generation Y can find the party.

        If I’m taking their points further than they intended, all I can say is that I wish their points were stronger. Lack of universal open WiFi coverage is, at this point, nothing more than an inconvenience. At some point in the near future I have no doubt that holes in the WiFi coverage would be massively problematic, but before we get there, the solution will be in place.

        And until then, maybe people will have to make do with their spotty 3G connection. There has been a growing temptation to view our cellphones and our WiFi as utilities rather than luxuries, which is completely understandable since they’re just so damned useful. But if the infrastructure isn’t there yet, then our complete reliance on them without a backup plan is foolhardy. Call me a selfish, fearful old man cowering behind the threshold of the 21st century, but I think it more selfish to be browbeating the populace to throw open their networks in order to hasten the advent of universal WiFi, when people have had their minds filled with horror stories involving child porn and identity theft and credit card fraud and copyright infringement lawsuits and severe bandwidth usage as a result of poorly-secured networks.

        Address the technical issues first, and then convince people to alter their habits.

        Oh, and by the way… my late brother had a great travel tip for when you suddenly need a good, clean public restroom: car dealerships.

        Come to think of it, they probably have free WiFi, too.

  14. I will say I have piggybacked off an open router before….

    It was many years ago, but for a couple of years I basically used the neighbors down the street. On the flip side, he never had to worry about the router acting it. I always logged in and rebooted it whenever power went out. I bet he never lost a net connection for more than a few hours.

    And I was really nice about it. Any large downloads or torrents where done after midnight till 6 or so. This was before Netflix and streaming and the like.

    And cracking WPA isn’t nearly as easy as the “internet” makes it out to be. Maybe if your neighbor has a linksys/cisco and that’s the way it came by default, maybe. But if named your SSID, and at least used a number in your passcode then it’d take an extremely long time to crack. (Assuming you aren’t spending massive money on a tri-sli Nvidia setup running CUDA or paying for Amazon’s cloud service….)

  15. There’s a zillion open WAP’s already (library’s, McDonalds, cafes, bookstores, etc etc etc). There’s little need for a open wifi in every little subdivision, and there certainly is no need to open yourself up to huge liability risks just to be a “good cyber neighbor”.

  16. The real problem is that I’m responsible for whatever happens on my network, irrelivant of who performs the action. i.e. Someone decides to threaten the president, and then download 50gb of music via torrent; then I could be the one losing my internet.

    All so a poor passerby can access an electronic map? Get a real map! Or just buy an iPhone for crying out loud.

  17. If you’re ever in Redondo Beach, feel free to park in front of my house, I keep my family’s wifi wide-open. #sharethewealth #socialismFTW

  18. On the surface, this seems completely feasible: have wi-fi routers support two channels, one that is encrypted and allowed on the private network, and one that is open but only allowed out on the internet.

    But there are two problems that would be left unaddressed:
    -risk of getting blamed for someone else’s illegal activity
    -network congestions and pricing problems

    The second problem already exists and is general to any network: how do you pick routes and price individual links when the service offered is end-to-end delivery across the network? In the case of open wi-fi it can be somewhat mitigated by having the open channel capped and throttled by the owner of the access point.

  19. “The problem that’s really killing open WiFi is the idea that an unlocked network is a security and privacy risk.”

    Wrong. The problem that is killing it is, I pay $50 per month for internet and if I open my wifi my neighbors will stop paying and jump on mine. Then I can’t watch Netflix AND I’m pay $50 per month.

    There’s no incentive to buy it when you can jump on the neighbor’s for free.

Comments are closed.