[wsfii-discuss] Fwd: [india-gii] poor WiFi encryption a security risk

Alexander List alex at list.priv.at
Fri Sep 19 18:19:46 UTC 2008


wlanmac wrote:
> What makes matters worse is that your laptop will likely automatically
> connect to open networks and apps like e-mail will start synchronizing.
> This might even happen *before* the user has made any kind of risk
> assessment. At least with networks providing a captive portal, this kind
> of automatic loss of information isn't so automatic - connections to the
> POP server will fail. The user can then be given some information about
> the network, terms of service, the risks, and other tips on how to
> protect themselves before clicking to get access.

Educating users about using end-to-end encryption and providing open
access are two different things not to be mixed up. A reminder on a
captive portal to use SSL etc. is all that should be done on the network
level. Education sessions on "how do I make sure my POP3 connection is
safe" etc. should be held too, but ymmv. It is the users responsibility
to make sure their sensitive traffic is protected. Encrypting on the
WiFi layer just gives the users a false feeling of security.

I do also think that users of wired ISPs should be educated about the
risks of unencrypted e-mail, and the possibilites to encrypt personal
communications like gpg.

Alex

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.okfn.org/pipermail/wsfii-discuss/attachments/20080919/b27abb30/attachment.sig>


More information about the wsfii-discuss mailing list