Oooh! Scary! Share your wireless access and you might let your neighbors “peer into files containing sensitive financial and personal information, release malicious viruses and worms that could do irreparable damage, or use the computer as a launching pad for identity theft or the uploading and downloading of child pornography.”
Or you might not. Have a modicum of good sense about security and you’ll have locked down your computer against these sorts of intrusions – which can occur on any computer attached to the Internet, not just to computers attached to open Wifi networks.
But hey, good sense doesn’t sell newspapers as well as sensationalism, and the Times engages in some serious gratuitous panic-spreading with Sunday’s “Hey Neighbor, Stop Piggybacking on My Wireless”. And evidently, this sort of breathless reporting is very popular – it’s the most emailed story on the Times’s site over the past 24 hours.
Some basic facts – almost every wireless router in the world comes with an easily set option to turn on WAP encryption. While WAP is not an especially strong encryption scheme – techniques exist to crack it – it will keep most casual users from accessing your network, if that’s what you want. It means, however, that you’ll need to set a password for your network and give that password to anyone else you want to have access to your network. If, like me, you have lots of houseguests that carry laptops, you might prefer not to make all your guests memorize an eight-digit hexidecimal passphrase so they can check their email. (Then again, the only neighbors who share my wifi are moose. It’s hard to keep them off the network, as their antlers are amazingly effective directional antennae. And they’ve got an insatiable appetite for pirated mp3s.)
Any computer attached to the Internet via a broadband connection can be attacked. If you’re running Windows – the most commonly attacked system because of its lax security policies, its mediocre self-patching system and the existence of a large number of known exploits – and you’re not running a good firewall, you’ve probably already been compromised. Sure, your machine can be attacked by a hacker sitting outside your window. But you’re more likely to be attacked by someone in Brazil, Romania, or at least a safe distance away from your house – why would I possibly try to compromise your system when you can look out your window and see me trying?
(Well, I’d do it because then I could run a packet sniffer on your network and see if I could pick up unencrypted passwords that you’re using on non-https websites. But this is probably a better argument for teaching people to use SSL, not for closing open wireless networks…)
There are two legitimate worries as regards piggybacking – one is bandwidth use, and the other is use to launch attacks or dowload banned content. In the second case – where someone uses your unsecured wireless network to hack the Pentagon or download child porn, you can show that you’ve got an unencrypted network and make the argument that you’re not the hacker/slimeball initiating the requests. If said slimeball guesses/finds/cracks your WAP password, you’ll have a much harder time explaining to the FBI that you weren’t the one visiting hotllamasex.com…)
In the first case – wifi-enabled moose clogging your pipe with thousands of downloads from LimeWire – this is an argument for sharing bandwidth, but using techniques to “shape” bandwidth so that you’re only sharing a portion of your connection. As commenters pointed out the last time I wrote about WiFi, most packages distributed by community wireless networks – collectives designed to provide free internet coverage by allowing people to safely share their broadband connections – include options for bandwidth shaping, so that the moose can download only a few mp3s and you can still check your email.
The last paragraph of the otherwise paranoid story is good news, I think, for FON, the for-profit wireless company I help advise. (Please see my disclosures page for full information on my relationship with FON.) The Brodeurs, who were inadvertently sharing their Wifi connection in Los Angeles, pissed off some of their neighbors, who offered to pay for continued access to the network. That’s precisely what FON lets you do – open your access point to a limited number of users for a fee, letting them pay to help subsidize your connection. Does the fact that the Brodeurs decided not to do this imply that we’ve got a broken business model? Or that it’s an idea that’s been waiting for someone to make the technology dead simple so that people can share their connections with fewer security worries and a way to make some money in the process?