Accessing unprotected Wi-Fi

There is little discussion about this subject on forums and I was wondering what you all think about unprotected Wi-Fi.

1. Do you think it's illegal to access them?
2. What do you think about owner responsibility?

For question #1, I think it depends what the owner is attempting to accomplish. I can only think of three scenarios why their Wi-Fi is unprotected.
A. They want an open AP (Access Point) for whatever reason.
B. They are naive about computer and/or Internet security.
C. They are aware of security, but could care less.

I can understand the first scenario (A) to a certain degree, but that begs question #2 to be asked. What if a wardriver accessed their unprotected Wi-Fi and is conducting illegal stuff? The wardriver will move on, but the owner has the originating IP address. The police/FBI/law enforcement agency will confiscate the Wi-Fi owner computer(s) and if nothing is found, no charges should follow (presumedly unless this has been done before).

For question #2, I do feel the owner is somewhat responsible. In this day and age, ignorance can not really be used. Even router manuals suggest using the strongest protection possible or at the very least, use some protection. If the owner has the means to protect their Wi-Fi, but fails to do so whose fault is that?
And of course there are exceptions to circumstances. I can't blame a 70 year old woman whose grandson setup her wireless connection and he neglected to protect it.

When I first got Wi-Fi, it took all about 30 minutes learning to setup a very highly secure WPA with AES encryption on three computers.
I use 63 random printable ASCII characters. In addition, both SSID Broadcast and Wireless MAC Filter are disabled.

Another thing about unprotected Wi-Fi is that no "break-in" (hack) occurred. If the owner had even the simplest WEP protection and a person "cracked" the password, that could be construed as a "break-in". Am I right? And isn't an unprotected Wi-Fi basically public domain?

I'm asking this because it seems the person accessing an unprotected Wi-Fi is always at fault. It seems the owner wants the ease of mobility without the hassle of security.

Discuss.

Hi..;)
It is illegal to access someone else's wifi without their permission.
All said and done... if you don't lock your front door.. (for whatever reason)..does that give the right to anyone to enter your house and use your facilities without asking first??

I think many people set up their systems and are so relieved it actually "works", that they simply forget all about securing it until they get problems and visit sites such as PCGuide or one of the malware removal sites and are reminded about it!

Bottom line... the fact that you CAN, doesn't mean that it's right (either legally or morally) to do it...
Just my opinion of course...:D :D

Fred..:p

It is illegal.
Anyone who accesses the access point illegally can have no defence, especially 'it was there so I did it'

Users should be more aware of security, but 'should' and reality are two different things.
Most people, (as pointed out) are just happy if something works, and let's face it- it doesn't always, even with XP etc.
People are reluctant to pay for techies to set up their system, but don't know how to do it themselves.
The 'One touch' security systems which are becoming available are a step forward - but it is never going to be 100%, as software firewalls etc, together with admin rights can mess with non-techies heads.

Then there is the issue of upgrading.
WEP is dead in the water - anyone who uses it can forget about protecting themselves against anyone who actually wants to get on their system.
So do they pay out to upgrade? it isn't always just the access point, it's the cards as well, all of which add up.

I think something like an SD slot or preferably a smart card set up on the AP, and then used once on the PCs to set security would be a good way to go - only those with the SD or smart card could set up the computers, but a simple auto-run program on the card could do everything (yes, I know there are half-way houses on this at present, but we're not there yet)

I can understand where you're both coming from, but...

So you both are saying that unprotected airwaves are protected property? Isn't that an oxymoron statement?
I can totally understand if the owner is using at least WEP. That is protected airwaves, though lacking.
I did a search for "unprotected airwaves" at the FCC.gov site and nothing was relevant.

Fred,
In the scope of things, we're not talking about an unlocked front door. That is like apples vs. oranges

deddard,
While WEP is dead water, that at least is better than nothing.
I think Windows has a wireless setup. I've never used it fully, but it does involve a USB flashdrive. Could be for transferring passphrases.
And that 'One touch' setup is a good point. Should manufacturers be more pro-active about wireless security?

Iif a wardriver uses a completely unprotected.Wi-Fi connection and downloads illegal porn, who is responsible?
The wardriver who will move on and most likely not to be caught, or the person who has the originating IP address?

In California and New York, it's illegal for businesses to use unprotected Wi-Fi. A $250 fine I believe.
There in no federal law about using unprotected Wi-Fi. It is all state regulated. And it varies from state to state.

Iif a wardriver uses a completely unprotected.Wi-Fi connection and downloads illegal porn, who is responsible?
The wardriver who will move on and most likely not to be caught, or the person who has the originating IP address?

The answer is obvious. The owner of the account is responsible just like how unsuspecting 'moms' (for example) are being sued by the RIAA for illegal downloads of music DL'ed by their children and or friends of.

If a drive-by DL's illegal porn and then leaves, the 'mom' gets sued, where's the evidence? Gone. Not even data recovery will find it because it was never on 'her' system. But if the servers have the evidence of where it went and it is illegal to have it or to have an unprotected wifi, then she's in trouble.

The answer is obvious. The owner of the account is responsible just like how unsuspecting 'moms' (for example) are being sued by the RIAA for illegal downloads of music DL'ed by their children and or friends of.

Exactly. The owner of Wi-Fi has responsibilities as well. I just think it's stupid that a person who uses a unprotected Wi-Fi to check their e-mail or something, gets busted and has to pay a fine.
Does the owner of unprotected Wi-Fi get fined? Not at all.
I agree with Fred and feel that it may be morally wrong to steal bandwidth, but if it's unprotected it is public domain. But that is just my personal opinion.


If a drive-by DL's illegal porn and then leaves, the 'mom' gets sued, where's the evidence? Gone. Not even data recovery will find it because it was never on 'her' system. But if the servers have the evidence of where it went and it is illegal to have it or to have an unprotected wifi, then she's in trouble.

Well... Unless a removable drive was used. And who's to say one wasn't used?
The only evidence is the originating IP address.

if you don't lock your front door.. (for whatever reason)..does that give the right to anyone to enter your house and use your facilities without asking first??No, but neither that does absolve the home owner of the initial responsibility. Just because theft is illegal doesn't mean owners do not have a responsibility for securing their property and rented services. Consider the fact that insurance companies will not cover stolen property if there is no evidence of breaking and entering. If you leave your front door unlocked and you are burglarized, well... that's how insurance fraud claims start! ;) You are certainly not going to be covered in a case like that if there's no breaking involved with the entering into your home - at that point, the insurance company considers you to have granted access to anyone entering your home. In short, they blame you as well!

Same goes for large corporations and institutions. If your bank leaves its door unlocked one night with the code to the vault sitting on the front counter, and all the money gets stolen, are you going to tell them "oh, that's ok, I didn't really need my money anyway"?? Most likely, it's going to be a case of "it's your fault my money got stolen, so you owe me either way". Do we not also expect this same level of security for our other properties? Electronic bank statements and credit card transactions and data privacy? Just because it's wrong to steal doesn't mean it isn't also wrong to ignore protection and responsibility. In the case of internet, that's a service being provided by the ISP. It's their responsibility to give you that service, and likewise you are responsible for its use. If you don't protect it and illegal activity happens on it, you are responsible to the ISP, just as the ISP is responsible to any law enforcement agencies that may get involved, just as the law enforcement agencies are responsible to the people as a whole, etc. It's a big circle of duty and responsibility. If a parent keeps a gun in the house, is not that parent responsible for its protected access? If a child gets at the gun and shoots someone at school, is not the parent also involved in the criminal accusations? You can't just shirk any and all responsibility at your convenience with the attitude that it should not have been exploited in the first place. Naivety and carelessness and all other forms of such attitudes and behaviors are not protected under the law, nor should they be.

All this talk of responsibility and blame is a two-way street. We expect ourselves to be reasonably protected in our societies and likewise we have to protect ourselves and others in a reasonable way. Being a member of a society brings with it certain expectations. When people do not adhere to them, bad things happen. This is why in the US, a federal law had to be passed in the 70's stating that any resident of the country is responsible for helping any other resident of the country in mortal danger. The case of a woman who was stabbed behind her apartment building and left for dead by her neighbors after several hours of screaming for help (!) :eek: prompted such a formal law of something that really should have been human decency. Granted that was an extreme case, but think about unprotected WiFi in an extreme case. If a wardriver uses an unprotected wireless signal to surf some hate sites and download plans for a home-made bomb, how close is that to aiding and abetting a crime? At the very least, I should think it a terrible lack of reasonably protecting your fellow members of society from casual danger. Not that this particular incident is likely to happen at all (probably more along the lines of pr0n like everyone else is thinking) but then again, it could. And if you really are naive enough to think otherwise, why lock your front door?

I only took a cursory look through thread after the initial post so forgive me if I am way off base of further topics.

But as to the initial question there is one simple answer. It is wrong.

If you are to leave your door unlocked is it OK for someone to come in your house and take your belongings? Will they still be arrested if caught? Would you still be pissed off at them, or would you let them go because you forgot to lock your door so it's your fault?

Many people think, well I am just going down the block I will be right back. Or I will leave the car running while I go in the store real quick, or letting the car warm up on a really cold day.

These things are not the smartest thing to do, but the person that takes advantage of it is still a criminal. ;)

First: It may or may night be illegal. It depends on the state or local jurisdiction. That is just the way it is.

Next: Yes the owner of the Wifi has the responsibility to secure the connection.

Now for the heart of the matter, if you use an unsecured wifi spot, what you are doing is:

WRONG

ethically, morally or anyway your look at it. If someone pays for an Internet connection, you have no right to look at it without their consent. There is no discussion, debate or argument. It's just plain wrong.......

It's more wrong to be accused of a crime that you didn't commit.

http://www.out-law.com/default.aspx?page=7991
Open Wi-Fi proves no defense in child porn case | OUT-LAW.COM

I'm just surprised that there hasn't been more cases like that.

By the way, there are two people near where I live that use no wireless encryption. Two others use WEP and one uses WPA.

And I can almost guarantee that a drive-by at an apartment complex will have at least one unprotected wireless encryption.

I don't understand why some don't understand the chance they take.

even worse:
http://www.out-law.com/page-7448
people are actually telling others to not secure their network..

I missed that article. Thanks.

It would be funny if it weren't so sad.

So you both are saying that unprotected airwaves are protected property? Isn't that an oxymoron statement?


Airwaves are not the issue, you are connecting to their device on their property. This logic would only make sense if you were only receiving signals from an AP, since you are also SENDING signals through the AP the logic fails.

Consider the fact that insurance companies will not cover stolen property if there is no evidence of breaking and entering

I have never heard that, if someone picks your lock on your home you could not tell, if they were good. In any case, insurance covers theft, you do not have to lock your front door to be covered, if you do, change your insurance company. Cars are different, still, hard to prove it wasn't locked if the car is missing isn't it?

you do not have to lock your front door to be covered, if you do, change your insurance company.Might be a state law or trend then. More and more in MN are converting to this ideology, making it difficult or impossible for MN residents to find an insurance company that doesn't have some fine print in this area. It also differs on the type of coverage, the amount, and status of abode (home, townhome, apartment, etc). I don't know about non-MN companies, but around here, if there's enough suspicion about the legitimacy of the theft, the insurance companies have some legal wiggle room. Not a widespread problem or anything - hasn't made the news - but it's there. Then again, how often do people really read the fine print? :p If there are any insurance companies in your area that do this, how many people are getting duped?

And by extension, isn't that the whole idea surrounding this discussion of unprotected wireless networks? If a non-techie doesn't even know about this concept, what are the consequences? I'd say in so far as that is concerned, it just might be becoming too complex to live a knowledgeable life! Whether your wireless is unprotected or your insurance company is giving you the shaft, how much are people missing out on by not knowing enough?

If someone hosts a free WiFi WAP and explicitly labels it as free, it should not be a crime.
If that someone's ISP forbids free broadcasting of their Internet connection in the ISP's Terms of Service it is likely a crime.

Freeloading on open access points is using the owner's bandwidth and connection without their permission and may be a crime depending on jurisdiction, since it may be theft of the owners paid utility, and availing yourself of the connection without explicit permission is certainly unethical even if not criminal.

Any attempt to access the other PCs on the LAN accessed via the WAP is almost certainly a crime in most countries and states.

If someone hosts a free WiFi WAP and explicitly labels it as free, it should not be a crime.
If that someone's ISP forbids free broadcasting of their Internet connection in the ISP's Terms of Service it is likely a crime.

Freeloading on open access points is using the owner's bandwidth and connection without their permission and may be a crime depending on jurisdiction, since it may be theft of the owners paid utility, and availing yourself of the connection without explicit permission is certainly unethical even if not criminal.

Any attempt to access the other PCs on the LAN accessed via the WAP is almost certainly a crime in most countries and states.

That about sums things up.

In the UK it is a breach of the telecommunications act to access a private access point without permission. Sites such as 'the cloud' (a system set up by BT, which is a large group of APs which anyone can connect to) obviously have their own rules, but the UK has some pretty strict rules on using RF of any variety.

We can argue that users have a duty to protect their system, but it isn't the easiest thing in the world to do.
Locking your front door is simple - insert key, turn, put key in pocket.
Locking down an AP is a different kettle of fish - whilst those of us on this site are happy to play around with IT gear, and even if we don't know what we're doing, we can ask here, the average joe knows very little.
I was speaking to someone last night who has recently started Uni, and could have fast tracked their first year, but had to hold back as they knew nothing about PCs.

Another person I spoke to last night was having trouble on a computer course - wondering why nothing was happening when he typed something in - it wasn't until someoen said 'you need to press "enter"' that he got it.
It's easy for us to judge, but if anything, we're the ones who should just knock on our neighbours door and say 'look, your system is unprotected; go to PCguide.com, sign up and ask what to do about it'

Even a note through the door with the same info would be ok, but don't be too hard on the average user - they're struggling enough as it is.
As for corporations which leave their system unprotected........well they need a serious kick up the backside at the very least.

whilst those of us on this site are happy to play around with IT gear, and even if we don't know what we're doing, we can ask here, the average joe knows very little.That's exactly my point. Is it in fact becoming too complex for the average Joe to effectively use computers? I ask this question specifically because it is my opinion that one should suffer the consequences (if any) of having an unprotected wireless network. Legally speaking, ignorance of the law is no excuse! If you go on vacation to another country and commit a crime according to their laws, you get thrown in jail! Same thing if you visit another state, or simply commit a crime near your house without knowing the law.

Now let's say more laws are created surrounding this unprotected wireless notion based on the cases that have come up lately. (Realistically, the RIAA and MPAA could push through national laws based on the "ignorance is no excuse" argument and win!) If it could be proven that you had no protection and there was a law against that, where does that leave the average Joe? This could be a very real situation as the years go on! You may laugh now, but think about the tech-related laws that have cropped up thus far. The RIAA wins against minors alone boggle the mind!

We've really gotten to the point where it's difficult to tell the difference between stupid criminals and ignorant passers-by. I can't tell you the number of people that are shocked when I inform them that downloading free music is illegal! :eek: To me, that's like a WTF? moment! You have to pay for music in the stores - it's been that way since the days of vinyl LP's! Why would anyone with common sense think that it's OK to get free music just because it's online? And that's the way the courts see it, too, judging from all the RIAA wins. Once again, ignorance is no excuse.

Which brings me full circle. We all agree that it's definitely unethical and possibly illegal to jump on an unprotected wireless network and use it. But what about the owner's responsibility? Legally, nothing can be pinned on the owner. Yet. But already we see a few in-roads into this area by the RIAA and MPAA (just like always). What happens if/when they win and get laws put in place? If they say that protection is required (even if it's only WEP) and the courts agree with them, what happens to the average Joe? Will they be required to hire someone to protect their wireless network(s)? Is that such a big deal? Would that be akin to the owner's responsibility of obtaining and paying insurance on a vehicle or driver's license fees or TV taxes? Is it the type of common sense that should be used when making sure you're wearing shoes and a shirt when going shopping? Is it easy enough to techies like locking your front door that we should all be paid for protecting our neighbors' wireless networks? Or is this going to fall into the realm of ridiculousness and be rejected like all other attempts by "Big Brother" to control our homes?

I still say you have a duty to reasonably protect yourself and fellow citizens from harm, which would include unprotected wireless networks. It's easy to do if you can read the QIG for your wireless AP/router, just like you're expected to abide by the legal fine print for your bank and mortgage lender. Ignorance is no excuse for the law - but it's not a law yet, is it? Should it be?

Saphalline:

You bring up two points:

Legal: I am not a lawyer and laws vary from state to state. There may be a law requiring you to secure your wireless lan. The providers of wireless gear will help the end user.

Moral: Here is where I get as mad a hatter. It's wrong to download copyrighted material. It's wrong to use someone else's Internet connection. It's wrong. No amount of rationalizing makes it OK. We have lost all sense of values in this country....

It's wrong to download copyrighted material. It's wrong to use someone else's Internet connection. It's wrong. No amount of rationalizing makes it OK.Yeah, I totally agree there. I tried to make that clear in my responses, but if it wasn't clear then I apologize.

I'm just trying to get at question #2 that John0904 originally asked. Owner responsibility.

I'll add another twist or two to this .
1# RR ( timewarner cable) sells cable service and internet.
IF a neighbor taps into another persons service (cable tv) he/she can be jailed ( in WI.)
Yet RR installs wifi as a part of this same service and does NOT setup any security for the customer
Even when they install the Nic and/or other remaining wifi hardware ..

2# Think about this.
I am on an unsecured wifi at this very moment
Sitting in a motel with hundreds of rooms.
With nothing more than an agree to use page

This happens more often than you can imagine..
Setting up access to 10 to 200 rooms ( this one has 200)
Why no security? To much cost ? ignorance ?

In the case of the hotel it all comes down to cost
That free high speed internet sign brings one more feature to the price of a room and has made the difference between my renting here as apposed to next door.. ( $4.95 a day )

My friend went to a hotel by the beach, and found out that they give away free un-protected wi-fi. A scan around my house shows about 5 unsecure wi-fi networks for access.

Many of the Hotels have unsecured
But don't give it away

IT's free to hotel customers

The number of people who park in the lot and just use drives some of them nuts

Hotels are a business. Thus they have an extra layer or more of expertise and legal boundaries. Any hotel big enough to provide free WiFi will also have a firewall, a legal department, and an IT department. So there's probably an ISP agreement in there along with the firewall services to block certain content (you have to agree to their T&C page before you surf, for instance). I think hotels are covered in this day and age on a legal basis.

But what about home users? I say home users are also responsible for their wireless network. Does anybody agree or disagree?

But what about home users? I say home users are also responsible for their wireless network. Does anybody agree or disagree?
I have been staying out of this, but now I want to make a point... It is not a simple matter of "agree or disagree"... If you install (or more likely - have installed) a wireless network and your networked is hijacked because it is not secure, it is your responsibility to an extent because that is the way things are set up at this point... However, it is also not your responsibility since you were told that it would work without any particular effort on your part and all you need to do is plug it in and turn it on...

We are generally geeks around here and are more likely to make conscious decisions to either use tighter security or not... Most people out there barely have a clue when it comes to the intricacies of using a computer or going online... They are told that it is safe and doesn't require any special effort on their part... When they get infected, they often assume that it is simply because they did something wrong or the computer just naturally slows down like that... If routers came with a forced security protocol so that the user had to enter a strong password before the network would go live, it would save a huge amount of hassle... The technology exists and would not be that difficult to use, but it would mean letting the users know that it is dangerous and just a bit more complex than they were told... Right now, you can run wireless routers indefinitely with the default password and that is just irresponsible on the part of the vendors...

If the industry wants computers to be a commodity that everyone uses without fear, they need to make them simpler to use and more secure out of the box... Where a password is appropriate, the programs need to insist on them and require a level of strength before they allow the user to proceed...

As to question #1, that's a simple matter. If you're going to say "It's illegal" you ought to at least post the legal code that defines this. It is not honest to make this assertion gratuitously. If there is no law that says it is illegal, then it is legal. Whether or not it is wrong is subject to debate. (What if I don't mind giving away my internet? Is it still wrong for people to use it without my expressed permission? How do you know the AP owner doesn't want to share?)

As to question #2, the answer is no, the owner or responsible only to his/her own private data. Say drive-by user X uses a hijacked connection to do something illegal outside the knowledge of AP owner Y. If Y is criminally liable, then what is the charge? More importantly, where is the evidence if the packets are traced to the public IP and stop there? Last I checked, in the US we are innocent until proven guilty and it is not possible to prove Y guilty based data sent to and from his public IP if his/her wireless AP is wide open.

Question #2 is academic anyway. If you sniff packets at the public IP, you can easily see that there are more than just the owner's computer on that connection due to the fact that NAT uses separate arbitrary high ports to differentiate traffic between hosts.

Put simply - it's a grey area and it varies from place to place. The law is in a flux over this as with much "new technology". There are advocates of deliberately enabling an amount of shared access from all wifis. There have been convictions as well.

http://daledietrich.com/imedia/2006/03/23/illinois-wifi-freeloader-fined-us250/

Well, there we go. People disagree with me! :D

I was making a hard-lined stance here that users are responsible, without any caveats, for protecting their wireless networks. Even with WEP. :rolleyes: If anyone disagrees with that, which is the case since you are all tacking on extra clauses, then that is a simple answer. I'm putting this in black & white to see what everyone thinks. I'm saying that any protection should be the owner's responsibility, and that the owner should suffer the consequences of not protecting their wireless network. Now I'm not saying what, if any, consequences may result - just that wireless networks need to be protected to avoid them.

There is definitely grey area when it comes to which protection schemes are used today, and the intent of providing an open wireless network, and exactly what laws are in place. But that was not my point. It seemed everyone missed my point, which probably means I wasn't clear (it happens a lot). My point is simple. Very cut-and-dried and very black & white. I admit that. I was just wondering what everyone thought of that, and you have provided good input.

I do agree that the average Joe knows nothing about this stuff and it's all very complicated and techie. However, I also stated that this may in fact be another situation where it is becoming increasingly complex to live in our modern societies! Do I expect my grandma to learn this techie stuff to the point where she can set-up and secure her own wireless network? No! But then again, my grandma also needs help wading through HMO documentation and elderly laws for drivers licenses! In short, there are already several situations in life in which the average Joe can't function without more knowledge, and yet the laws don't bend for them, do they? That was my whole argument about ignorance not being an excuse. Granted the laws surrounding tech are inconsistent and absent in many cases, but suppose all this RIAA and MPAA suing increases to the point where laws must be made? Considering that you have to be a hobby lawyer just to fully understand several aspects of societal survival as of right now, what's to stop a law from being passed that holds owners responsible for their unprotected wireless networks? And if all of this happens, and it becomes an unreasonable law, then what?

In the case of elderly people who don't understand all the legal jumble surrounding their situations with drivers licenses and health care and residency, aren't they already being legally forced to know things that one may consider unreasonable as an expectation? Dealing with a few grandparents right now myself, and I can say that the argument about unreasonable expectations has already been thrown out the window! In the legal sense, anyway. So in that case, unreasonable techie knowledge or not, if a law is passed about unprotected wireless networks, what's going to happen?

There are local jurisdictions, County governments in particular, where laws have been passed making accessing WiFi without permission a crime.
There are also laws in some locations that require users to secure their wireless access point or be subject to fines of $250 or greater.

I think Saphalline has made the point for law quite well - on reflection it could be possible to introduce legislation forcing people to secure systems.
If we introduced it over a period of time (i.e. a countdown) and used a lot of publicity it could well work.
By this I mean that most people would, as in the case of the switchover to digital TV (already started in the UK)) buy newer equipment, and let's face it, it's likely they will appreciate the benefits of increased speed as well.

Buying new equipment is one thing, but if legislation on securing systems is introduced, then equal legislation should apply to the manufacturers -this is the second part of the security lockdown.
Forcing manufacturers to put an idiot-proof security system on wireless, with fines (or even better, non-compliance) would make them stamp their feet and work together, something which is sadly lacking today.

I still think something along the lines of an SD card, whcih could also hold an app to make the security wizard run on older systems which don't have a newer standard of security built in would be the best option - literally plug and play.
The other thing which would make it easier is a small LCD sceen, together with USB keyboard (or even just mouse) input on the AP - it isn't expensive any more, and I think people would react more favourably if they interacted with the router/AP directly, rather than trying to access it via a network connection.

Just to clarify my waffling, here's how it would go:

User gets an AP which has a screen, small keyboard/glidepad, together with a secure flash card.
They're instructed to switch the gear on with the keyboard plugged in, and then the AP asks for the sd card.
They're asked to choose a password, and told to keep a copy somewhere safe.
The system generates a further password (uber-long and complex) and stores it together with techy details on the card.
THey're asked basic questions about whether they want anyone to be able to access it, or tie it down to certain pcs.
After that they plug the card into their PCs, whcih gathers mac addresses etc.
The system runs with everything locked down. a single uber-secure channel is opened on the AP, and when the card is inserted into the PC, it securely transmits everything nevessary to the AP.
If necessary, the info on the SD card can be manually transferred back to the AP by re-inserting it in the AP and entering the password, and simply choosing to add a new pc.

SO in short it's:
Plug it in
Hook up the peripherals
Put the card in
choose a password,
choose to add some PCs
plug the card into each PC and let the app run
on the AP, choose to end the setup.

Any other setup parameters (especially if it is a router) could be done directly on the AP.

THis may sound a bit long winded, but the steps are simple, and it bypasses the weaknesses inherent in the current 'one touch' security (which still leaves a window of exploitation)

ok, that's me done. back to my coloured crayons:D

I agree with any system that makes it easy for the average user to secure their network with about 2 or 3 clicks of the mouse and then doesn't require remembering extensive passwords or any other hoops to jump through...

I am not a networking wizard by any means, but I am not exactly a newbie... I set up my router without any hassle and it worked well for a number of months... It was acting wonky recently, so I decided to reset it and used the option to set it back to defaults to wipe it... That was several days ago and I am still working off of a direct connection to my modem since I haven't been able to get the router working again... I am sure I will eventually, but it will require digging up more of the documentation that I stashed when I got it and doing more research into the process... How many users who don't know much more than pushing a power button and "You've got mail" would be able to fix and secure that connection when it is that much hassle for me?? :mad:

How many users who don't know much more than pushing a power button and "You've got mail" would be able to fix and secure that connection when it is that much hassle for me?? :mad:I guess that's the big hitch in all our plans, huh? I mean, this techie stuff really isn't easy by any stretch of the imagination. Maybe it never will be. Maybe we are all doomed to be forever haunted by our non-techie family members and neighbors!! :eek:

Hmmm... Halloween is tomorrow... Maybe I should stay inside and not answer the door!? :eek: :(

Do you need a bit of help there Budfred?
You seem to spend most of your time helping others here - don't forget to ask for some help yourself!!
Post something over in the networking section and we can jump in and give you a hand.

Do you need a bit of help there Budfred?
You seem to spend most of your time helping others here - don't forget to ask for some help yourself!!
Post something over in the networking section and we can jump in and give you a hand.

Thanks... I am not reluctant to ask for help and have done so many times... In this case, it just isn't enough of a problem for me to put full attention to it... I have been working on a couple of computers for people offline and doing my other stuff, so I haven't really focused on it... I hope to have more time this weekend and will see if I can sort it out... I will post if I am still stuck after more of that effort... I suspect that part of it is the router is borked and I will need to get Netgear involved...

My point is more that it is a major hassle for me to figure it out and I am not afraid to move wires, open boxes, mess with the software, mess with the Registry and so on... What does the casual user do?? Since this involves losing access to the Internet, most casual users call someone like one of us to help or they pay the Geek Squad some major cash to repair it... So rather than risk that, they try to avoid touching anything and leave the system wide open to invasion...

If the owner had even the simplest WEP protection
I think that for a non-geek "even the simplest WEP protection" could actually seem a nightmare and because encryption techiques are not "somehow setup by magic" setting-up WEP or WPA or AES are all going to seem unsurmountable to most ordinary domestic users - and notwithstanding that all such encryption is turned off by default in most routers.

I realise that this thread was initiated more with a view to the responsibilties/politics/economics/security of secured -v- unsecured networks but it might be nice if one (or more) of the network geeks around here could start a new thread on the best ways to take this aspect forward. It could then, if it contained good, concise, understandable material, be kept as a sticky.

I state this in the full knowledge that even though somewhat geekish in outlook I had up till recently only used MAC address filtering to "secure" my own wireless network. I haven't yet setup WEP or WPA and would be interested to know it those more versed in this area would consider this adequate or a singular failing in managing a "secure/insecure" network. I would add that from a practical point of view, that because I am in a remote rural location, no-one can come within 200 yards of my house without that sending out MAJOR "strangers about" alerts!! Those that don't understand the "bush telegraph" could do well to read "The Valley of the Squinting Windows" (http://en.wikipedia.org/wiki/Valley_of_the_Squinting_Windows).

As a follow on to my waffling about AP/Routers with displays and controls, it seems we're already part of the way there:

http://catalog.belkin.com/IWCatProductPage.process?Product_Id=379601#

now, as long as the patent wars with wireless don't stifle everything, it could be that I get my wish sometime in the future.

I don't know how "on-topic" this is but following with the thought that wi-fi networks should be obligatorily protected, I know for a fact that all of verizons new DSL customers recieve an out of the box wep encrypted wi-fi router. This in effect forces the user. BUT the problem is that in my opinion these routers shouldn't be shipped with the radio already on. (especially when it's wep and not wpa... due to vulnerabilities)

this is a very interesting topic to me. There's a distinction that very few people think about when they ask a question such as was posed here: Legality vs. Morality.

As was pointed out several times, in many places, there are legal codes that make accessing ANY network without authorization a crime. The issue that arises from these statutes is that they are usually phrased in terms that can be interpreted in different ways.

For example: In one case I read about (I can't find the link, nor can I remember enough salient details to Google it appropriately, so please forgive me) a man accessed a wireless access point whose ssid was "OPENACCESS". He argued (successfully, btw) that the ssid was authorization; some people believe that internet access should be free, so they open their wireless connection to anyone who can connect to it intentionally. He claimed that he thought he was connecting to one of these. Was it Legal? the courts decided it was legal, because of the misleading name of the wireless network. Was it moral? that is a personal judgment call; I tend to think that he was justified, whereas many would believe he should have checked to make sure his assumption was valid.

This is where the quandary lies; there is a definite answer, undeniable and undebatable, as to whether it is legal in your area. The only way you can get debate is when you open your discussion to whether it is morally right, or whether the statute should exist...Which is how I interpret this discussion.

By the way, I know it's not a main topic in this thread, but it was mentioned, so I'd like to give a little background to something Saph referenced. the whole issue concerning the insurance payout if you leave your house unlocked is something that I did some research into...

