Foregoing WEP and WPA


in Geek stuff, Internet matters, Security

Bruce Schneier, the security guru and internet sensation, has been suggesting that people unlock their wireless networks. Given the constant and well-justified anxiety that exists about computer security, it is unconventional advice. That said, he argues effectively that the risks are fairly limited and that it is a neighbourly thing to do. Who hasn’t benefitted once or twice from the availability of an open wireless network? They were invaluable during my early weeks in Ottawa: allowing me to access Craiglist, Google Maps, and other vital apartment-hunting data while I was out there searching.

I am going to try leaving my wireless network open for a couple of weeks. If it doesn’t seem likely to burst my 200GB monthly bandwidth cap, I will leave it that way indefinitely. Hopefully, it will transpire that others have done the same when I start hunting around for a quieter flat in a more interesting neighbourhood this spring.

Report a typo or inaccuracy

{ 18 comments… read them below or add one }

Milan January 10, 2008 at 1:43 pm
Milan January 10, 2008 at 1:48 pm
Milan January 11, 2008 at 10:20 am

Why it’s good to leave your WiFi open

By Cory Doctorow on If you don’t like something change it

Bruce Schneier has a wonderful essay up on Wired explaining why he runs an open wireless network at home — and how that fits in with security. I’ve run open wireless networks since the late 1990s (in five cities in three countries) and I’ve never encountered the problems that everyone says are inevitable — network contention, crap from my ISP, busts for the child-porn my neighbors are downloading from my network.

Instead, I’ve provided network access to innumerable people — people like me: I can’t count the number of times I’ve had my ass saved by an open wireless network at the right moment (e.g., in good time to help me look up directions, a phone number, or flight details). I figure the more open wireless I provide to the world, the more people I’ll turn on to providing their own open wireless access, and the more open WiFi I’m likely to find.

Padraic January 12, 2008 at 9:03 pm

I called in to CBC Radio’s Spark to defend *using* unlocked wifi and got criticized by all the other callers…although I was only operating under the assumption that no one would do so intentionally.

Litty January 12, 2008 at 10:16 pm

Very generous. Where in Ottawa do you live, again?

Milan January 12, 2008 at 9:28 pm


I can understand the skepticism of others. I am heeding Schneier’s advice and running it open for a while. Naturally, I am tracking what happens across my network.

We will see how sensible it proves in retrospect.

Tristan Laing January 12, 2008 at 11:51 pm

What’s wrong with organizations like Free Toronto WiFi, where you are asked to leave your internet open, but people can access it only at the cost of revealing some personal information in an account. Their usage can be traced, presumably for the purposes of preventing abuse.

Milan January 13, 2008 at 12:11 pm


It doesn’t sound like anything is wrong with that. People really worried about abuse could set up monitoring systems on their home networks.

It is easy enough to use a Mac program like Eavesdrop to watch the traffic on your wireless network. Anything not encrypted comes up as clear as day.

. January 15, 2008 at 10:54 am

Security Expert Leaves His Own Wi-Fi Network Wide Open

By Glenn Fleishman

I don’t advise opening your home network because securing your desktop computers and even laptops is so much of a hassle most of the time, that simply disabling local network access—over which more attacks can be launched because many firewalls consider the local network a trusted network and lower their defenses—is the lowest-hanging fruit for average users’ protection.

. January 15, 2008 at 10:55 am
. January 15, 2008 at 10:56 am

Why it’s good to leave your WiFi open
Posted by Cory Doctorow, January 10, 2008 10:18 AM | permalink

Instead, I’ve provided network access to innumerable people — people like me: I can’t count the number of times I’ve had my ass saved by an open wireless network at the right moment (e.g., in good time to help me look up directions, a phone number, or flight details). I figure the more open wireless I provide to the world, the more people I’ll turn on to providing their own open wireless access, and the more open WiFi I’m likely to find.

. January 15, 2008 at 10:57 am

Bruce Schneier Has An Open Wi-Fi Network
from the share-and-share-alike dept

If you’re a complete networking neophyte (not that many of those probably read Techdirt), you should probably get some advice from someone more technically savvy about good Internet security practices. Actually, you should do that whether or not you choose to open your wireless network. But on the list of potential network security threats, an open wi-fi network is probably pretty low on the list.

. January 15, 2008 at 10:58 am

Open wireless. Oh my.

I don’t have a DHCP server running, so anyone who wants to use my wireless needs to configure a static address on the correct subnet. I’m happy to do this for guests who don’t know how, but drive-bys are strictly on the do-it-yourself system.

. August 22, 2008 at 10:41 am

There are few forces more powerful
than geeks desperately trying to get
internet in a new apartment.

. November 6, 2008 at 11:12 am

WPA cracked in 15 minutes or less, or your next router’s free

They always knew it could be done; that a hacker with enough time and processing power could watch your WPA-protected wireless network and, eventually, decrypt your precious datas. In under 15 minutes, though? “Inconceivable!” those hypothetical security experts would say — but they’re about to get a lesson from WiFi wizard Erik Tews. He’ll be giving a presentation next week at the PacSec Conference in Tokyo, describing the “mathematical breakthrough” that, he says, enables him to crack WPA-TKIP in 12 to 15 minutes.

. March 25, 2012 at 2:09 pm

As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: ‘The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.’ While some people may like having an open WiFi AP its interesting to see that the Police also feel that ‘Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'”

. November 8, 2012 at 4:12 pm

The Electronic Frontier Foundation is stepping up its open wireless campaign, which encourages people and businesses to leave their Internet connections open to the public, and offers advice on doing this safely and sustainably. As EFF points out, most WiFi networks are latent for most of the time, and there are a million ways that leaving your network accessible to passersby or neighbors can really help out, from emergency access during disasters to the urgent need to send an email, look up a phone number, or check directions. EFF’s Adi Kamdar writes,

. October 16, 2017 at 12:41 pm

KRACK! Wifi’s go-to security, WPA2, is fatally flawed, and will probably never be patched in many places

US CERT has privately circulated an advisory warning key stakeholders about the imminent publication of Key Reinstallation Attacks (KRACK), which exploit a heretofore unknown flaw in the WPA2 wifi security protocol, allowing attackers to break the encryption and eavesdrop upon — and possibly inject packets into — wireless sessions previously believed to be secure.

The bug was discovered by Mathy Vanhoef and Frank Piessens of KU Leuven, who hinted at their findings during a presentation at last summer’s Black Hat in Las Vegas; they are presenting their expanded findings this morning at the ACM Conference on Computer and Communications Security in Dallas, and have made further details available at

New KRACK Attack Against Wi-Fi Encryption

Mathy Vanhoef has just published a devastating attack against WPA2, the 14-year-old encryption protocol used by pretty much all wi-fi systems. Its an interesting attack, where the attacker forces the protocol to reuse a key. The authors call this attack KRACK, for Key Reinstallation Attacks

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

{ 1 trackback }

Previous post:

Next post: