Last month, during my many-city book tour, I signed up for Gogo's in-flight wifi service. Today I discovered that it's much harder to get shut of it.
Read the rest
Read the rest
Someone in the waiting area for AA's LAX-London flight created a network called "Al-Quida Free Terror Nettwork," so "out of an abundance of caution," everyone ran around like headless chickens for a while trying to figure out where the network name was coming from (cue horror music: "He's broadcasting from INSIDE THE TERMINAL!" Dun dun DUUUUN!).
Read the rest
Read the rest
Open Wireless Movement, a joint project of the Electronic Frontier Foundation, Fight for the Future, Mozilla, Free Press and others, will reveal its sharing-friendly wifi router firmware at the HOPE X conference in NYC next month. The openwireless operating system allows you to portion out some of your bandwidth to share freely with your neighbors and passersby, while providing a high degree of security and privacy for your own communications.
Read the rest
The Open Wireless Movement's goals are to both encourage the neighborliness that you get from sharing in your community, and undermining the idea that an IP address can be used to identify a person, establishing a global system of anonymous Internet connectivity. The project includes an excellent FAQ on the myths and facts about your legal liability for things that other people do with your network.
Read the rest
The FCC has unanimously voted to open up 100MHz of spectrum at the bottom end of the 5GHz band, redesignating them as open spectrum, under rules similar to those that created the original Wifi boom. Previously, the spectrum had been exclusively allocated to a satellite telephony company. Adding more open spectrum is amazingly great news, and even better is the bipartisan support for the move, which was attended by very promising-sounding remarks from commissioners from both parties about the value of open spectrum as a source of innovation and public value.
Read the rest
Read the rest
WiSee is a reasearch project at the University of Washington; as described in this paper, it uses standard WiFi hardware to sense the location and movements of people within range of the signal. Using machine-learning, it maps specific interference patterns to specific gestures, so that it knows that -- for example -- you're waving your hand in the air. This gesture-sensing can be used to control various devices in your home:
WiSee is a novel interaction interface that leverages ongoing wireless transmissions in the environment (e.g., WiFi) to enable whole-home sensing and recognition of human gestures. Since wireless signals do not require line-of-sight and can traverse through walls, WiSee can enable whole-home gesture recognition using few wireless sources (e.g., a Wi-Fi router and a few mobile devices in the living room).
WiSee is the first wireless system that can identify gestures in line-of-sight, non-line-of-sight, and through-the-wall scenarios. Unlike other gesture recognition systems like Kinect, Leap Motion or MYO, WiSee requires neither an infrastructure of cameras nor user instrumentation of devices. We implement a proof-of-concept prototype of WiSee and evaluate it in both an office environment and a two-bedroom apartment. Our results show that WiSee can identify and classify a set of nine gestures with an average accuracy of 94%...
WiSee takes advantage of the technology trend of MIMO, the fact that wireless devices today carry multiple antennas (which are primarily used to improve capacity). A WiSee/WiSee-enabled receiver would use these multiple antennas in a different way to focus only on the user in control, thus eliminating interference from other people.
Elliot Noss sez,
I thought you'd be interested in something we are helping with at SXSW this weekend. a group of folks are taking advantage of unlicensed radio spectrum to provide high-speed backhaul to local WiFi access points all over SXSW. In Austin, there are 14 of these open channels using whitespace that are available. we are leveraging this. on Tuesday, the FCC will close comments on its plan to auction off many of these "whitespaces. the 'We Heart Wifi' initiative is collecting signatures on the following petition. Even if folks aren't at SXSW, they can sign on:
To all FCC Commissioners:
Please follow through on your proposal to open up a large slice of high-quality spectrum for open networks. Doing so would help create the competition necessary to extend more high-speed broadband—including 'super WiFi' and other future innovations—to more people."
You may have heard Jill Lesser, Executive Director of the Center for Copyright Information, explain that America's six-strikes copyright punishment system would not harm open WiFi. Adi Kamdar explains why Ms Lesser's totally mistaken:
Termination may not be part of the CAS, but that's not the point—the program still uses "protecting copyright" as an excuse to seriously hinder a user's online experience. For example, CAS involves not just "education" but also "Mitigation Measures," such as slowing down Internet speeds to 256 kbps for days—rendering your connection all but unusable in today's era of videochats and Netflix.
Lesser doesn't think that's a problem. As she told the radio show On The Media: "The reduction of speed, which one or more of the ISPs will be using as a mitigation measure, is first of all only 48 hours, which is far from termination."