This became a large issue back a little while back, when the media "discovered" the wonderful tool called a bump key. This was even larger in the UK than it was here, but here's the gist. Keep in mind this will vary depending on your insurance company; I saw the same info on BBC feeds as I did on American news outlets.

Many insurance companies have clauses that say that they are not liable for theft if entry is not forced; if entry is not forced, they assume that the "theft" was an inside job, and a fraud is happening. with a pick of any sort, from hook, to diamond, to S or C, and especially with a rake, you leave small scratches on the flat surface of the bottom of the pins that don't look at all like a key insertion. Even the vibration based lockpick guns leave marks. If, on the other hand, a properly made bump key is used, there are no marks that are inconsistent with a key left, because it is an actual key that is used. There were many people who had their entire houses gutted, and the insurance companies did not pay out, because there was no forced entry to the house. Some people, in fact, when they found the house was burgled, took to smashing a window, just in case, before they called in their claim, just to make sure there was "forced entry".

It's quite interesting to actually read the legalese behind the insurance policies you take out; many people miss key phrases like "forced entry". another nice one is "act of God"...what actually is the definition of that? but I digress.

My own stance on this is a little cut-throat; I don't beleive that you should be breaking laws, but if there's no laws that affect you, I believe it's ok, so long as you are breaking nothing. kind of like a church-used to be many churches where I grew up were left unlocked, and open around the clock. there was an unspoken rule-no matter how degraded you are, no matter what repugnant deeds you were doing that night, you didn't abuse a place of sanctuary. you could come in, look around, sleep if you needed to, but don't abuse it.

I don't feel that ignorance is a valid exuse any more. Setting up a wireless network has been made easier than ever; no more are the days of clicking through endless sub-tabs looking for the mac filtration, or memorizing some 13 digit numerical-hexalpha WEP key. Heck, just to get your wireless router working nowadays, you have to access a wizard. in that wizard is the option to put a simple password using WPA, or WPA2. Not the most secure, as anyone who has fiddled with encryption can tell you, but secure enough to keep out wardrivers. It takes no longer than setting up a printer. In my opinion, if someone is leaving access open, and it's not prohibited by law in your area, I feel no compunction accessing it, as I know I am using it (in my mind) benignly; no viruses, no hacking into their computers, not even hacking into their network (I don't consider it hacking if my computer does it automatically without even asking me...), no stolen music or porn, nothing to get them in trouble, just a small amount of data transmitted and received.

In my mind, it all boils down to tools, and intended use of them. An old story occurs to me, where an NPR interviewer was interviewing a military guy, a major or general or something. He was talking up the boy scout program they were involved with, where a troop would go to their camp, and they would learn skills, among which was shooting. The interviewer (who, by the way, was a woman; it figures into the story) asked whether this was irresponsible, since it was teaching them how to be criminals, how to kill, etc.

The Military guy replied "I don't see it as irresponsible. we're teaching them a skill. You have all the parts and skills necessary to be a prostitute, but you aren't, are you?" Apparently, she had to admit, he had a point.

I love that one...

Now, that being said, I can fully understand how many would say that it is a very wrong thing to do-depending on how you look at it, it is tantamount to walking into someone house without an invite. The way I see it, leaving your wireless unprotected, and the ssid broadcast turned on (with no auto proxy demanding acceptance of terms, such as they have at panera or some hotels) is the same as a church in my neighborhood saying "Hi, come one, come all, we won't turn you away, you are welcome here!". To my way of thinking, the unlocked door on your personal domicile is much closer to leaving your wireless unencrypted, but turning off your ssid broadcasting; after all, when you leave your front door unlocked, you don't put a big sign on it saying "Hi! I'm unlocked!", do you?

I don't feel that ignorance is a valid exuse any more. Setting up a wireless network has been made easier than ever; no more are the days of clicking through endless sub-tabs looking for the mac filtration, or memorizing some 13 digit numerical-hexalpha WEP key. Heck, just to get your wireless router working nowadays, you have to access a wizard. in that wizard is the option to put a simple password using WPA, or WPA2.So if it is so easy, why have I had so much trouble getting it to work -- I am not that much of a newbie... If it goes smoothly and you are knowledgeable and confident about messing with computers, it is really easy -- like when I first set it up... If anything goes wrong, you may be out of luck... You also need to have some idea that you even need to do it... Many of the people I know have had it installed for them by someone else (often a paid tech) and some have not set any security...

Again, until they make it the default, many will not be protected and I don't believe that individual users are responsible for someone raiding their connections...

you fail to give yourself enough credit-from everything I've read by you, you're not a newbie at all.

Perhaps you're using hardware older than a year or two? I know that it's only in the last year where I've seen routers taht have had some thought put into their setup process. On the routers that I've seen, wep or wpa is the default process.

I must admit, I should have been a little more specific when I say I don't feel ignorance is an excuse anymore. more adroitly, I feel that ignorance isn't an excuse anymore for people who have purchased a wireless router recently. which, of course, is not everyone...or even most people. I intended to speak to a trend I was seeing emerging, not a blanket statement; I apologize.

I had a DLink maybe 5 years ago or so that was convoluted...but the new DLink I got 2 years ago for gaming--I think it's the DGL-714--as well as the Linksys that my grandmother got about half a year ago (a relatively common model if the consumer reports is to be believed) have a setup where in order to get the wireless to even work, you plug in the router's power, plug a computer into Ethernet, start a web browser, and then a web-based wizard starts. The web based wizard asks questions like

"Do you have service with <insert company>?" (I think it was bluepond-they ahve different setups than others)
"What do you want the name of your network to be?"
"You should have encryption set up. Please enter a password to access your wireless network:"

The wizards for the routers I've worked with in the last year or so haven't even given you the option to not use encryption of any sort. some models still use WEP (by asking for a pass phrase and then converting it automatically to hex), of course, but even WEP is enough to foil the common wardriver. And if you have to crack a WEP pass code, I consider that hacking into the network, which to me is wrong.

Honestly, I don't know why you've had so many issues, but I would perhaps think that you're using equipment that's not designed well, or is old. Try updating your firmware-that made my DLink Airplus router much easier to work with. I had been under the impression that user interface has been making great strides lately, but perhaps it's only the name brands-DLink, Linksys (which is actually cisco, after all), etc...come to think of it, I dont' have much personal experience with netgear routers. I'll have to see if I can get one...

Even in that case, I generally don't have too much pity for people who buy cheap hardware just to save a buck or two-If you buy cheap, you have to expect faults in design. there's a reason it's cheap. I understand if you're on a budget, but at that point, in my opinion, you have to know that faults will be present-I may have all the reason in the world to buy a cheap used Ford Pinto. When it blows up on me, though, I won't complain, because I knew it was cheap. (not a slam against fords, but rather a comment based on the widely publicized pinto collision-explosions....)

the same philosophy goes into hardware advice-people have to work on budgets, and they have to make sacrifices in order to stay on budget. I understand that. What bugs me is when a person buys budget hardware based off of advice given in these forums, and then comes back to complain about how it doesn't perform up to their standards.

That's where Caveat Emptor comes into play-Buyer Beware. do some research into the device. In this case, people who don't have experience with routers and switches should be asking questions like "is it easy to set up? does it have a wizard for setup?" etc.

I actually wrote a paper in college two years ago wherein I defended the thought that ignorance is an acceptable defence when your network has been used for malicious purposes. back then, given the state of hardware and interfaces, it was acceptable in my eyes. My opinion has slowly changed over the last year or so.

Despite my statement that I don't feel ignorance is much of an excuse anymore, I do feel that in cases where a person is being held accountable for actions on their network, it should be required that there be proof that they should have had reasonable cause to know enough to encrypt their wireless network. If a person has a two year old router, and the interface is bad, then that constitutes a defense in my book. If a person has a router where it asks you when you set it up whether you want to encrypt it, and has a wizard to do so, then that's no excuse to me.

Of course, the people who desire a legal defense while having open shared networks to the world would have to set up a proxy, or at least a banner stating that use of the network constitutes an agreement not to commit crimes....

Honestly, I don't know why you've had so many issues, but I would perhaps think that you're using equipment that's not designed well, or is old. Try updating your firmware-that made my DLink Airplus router much easier to work with. I had been under the impression that user interface has been making great strides lately, but perhaps it's only the name brands-DLink, Linksys (which is actually cisco, after all), etc...come to think of it, I dont' have much personal experience with netgear routers. I'll have to see if I can get one...

Even in that case, I generally don't have too much pity for people who buy cheap hardware just to save a buck or two-If you buy cheap, you have to expect faults in design. there's a reason it's cheap. I understand if you're on a budget, but at that point, in my opinion, you have to know that faults will be present-I may have all the reason in the world to buy a cheap used Ford Pinto. When it blows up on me, though, I won't complain, because I knew it was cheap. (not a slam against fords, but rather a comment based on the widely publicized pinto collision-explosions....)


This is the router I am using...

http://www.amazon.com/NETGEAR-RangeMax-Wireless-Router-WNR834M/dp/B000GJE86C

It is not cheap and it worked well when first installed... It was when I tried to deal with it acting oddly be resetting it that I ran into trouble... When I run the Wizard, it decides I have a fixed IP, which is not true... Hence, I can't proceed with the Wizard... When I try the manual option, it requires info that I either haven't found or am somehow entering incorrectly... I think I may know what the problem is and I will go at it again when I have time... I imagine I will sort it out or I will ask for help here if I don't...

My point is that most people out there would only be able to manage it if it works perfectly the first time and then continues to work perfectly... If it doesn't, they will probably either have people raiding their bandwidth or they will need to hire someone to come out and set it up for them... I believe they can set them up to work better than this and to be more secure out of the box, but I don't think the companies are invested in that, so they don't do it... To expect the average user to manage it anyway and to hold that user legally accountable for not doing it properly is not reasonable in my mind... Maybe in another year or two they will improve the automatic nature of it enough to work for almost everyone, but that will still leave a huge number of installed systems that are not protected...

As for the cost... If you are an average user and have no idea what a quality component is or what it should cost, why would you buy and expensive option if you didn't think you needed to??

To expect the average user to manage it anyway and to hold that user legally accountable for not doing it properly is not reasonable in my mind...What about my argument relating this to other aspects of people's lives? I don't mean to pick on you personally here, Budfred - I'm just using your quote to get back to my main point. :D

Are any of the laws surrounding HMO info for elderly people very "reasonable", either? Or how about DOT rules (here in the US) for vehicles? Aren't we all expected to completely understand the legalese on medical insurance policies and Fed/State rules for operating a vehicle? Aren't we legally responsible, and subsequently punished, if we don't follow the rules/laws regardless of our knowledge of them? If you get pulled over by the cops (again, here in the US) for speeding when you didn't see (or don't know) the speed limit, isn't the cop within the law for giving you a speeding ticket? I'm asking this in general because I'm lumping this all into one piece for reasonable laws and expectations. I don't see how an unprotected wireless network is any more or less "reasonable" than other demands in our every day lives.

For instance, I can't fix my own car! (And these days the dealerships don't want you to, either.) If something breaks, all I can do is take it in, explain the symptoms, and pay to have it fixed. For my grandparents, they don't understand all the legal cr@p that they are legally required to know before signing up for their new medical insurance coverage. I helped with that because they're family, but what if no one in my family could do that? Wouldn't they have to hire a lawyer or spend hours on the phone with the insurance company in order to understand it? What about setting up a wireless network? How is this any different in terms of reasonability or expectations if the average person has to hire someone to set it up properly?

We've established that there are not (yet) any solid or consistent laws when it comes to wireless networks or accessing them. We've all agreed on the morality aspect. But no one has yet offered me a compelling reason or argument addressing my main point.

How are reasonable expectations any different when it comes to wireless networks vs other aspects of our lives??

If a law is unreasonable, it makes sense to work to change it, not simply accept it... However, this is a very different situation... In this case, if the user's wireless is unprotected, there is a good possibility that the user doesn't even know that it needs to be... If you run into a problem with insurance, they notify you promptly, if cruelly... They also are mandated to provide all that legalese so that you know that there is something you don't know if you don't weed through it... The router companies make references to security if you take the time to wade through their largely incomprehensible manuals, but they don't really warn you what might happen if you don't sort it out, so most don't even call the professionals to find out how...

Again, my main point is that the companies that make the routers, the operating systems, the computers and so on need to take more responsibility for security or they need to put huge warning labels on everything saying that using this product can ruin your life if proper security is not in place... They are required to warn people that coffee is hot and can burn you -- it seems like this is at least that important...

Budfred-After doing a little research, I now understand exactly where you're coming from. Apparently netgear is the one with the hardest configurations, and stupidest gui. They apparently are still left behind in the stone ages of config options....

linksys is very good for config, though saphalline has had issues with reliability on a few, but the best I've seen is DLink-you know that starting wizard that worked well for you? the DLink configuration web interface that mine runs has a link to the wizard right on the home page. you can re-run it at any time. I looked at the instruction manual that came with your router, and was rather surprised and chagrined to see the following:
The configuration assistant wizard only appears when the router is in its factory default state, and access to the router does not require a login name or password. After you configure the wireless router (or bypass the configuration assistant wizard), it will not appear again, and you will have to log in to the your wireless router to make changes to it.
Ouch! that would be further evidence as to how behind the times netgear is. you should always have easy access to the wizard.

Of course, for user simplicity, Saphalline tells me the best hands-down that he's ever seen is the Apple Airport access points. The only problems he can see with them? $180 per, and you need a Mac to configure them. kind of limiting....

As far as the point you make concerning the expectation that a consumer would know they should go for the more expensive/specific brand, well, that's what I meant when I pointed out your sig-Caveat Emptor. do research, lest you get screwed in the end. You dont' buy a car without doing applicable research...you don't buy a computer without asking for opinions on brands...why would consumers think this is any different? Other than that, though, I do concede your point-Until it is normal that routers have easy interfaces, I suppose ignorance can be an appropriate excuse.

I'm also not certain how your response to saphalline addresses the issue though-in fact, I see that it rather reinforces what Saph was saying.

Your statements seem to be founded on the assumption that average consumers that purchase routers can't be expected to know that they should have encryption. If that is true, then from a certain point of view, I can see where you're coming from. but, for the sake of argument, you could also make that rule regarding people who drive in MN with earphones on. Did you know that that is illegal? My coworker found that out the hard way. Was the cop who issued that citation unreasonable in issuing him the ticket? It's hardly a well-publicized law. How about the computer users who take their computer in for repair, but don't read the waiver they sign. Are they still to be held to the terms of the contract?

On the other hand, I wonder if your assumption that people can reasonably be unaware of the need for encryption on wireless networks is accurate. My choir director, a 60 some year old russian technophobe that is quite happy with his celeron 333 at home and his appletalk network at college, regards me as his personal tech-guy. This is a man who didn't, until recently, realize that he can hit ctrl-x to cut, and ctrl-v to paste. He recently asked me to hook up his wife's laptop to their network wirelessly. He didnt' even realize he would need a separate router to do this, yet he asked me about putting a password on the network. He had heard of this via the news outlets.

The news outlets love making big deals of hackers. there have been entire cnn exposes and dateline episodes devoted to hackers, wardrivers, crackers, warchalkers, and all those nasty computer people who want to assimilate us all into the collective....(sorry, a little hyperbole...)

I believe that it is reasonable to expect consumers to do at least minimal research before purchasing something. Minimal research would uncover the need of encryption, or in laymans terms, "putting a password on the network".

