[wsfii-discuss] Fwd: [india-gii] poor WiFi encryption a security risk
Alexander List
alex at list.priv.at
Thu Sep 18 14:33:03 UTC 2008
wlanmac wrote:
> True, but your analogy isn't complete, in my opinion.
>
> Roads are patrolled by police and sometimes cctv. You need a license
> to drive and are subject to random inspection.
And again, I find an easy circumvention of that. CCTV is - at least in
central Europe - only used on motorways and in cities. If you use
national roads, you can circumvent CCTV. If you don't want to be
monitored, you can just steal a car (bad idea, then police will actively
search for the car, and not that I want anybody to actually try that!!)
or take the bus. In the countries where I've been travelling, buying a
bus or train ticket is still a totally anonymous procedure. Another
option for using roads without registration is riding a bicycle. Or a
horse/horse carriage.
Of course you risk random inspection, but that risk is negligible.
Unless you cross borders or use trains that do, police inspections are
rather rare in democratic countries... the ones I experienced in Austria
were for searching illegal immigrants or drugs. Nobody ever searched for
terrorists. At least, they didn't tell...
> The postal system puts
> safeguards in place to deal with threats.
What are those safeguards? Do you really want to x-ray all parcels, and
scan all letters for possible biohazard? Sounds like total overkill, and
an expensive one, too.
> Cellular networks are
> not free and open and they also monitor and track usage.
So, just buy a prepaid SIM, without registration. Still available in
many countries. Or, again, steal a cellphone to cover your identity.
(Don't! I am just giving examples how easy it is to circumvent
surveillance. So, surveillance will only affect non-criminals... because
criminals won't mind stealing cars or cellphones.)
> What safeguards are put into open WiFi networks?
>
What safeguards are used in Internet cafes and public phone booths? Do
you want them to require photo ID before granting access?
> How are they patrolled and/or monitored?
>
Why would you want to?
> Closing the 'networks' you pointed out would indeed have serious
> implications to business, life, and liberty. Does closing down
> (or securing) WiFi have the same kind of consequences? hmm...
If Wifi is the only available means of digital communication available
to a huge number of people at a reasonable price, yes. There are
countries where phone lines are not available/extremely expensive...
Every open network community has to decide on its own how they handle
possible abuse. But I wouldn't want to introduce security mechanisms
like authenticationi or monitoring before anything happens. If something
happens, you can still rethink the issue and eventually require
authentication. But that will lead to authorities demanding that you log
everything etc - maybe too much administrative overhead for a community
network... and actually playing police is not the job of
sysadmins/network owners. That's a function that should be performed by
the state, and only if there's an ongoing investigation, with a warrant
signed by a judge.
Alex
More information about the wsfii-discuss
mailing list