But that's 48 hours of lower productivity and limited communication across the globe, based on nothing more than a mere allegation of copyright infringement.
The Electronic Frontier Foundation is stepping up its open wireless campaign, which encourages people and businesses to leave their Internet connections open to the public, and offers advice on doing this safely and sustainably. As EFF points out, most WiFi networks are latent for most of the time, and there are a million ways that leaving your network accessible to passersby or neighbors can really help out, from emergency access during disasters to the urgent need to send an email, look up a phone number, or check directions. EFF's Adi Kamdar writes,
We believe there are many benefits to having a world of open wireless. Two of the big ones for us have to do with privacy and innovation.
Open wireless protects privacy. By using multiple IP addresses as one shifts from wireless network to wireless network, you can make it more difficult for advertisers and marketing companies to track you without cookies. Activists can better protect their anonymous communication by using open wireless (though Tor is still recommended).
Innovations would also thrive: Smarter tablets, watches, clothing, cars—the possibilities are endless. In a future with ubiquitous open Internet, smartphones can take advantage of persistent, higher quality connections to run apps more efficiently without reporting your whereabouts or communications. Inventors and creators would not have to ask permission of cell phone companies to utilize their networks, both freeing up radio spectrum and reducing unnecessary barriers to entry.
This movement is just beginning, but in a sense it has always been around. People, businesses, and communities have already been opening up their wireless networks, sharing with their neighbors, and providing an important public good. We want this movement to grow without unnecessary legal fears or technical restraints.
A Finnish court has ruled that merely operating an open WiFi access point does not make you liable for copyright infringements committed on your network. From the defense attorney's press release:
This alleged copyright infringement had taken place in a specific 12-minute period in July 14 2010, a date when a summer theater play with an audience of around hundred people was held at the premises of the former school owned and resided by the lady.
The applicants were unable to provide any evidence that the connection-owner herself had been involved in the file-sharing. The court thus examined whether the mere act of providing a WiFi connection not protected with a password can be deemed to constitute a copyright-infringing act.
Crucially, the applicants also sought an injunction to prevent the defendant for committing any similar acts in the future. Had the injunction been granted, the legal status of various open WiFi providers would have turned out extremely difficult, as rights-owners would have been provided with a powerful legal weapon to shut them down in cases of similar, arguably insignificant infringements by incidental visitors and customers...
Finally, the court concluded that the WiFi owner cannot be deemed liable for the infringements actually committed by third parties.
Christopher sez, "We just released a 90 second animated video that explains why communities build their own broadband networks, often in competition with big cable. For those who want all the details, we just released a massive 75 page white paper examining 3 community fiber networks in depth - Chattanooga, Tennessee; Lafayette, Louisiana; and Bristol, Virginia that is available here."
Mathias Nitzsche had a nifty idea: using Wi-Fi network names to create a connection between the network's owner and those who spot it in their wireless networks list. His aptly named wifis.org site lets you pick a handle and advertise it through your network name, as in wifis.org/glennocschmidt. This creates an account for you on the site, and makes a Web form available at that address that sends email to your Google or Facebook email, whichever you used to create the registration. The visitor never sees your email address. (Nitzsche avoids having his own registration database, which removes some overhead and security risk associated with retaining passwords.)
I contacted Mathias to ask about privacy and security issues, as one might be concerned about email addresses being stored and the association of a Wi-Fi network name with such. He said (and his FAQ notes) that he doesn't reveal information to third parties. While he's based in Germany, his data and application is hosted in the Google App Engine in the United States.
I'd love to see a variant on this idea, in which an existing network name could be paired with a unique few letter long code that someone would then append to their network. Look up the code, and you'd get the same result. I admit Nitzsche's idea is neater, encoding the URL and the identifier all at once.
The New America Foundation's Open
Network Technology Initiative, a US State Department-funded project to build an "Internet in a suitcase" that can be dropped into repressive zones where protesters need network access and the state is trying to take it away. The project -- a very complex piece of technology -- has gotten to the point where it needs a live test, and lucky for the Open Technology engineers, Occupy DC is just down the street, and that's a great testbed.
The idea is that the system will automatically set itself up. Drop a unit near another unit and they’ll start talking to one another and trading data. Add another and all three will talk to one another. Add a thousand and you can cover a whole city. Then if one of those routers is hooked up to an internet connection, everyone on the network can connect. If that connection disappears, users can still try to update an application like Twitter or send e-mail to the larger internet and the outgoing notes will go into a holding pattern until the mesh network finds another connection to the greater net.
That’s harder to pull off in practice, even under ideal conditions — as anyone who’s tried to link even two Wi-Fi access points in their own home could attest. Now throw in the variables that the access points should work in urban and exposed environments, as well as protest zones like Tahir Square. You’ll want to protect dissidents with encryption and deniability. And you don’t want your beta-testers to be arrested or even killed because of a software bug. All together it’s the kind of challenge engineers like to call “non-trivial”.
“Finding a place to use the system is difficult,” Meinrath said. “Thank God for the Occupy movement.”
(Image: Brendan Hoffman/Wired.com)
In Airshark: Detecting Non-WiFi RF Devices using Commodity WiFi Hardware (PDF), researchers from U Wisconsin (Madison) document a firmware for WiFi access points that can detect and dynamically adjust to interference from vacuum cleaners, baby monitors, and other non-WiFi devices that operate in WiFi's radio spectrum. This kind of thing is the backbone of the theory of cognitive radio: devices that can use software defined radio, phased-array antennas, and cleverness to route around other devices in the band, which may, eventually, enable the a lot more data to occupy the radio spectrum. In Airshark's case, the cleverness is in using the wireless cards on the computers and other devices as a sensing array to triangulate on interference.
Airshark taps into the application programming interface of wireless cards used on access points to gather data about radio frequencies in the surrounding environment. The software has been trained to recognize signatures of various devices, and can pick them out from the ambient radio noise with more than 90% accuracy even if signals from multiple such devices are present.
False positives were .39% for environments with four or more interfering devices and using various signal strengths. The researchers found the rate was .068% for signals stronger than -80dBm. "We also found its performance to be comparable to a commercial signal analyzer," according to their research paper "Airshark: Detecting Non-WiFi RF Devices using Commodity WiFi Hardware."
Event-planners, beware -- your attendees will get gouged, reamed, and screwed if you come to TIC.
Harold Feld from Public Knowledge sez, "Republicans have proposed forbidding the FCC from allocating any more 'unlicensed' spectrum for WiFi and other uses unless they give wireless companies the opportunity to buy exclusive licenses first. This would effectively mean the end of open spectrum, cutting off investment in the TV white spaces/'Super WiFi.' Public Knowledge has issued an Action Alert, asking those who care about the future of open spectrum and wireless competition to sign up to call their member of Congress on Friday, July 22 and tell them that America needs more unlicensed spectrum that everyone can use -- not just the big wireless companies that can spend billions on licensed spectrum."
Don't think it's worth the trade-off (less unlicensed spectrum and less wireless innovation for very little benefit to either the public or the government's bottom line)? Call your Member of Congress!Don't Let Fox, AT&T and Verizon Buy Their Way Out of Regulation (Thanks, Harold!)
We're making this as easy as possible by setting up a day of action this Friday, July 22. To participate, all you need is a mobile phone with the ability to send and receive SMS messages.* If you haven't already signed up for PK Mobile Action Alerts, take a moment to do so now. We'll contact you on Friday with instructions on how to take action.
Caroline Spelman. PHOTO: Reuters/Ueslei Marcelino One would think from reports today that the UK's secretary of state for the environment and rural affairs, MP Caroline Spelman, had lost her bleeding mind. Spelman has been widely quoted about a new report from her agency, Defra, about the threat to infrastructure from global climate change. It covers the extremes of temperature and the routine occurrence of heat above a normal range for the UK, and more storms and severe weather that could ravage Great Britain. The report is an analysis on what changes need be made to keep bridges from buckling in heat or cracking in cold, and nuclear and fossil-fuel plants from suffering damage from previously unthinkable conditions, as well as quotidian issues like floods polluting water supplies and spreading sewage. It's a ripping read, and, please recall, originates from the Tories, the majority conservative part of a coalition government that completely acknowledges the reality of a range of risk potential from climate change. The Conservatives are no Republicans, no matter what else you may say about them. Nonetheless the report's broader issues were overlooked because of a focus on an exceedingly tiny statement buried in it that Spelman highlighted in a speech unveiling the work. Her prepared remarks have her saying:
Our economy is built on effective transport and communications networks and reliable energy and water supplies. But the economy cannot grow if there are repeated power failures, or goods cannot be transported because roads are flooded and railways have buckled, or if intense rainfall or high temperatures disrupt Wi-Fi signals.
Read the rest
After the recent raids against people whose open wireless networks had been used by their neighbors to download child pornography, many people advised that this was evidence that leaving your wireless network open would make you potentially liable for the misdeeds of people who happened to use it.
But as this case shows, judges can be savvier than that (and they should be, too). Good law shouldn't punish people for being neighborly.
Baker then went on to cite a recent mistaken child porn raid, where an IP address was turned into a name--but the named person hadn't committed the crime. "The list of IP addresses attached to VPR's complaint suggests, in at least some instances, a similar disconnect between IP subscriber and copyright infringer... The infringer might be the subscriber, someone in the subscriber's household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment."After botched child porn raid, judge sees the light on IP addresses
The problem that's really killing open WiFi is the idea that an unlocked network is a security and privacy risk.Why We Need An Open Wireless Movement
This idea is only partially true. Computer security experts will argue at great length about whether WEP, WPA and WPA2 actually provide security, or just a false sense of security. Both sides are partially correct: none of these protocols will make anyone safe from hacking or malware (WEP is of course trivial to break, and WPA2 is often easy to break in practice), but it's also true that even a broken cryptosystem increases the effort that someone nearby has to go to in order to eavesdrop, and may therefore sometimes prevent eavesdropping.
It doesn't really matter that WiFi encryption is a poor defense against eavesdropping: most computer users only understand the simple message that having encryption is good, so they encrypt their network. The real problem isn't that people are encrypting their WiFi: it's that the encryption prevents them from sharing their WiFi with their friends, neighbours, and strangers wandering past their houses who happen to be lost and in need of a digital map.
On January 27 , Anatel (Brazil's National Telecommunications Agency), the regulatory agency responsible for regulating, executing and supervising the telecommunications sector, seized equipment and fined an internet user R$ 3,000 (approximately $ 1,810 USD) for sharing his wifi connection with neighbors in the city of Teresina, Piauí state (Northeast of Brazil). [GV note: one of the poorest states in Brazil.]Brazil: Criminalization of Sharing Internet via Wifi (Thanks, Gmoke, via Submitterator!)
- Why it's good to leave your WiFi open - Boing Boing
- UK Digital Economy Bill will wipe out indie WiFi hotspots in ...
- Fon releases open meshing WiFi router - Boing Boing
- Boing Boing: Free open WiFi on Tacoma-Washington train, courtesy ...
- Boing Boing: RIAA declares war on open WiFi
- Boing Boing: Open WiFi for plausible deniability
- Free muni WiFi forces local monopoly to improve - Boing Boing
Firesheep sniffs unsecured connections with major Web sites over local networks and lets a user with the Firefox plug-in installed sidejack those sessions. A trope has spread that the way to solve this problem is to password protect open Wi-Fi networks, such as those run by AT&T at Starbucks and McDonald's. The technical argument is that on a WPA/WPA2 (Wi-Fi Protected Access) network in which a common shared password is used, the access point nonetheless generates a unique key for each client when it connects. You can't just know the network password and decode all the traffic, as with the broken WEP (Wired Equivalent Privacy) encryption that first shipped with 802.11b back in the late 1990s.
Steve Gibson, a veteran computer-security writer and developer, suggested this the moment Firesheep was announced. A blog post at security consultant Sophos makes the same suggestion. But it won't work for long.
Gibson notes the key problem to this approach in the comments to his post: every user with the shared key can sniff the transaction in which another client is assigned its unique key, and duplicate it. Further, if you join a network with many clients already connected, you can use the aircrack-ng suite to force a deauthentication. That doesn't drop a client off the network; rather, it forces its Wi-Fi drivers to perform a new handshake in which all the details are exposed to derive the key.
Thus, you could defeat Firesheep today by assigning a shared key to a Wi-Fi network until the point at which some clever person simply grafts aircrack-ng into Firesheep to create an automated way to deauth clients, snatch their keys, and then perform the normal sheepshearing operations to grab tokens. I would suspect this might be dubbed Firecracker
The way around this is to use 802.1X, port-based access control, which uses a complicated system of allowing a client to connect to a network through a single port with just enough access to provide credentials. The Wi-Fi flavor of choice is WPA/WPA2 Enterprise, and the secured method of choice is PEAP. Even if every 802.1X user logs in using PEAP with the same user name and password, the keying process is protected from other users and outside crackers. Update: Reader Elmae suggests "Little Bo PEAP" instead of Firecracker.
Even though 802.1X is built into Mac OS X since about 2004, Windows starting in XP SP2, and available at no cost for GNU/Linux, BSD, Unix, and other variants (as well as for older Mac/Win flavors), it's got just enough overhead that hotspots haven't wanted to use it.
While hotspots aren't liable for people sidejacking with Firesheep or simply sucking down and analyze traffic on their networks (disclosure: IANAL), 802.1X is cheap and easy to implement when there's a single user account and password. It's possible we'll see some uptake. The long-term solution is for all Web sites that handle any data to encrypt the entirety of all user sessions.
Update: Commenter foobar pokes a hole, pun intended, in my suggestion for using 802.1X with a single user name/password: Hole196. This vulnerability, documented by AirTight, afflicts 802.1X networks. It allows a malicious party to spoof the access point for sending broadcast messages, and allows ARP and DNS poisoning. Thus Firecracker could become fARPcracker, and, once again, Firesheep emerges victorious. (I wrote about Hole196 for Ars Technica; it's not that big a deal for the enterprise, but it's perfectly easy to use in a hotspot.) Thus, sites securing all their connections with SSL/TLS becomes the only practical method to ensure privacy and prevent sidejacking.
Photo by Magic Foundry, used via Creative Commons.
You're safe if your password isn't in any dictionary, including the special dictionaries used for password cracking (these dictionaries will try random words in combination, as well as common letter-number substitutions such as "1" for "i" and so on). The crack works on WPA and WPA2-locked networks.
Your best bet is a long, random string for a password -- 64 bits of random noise will probably foil something like this for a good time to come. But good luck reading the password aloud to your visiting friend when she needs to get her laptop online.
- Chinese WiFinders with built-in password-crackers
- Brit ISP TalkTalk shows why cutting people off because a record ...
- Google: We inadvertently collected personal data sent over open ...
- French hackers unveil the HADOPI router: cracks nearby WiFi and ...
- Dublin city council cancels free citywide WiFi: "Illegal under ...
With one of the "network-scrounging cards," or "ceng wang ka" in Chinese, a user with little technical knowledge can easily steal passwords to get online via Wi-Fi networks owned by other people.Wi-Fi key-cracking kits sold in China mean free Internet (via /.
The kits are also cheap. A merchant in a Beijing bazaar sold one for 165 yuan ($24), a price that included setup help from a man at the other end of the sprawling, multistory building.
The main piece of the kits, an adapter with a six-inch antenna that plugs into a USB port, comes with a CD-ROM to install its driver and a separate live CD-ROM that boots up an operating system called BackTrack. In BackTrack, the user can run applications that try to obtain keys for two protocols used to secure Wi-Fi networks, WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access). After a successful attack by the applications, called Spoonwep and Spoonwpa, a user can restart Windows and use the revealed key to access its Wi-Fi network.
Pictured below is a makeshift reflector constructed from pieces of board, wire, a plastic tub and, ironically enough, a couple of USAID vegetable oil cans that was made today by Hameed, Rahmat and their friend "Mr. Willy". It is TOTALLY AWESOME, and EXACTLY what Fab is all about.The Jalalabad Fab Fi Network Continues to Grow With a Little Help from Their Friends (via Futurismic)
The boys at the Jalalabad Fab Lab came up with their own design to meet the growing demand created by the International Fab surge last September. As usual all surge participants who came from the US, South Africa, Iceland and England paid their own way. Somebody needs to sponsor these people.
For those of you who are suckers for numbers, the reflector links up just shy of -71dBm at about 1km, giving it a gain of somewhere between 5 and 6dBi. With a little tweaking and a true parabolic shape, it could easily be as powerful as the small FabFi pictured above (which is roughly 8-10dBi depending on materials)
Graham Cove told ZDNet UK on Friday he believes the case to be the first of its kind in the UK. However, he would not identify the pub concerned, because its owner -- a pubco that is a client of The Cloud's -- had not yet given their permission for the case to be publicised...Pub 'fined £8k' for Wi-Fi copyright infringement (Thanks, Zoran)
According to internet law professor Lilian Edwards, of Sheffield Law School, where a business operates an open Wi-Fi spot to give customers or visitors internet access, they would be "not be responsible in theory" for users' unlawful downloads, under "existing substantive copyright law".