That being said, another implication you make is that wireless router companies dont' suggest that you have encryption turned on. Take a look at the support web page for your router (http://kbserver.netgear.com/products/WNR834M.asp). Right on the main support page, there's a link to instructions on setting up security, as well as the link that states: "Don't Leave Your Router with Default Security Settings!" (their emphasis).

(by the way, before I forget, did you happen to upgrade your firmware yet? they may have addressed some of the issues you were talking about in your router. In fact, I was looking at the firmware updates you can do, and they fix many issues, including remote management, as well as several different functionality problems, like routing actually working, or web filtering working, or WEP working....you might want to look at that. I'm not impressed with that router...)

Now, I can see where you might think expecting someone to look at the support web site is too hard for the average consumer. I took a look at the manual, as I stated above, and on page 3-2, under the category of "Wireless Configuration," subcategory "Implementing Appropriate Wireless Security", I found the following statement Unlike wired network data, your wireless data transmissions can be received well beyond your walls by anyone with a compatible adapter. For this reason, use the security features of your wireless equipment.

Now, I dont' have access to the quick setup card they issued with the router, and I wouldnt' be surprised to see that they didn't include such a warning on that, this is in the manual. Given that the manual even has it's own acronym, RTFM, and is always just as legible (if not more) than legalese to the average person, I would think that it is not unreasonable to expect someone to read it.

Now, I will grant you that the companies really ought to realize that there are lots of people who are "ill-informed" out there, and include the standard, sad, pathetic warning stickers on the routers as they do on hair curlers (Do not insert into any oriface) or preperation H (do not take this orally). Why dont' they do this? same reason no one put "Warning: coffee is hot!" on a cup until someone sued someone else successfully; no one will think it's necessary till the threat of a lawsuit is imminent. This will likely go down the same path as the coffee stickers, or the warnings I've seen on credit card applications that tell applicants that "A credit card extends you a line of credit. This is not free money; you will have to pay back the money you borrow plus interest."

Yes, I quoted that. Yes, I've seen that statement. it is indelibly etched in my memory, as the first signal that I've ever had that our society is far worse than I thought, because if it's there, that means Someone raised a fuss becuase they didn't know a credit card had to be paid back!

Is it necessary? probably. Is it reasonable that people can get away with the ignorance plea just because they didn't read the first sentence of the section on how to set up their wireless router in the manual? Personally, I think not. If someone doesn't read the contract they sign, they're still held accountable. In fact, if I remember correctly, you have a contract you make people sign when you do work on their computer. It states what they can expect, and what is covered, and more importantly, what is not covered and what you are not liable for. How many people read that thoroughly? and when you have someone who didn't read the contract complain because you didnt' recover their data and yet are charging for your time, you enforce it, correct? or do you say, "oh, you didnt' read that, so you were ignorant of it. Sorry, I'll give you your money back."

The statement I quoted does, in my mind, make it plain what will happen when you ignore the warning: Other people will have access to your data. It doesn't elaborate on the legal issues you could be liable for, and I see the validity of arguing that they should elaborate more, though I don't think it should be necessary...

You also state that the insurance is mandated to inform you of a problem with insurance. This is only partly true. they are mandated to notify you only after a problem occurs. Just like the police are mandated to charge you with child pornography only after a wardriver downloads porn from your internet connection. in fact, one might say that in that case the police will "notify you promptly, if cruelly." I have much insurance experience though, unfortunately; my wife was a medical translator for several years, and waded through so much of the insurance world that she was on a first name basis with the complaints department. They very much enforce rules that are hidden in legalese, and you can't just say "I didn't know". the only way you'll get any leniency or mercy from them is if you get a decent-hearted manager on a good day.

in every other aspect in life, we are held accountable for our actions, regardless of our ignorance. the Cop who issued my coworker a ticket for having earphones, in fact, actually said "Ignorance of a law is not an excuse." The only time a warning gets put out is when a company realizes that Idiocracy is not just a movie...it's slowly coming true, and that they need to protect themselves from people who feel it's reasonable to sue for anything possible.

by the way, I just re-read my post, and wanted to add this (I'm too close to the 10000 char limit to edit it in...)

I'm sorry if this comes across as somewhat harsh, as I commented before, I tend to have a bit of a jaded view of humanity. I don't intend to be mean, and I certainly don't intend any of this as an attack on anyone. I actually am interested in other people's points of view, and enjoy finding out not only what people think, but why. That's why this is the only forum I enjoy reading-people here often have different views on stuff than I do, and actually tend to have reasoning behind their viewpoints. I do realize that I am opinionated, but I also realize my opinions are just that: opinions.

There will always be a state of flux when there is an introduction of new technology into our lives. Some laws introduced may stand the test of time or not. The walking-speed speed-limit for motor cars with a man carrying a red flag in front being one obtuse example.

The open access to wifi "hot-spots" (of which legal or illegal shared domestic wifi is just one example) is likely to be opposed as much by the telecoms and other similar corporations than by concerns about stolen bandwidth or the rather vague responsibilities of "leaving your front door open or access to your footpath made public".

Time will tell - nothing else will.

He He http://en.wikipedia.org/wiki/Locomotive_Act
The Locomotive Act 1865 (Red Flag Act):

* Set speed limits of 4 mph (6 km/h) in the country and 2 mph (3 km/h) in towns.
* Stipulated that self-propelled vehicles should be accompanied by a crew of three: the driver, a stoker and a man with a red flag walking 60 yards (55 meters) ahead of each vehicle. The man with a red flag or lantern enforced a walking pace, and warned horse riders and horse drawn traffic of the approach of a self propelled machine.

by the way, I just re-read my post, and wanted to add this (I'm too close to the 10000 char limit to edit it in...)

I'm sorry if this comes across as somewhat harsh, as I commented before, I tend to have a bit of a jaded view of humanity. I don't intend to be mean, and I certainly don't intend any of this as an attack on anyone. I actually am interested in other people's points of view, and enjoy finding out not only what people think, but why. That's why this is the only forum I enjoy reading-people here often have different views on stuff than I do, and actually tend to have reasoning behind their viewpoints. I do realize that I am opinionated, but I also realize my opinions are just that: opinions.

Actually, the issue that I see is that you are too optimistic about the abilities/interest of the average user... People who hang out here are not average... Most are in the upper ranks of IQ and most are way more sophisticated when it comes to computers than the average user... Most of the people I know want to know only as much as they need to in order to do what they want to do each day... Some get excited when they find out a new shortcut, but most get glassy eyed and tell me that they just want to know one way to do something, even if that involves 3 unneeded steps...

You are also talking about people knowing the law and following it... That isn't the case here... There is no law saying you have to make your router secure... There is a huge amount of media pressure saying that you need wireless and lots of routers available which claim to be extremely easy to set up and use... Or you pay the Geek Squad or FireDog to come and install it at considerable cost and you expect it will be done securely...

Remember, by definition, most people are average... Devices need to be designed for average people, not for PC Guide members...

As for my router -- Netgear was well rated and I did my research... Unless I went out and purchased each router available in the same range and did a head to head comparison myself, there would be know way to anticipate the problems I have encountered based on the reviews I saw... I had used a D-Link router that up and died on me one day so that it took me about half a day to figure out why I couldn't get online, so I wasn't really looking too much at D-Link...

As you may know, I do a lot of work with cleaning up infected computers and teaching others how to do that cleanup... My perspective is shaped by that... If you are a techie and you are willing to do a bit of research and setup some protections, you can mostly avoid getting infected or you use a virtual environment that protects your computer from more general infections if you choose to do riskier surfing... If you are an average user, you expect to turn on the computer and visit any site that you want without danger... Yes, that is unreasonable given the news and so on... However, if your eyes glaze over when computers are mentioned, you probably don't even get that from the news... My firm belief is that computers can be made much more secure out of the box and computer peripherals and software can also be made much more secure... If we continue to blame the user and expect some sort of evolved user to make good decisions about safe computing, we will not pressure the vendors to create safer products...

Cars are a good example of this... In the beginning of cars being used, the emphasis was on whether they worked and safety was an absurd concept... It took decades before they started putting seat belts in them and they were awkward to use so still many people removed them or still didn't wear them... Later they were linked to the starter so that the car wouldn't work properly until they were used, so people would fasten them and sit on them... The insurance industry began realizing that safety was the 73rd priority of the auto industry, just after making sure there was a jack in the trunk for flats, and that it was costing them money... They put pressure on the auto industry to improve safety... Society created laws and advertised the need for seat belts... The auto industry did research and created cars that would allow most people to walk away from most accidents, but that were difficult to manufacture, so they decided to use air bags instead... Air bags are a dangerous technology that can be very costly to the consumer, but they are automatic and they do save lives... Not an ideal solution, but one that you don't need to think about too much when you buy a car these days... You can still opt to disable safety features and make your vehicle much less safe that it is designed to be, but you need to be an advanced user to do that...

Computers need "air bags" built-in from the factory... And they no longer can take decades to get to the point when they are designed into computer technology... The criminals are out there raking in billions each year based on the porous nature of computer security... Even if only half of the market were blocked by "out of the box" security, it would make a huge dent in their ability to exploit the average user...

You can blame the victims or you can take action to protect the victims from the criminals... Put up street lights to make the streets safer or accuse the mugging/rape victim of using bad judgment for being out after dark... I am in favor of more street lights...

Actually, the issue that I see is that you are too optimistic about the abilities/interest of the average user... People who hang out here are not average...

I Think we've all been guilty of that Budfred.
I still find myself hoping that against the odds, some of the average Joes will actually read the instruction manual:D

I Think we've all been guilty of that Budfred.
I still find myself hoping that against the odds, some of the average Joes will actually read the instruction manual:D
what is this "instruction Manual" you speak of?

Society created laws and advertised the need for seat belts...So you're saying that the only difference between "reasonable expectations" when it comes to wireless networks vs other aspects of our lives is that there are laws in place for the latter but not the former? Is that right? In which case, it is generally believed here on the forums that law-makers are the only reasonable people in the world? Or simply that law-makers are the only people in the world capable of enforcing reasonability?

I'm just trying to understand where all of this fits into my question. That is, if anyone is even trying to answer my question to begin with! :p I mean, Paul Komski brought up a good point about extraneous laws that no one intends to enforce ever again ;) but I was talking about getting pulled over by the cops for speeding (which most definitely IS enforced!) so I don't know where that fits in. :confused:

All of these examples and explanations are based on concepts where unreasonable activity happened in the past and then laws were made to enforce reasonable activity. It is my belief that unsecured wireless networks are merely another example of this. When cars came out, laws needed to be made (and still need to be made) governing their use in areas of safety and liability. Same thing when trains first came out. Same thing with cigarettes - the Surgeon General's warning (here in the US) on the box had to be mandated by law! That little warning wasn't put there by default at the factory! :p

You're all talking about how there is no law for unsecured wireless networks and their use - not widespread and certainly nothing consistent. I understand that. I've stated this many many many times! I already know this! I'm saying (for a second time in this post alone!) that laws will eventually be made in this area, just like they were for trains & cars & cigarettes. If only because wireless networks are here to stay in our lives! Just like trains & cars & cigarettes! Just like convoluted medical insurance policies! We are already expected to follow laws that previous generations (prior to trains & cars & cigarettes & HMO's) probably would have considered "unreasonable". That's what I'm trying to say - unreasonable laws in someone's opinion have already been made! You look at wireless technologies and see no laws and assume that any laws would be unreasonable. Or maybe not, I'm not really sure here! Throw me a frickin' bone!

I'll ask my question once again:

How are reasonable expectations any different when it comes to wireless networks vs other aspects of our lives??

AJ, it's the one that comes with you when you when you are born. Problem is, it's usually thrown out with the bath water... :rolleyes:

So you're saying that the only difference between "reasonable expectations" when it comes to wireless networks vs other aspects of our lives is that there are laws in place for the latter but not the former? Is that right? In which case, it is generally believed here on the forums that law-makers are the only reasonable people in the world? Or simply that law-makers are the only people in the world capable of enforcing reasonability?That is a distortion of what I posted and I have said what I intended to say...

So be it. If you, or anyone else, does not wish to answer my question (or perhaps everyone thinks it should not or cannot be answered) then I'm fine with that. The only part of this that makes me upset is when you all pretend to answer my question but never actually do! No one has addressed my question!! You have all distorted what I have tried to say and ask. I do not like that. I imagine no one does! If I have done that in turn to anyone else, I apologize.

If everyone wants to drop/kill this thread, then that's fine. I won't post again unless someone else does.

How are reasonable expectations any different when it comes to wireless networks vs other aspects of our lives??

my answer: See www.dumbwarnings.com

So be it. If you, or anyone else, does not wish to answer my question (or perhaps everyone thinks it should not or cannot be answered) then I'm fine with that. The only part of this that makes me upset is when you all pretend to answer my question but never actually do! No one has addressed my question!! You have all distorted what I have tried to say and ask. I do not like that. I imagine no one does! If I have done that in turn to anyone else, I apologize.

If everyone wants to drop/kill this thread, then that's fine. I won't post again unless someone else does.
You are establishing a premise with the assumption that some of us are saying that and then asking us to defend it... If we are not saying it, why should we defend it??

How are reasonable expectations any different when it comes to wireless networks vs other aspects of our lives??I did a cursory read through the thread, so I'm not certain whether some of my post is duplicating what’s gone on before, or not...

I'm seeing reasonsable expectations as a two-sided affair, or in other words, those of the user and those of the manufacturer. I see these two groups’ expectations as decidedly different.

I agree with budfred that the majority of folks, at least initially, have no idea regarding the importance of Internet security, or for that matter, can even begin to tell you what it means. I submit that their "reasonable expectation" of risk when on-line, is that they are as safe as they would be going to the local library to do research, or retrieving mail from their mailbox. The departments in the library are clearly marked; fiction, non-fiction, reference, etc. And, mail is pretty much as clearly definable; advertisements, bills, personal correspondence, etc.

A reasonable expectation of "safety" is pretty much predicated and defined by one’s experiences vis-à-vis bad personal experiences, or those they've heard about happening to others. Even experiences regarding safety don't carry much import unless the danger is perceived as immanent.

When one walks out to their vehicle in the morning and finds the window broken and the stereo missing there's an eerie barrage of emotions such an experience elicits. Especially, I submit, if one has grown up in a literal community of trust. When the big city boy was farming in northern Minnesota and my rural buddy parked the truck with the keys left in the ignition I was alarmed. "Don't you worry someone will take the truck," I queried? My question provoked a curious look and response. "No, not at all. Besides, someone may need to move it."

I've taken a slight liberty to expand saph's question to include the element of "safety," which I think is what we're talking about for the user. From my examples above, I see safety, or the lack thereof, being defined by what is either a real or perceived threat to one’s safety. Experience tells me that the older the new computer/internet browsing individual, the less even a perceived threat exists. We’re, (oops, gave my age away) still learning to cope with the loss of anonymity with the introduction of caller ID. And for many of us, our VCRs flashed 12:00 for ages…

Internet ignorance isn’t confined to the older users as I’m sure budfred will attest. Granted, the word is slowly getting out about the importance of securing your computer both wired and wireless, but in my humble estimation, we’ve a long way to go…and the havoc from those who would exploit our ignorance abounds.

Therefore, with user ignorance heavily in mind, I’m leaning toward “those in the know” taking the lead and looking out for the less informed and vulnerable. I guess that would initially put the onus on the manufacturers of the components or software allowing Internet access to somehow educate and warn us. All US States require proof of proficiency before allowing us to get behind the wheel… I’m still trying to figure out how to attach a seatbelt with an Internet lockout to prevent browsing without security measures engaged… :rolleyes: