There's been a lot of discussion about "wifi theft" recently. This tends to revolve around people using someone else's wireless network to connect to the Internet. This has arisen because many wireless routers, by default, don't have any kind of password protection set, so if you don't change the default settings, anyone within the signal area can connect. When someone does, this is what is generally referred to as "stealing wifi".
However, I don't think that's what is going on here.
Imagine you have a coffee machine in your office, and that one day you go to it and push the button for a latte. Now either the machine will flash up a message telling you to put some money in, or it will spit out a latte. Now, you haven't put any money in, but would anyone accuse you of stealing the latte? Maybe the machine has prices printed on the front. Maybe it doesn't. Maybe it's supposed to be set up to be free. You don't know. All you know is that there's a latte sat in the dispenser that you haven't paid for. Great! Free coffee! Always a bonus.
So what if I'm sat in a coffee shop with my laptop (it's been a couple of hours since my last cup and I apologise for the beverage related analogies), I search for a wireless network, one pops up and I click 'Connect'? Two things might happen: I may get asked for a password, at which point I've been made aware that I do not have permission to use this network, as I haven't been given the password; or I may connect to the network, and hence the Internet. At no point have I done anything malicious.
What's the difference between these two cases? I'm not seeing one. There was a possibility in each case that something would restrict me, and it didn't. As far as I'm concerned, the coffee machine has granted my request for a latte, and the router has granted my request to connect. Where is the crime?
Note I'm not talking about any form of malicious attack where one sniffs out passwords or spoofs IPs in order to connect to the network. I've simply requested a connection and been granted one. It would have been very easy for the person setting up the router to set it to either need a password, or not to accept unknown MAC addresses, but it hasn't. Now I'm using someone else's Internet connection.
The thing is: they've allowed me to do it. A computer does not force a router to accept its request for access. It asks for it politely. The router in question has granted my computer's request. Whether the person paying for the connection is aware of it or not, he has given me permission to use his wireless network.
I'm not saying that the current scenario is how it should be. I'm of the opinion that routers should be set up to ensure some form of security is available, precisely because of this kind of vulnerability. My point is that I don't think it can be illegal to connect to an open wireless network. It may be illegal for the owner of the network to allow me to use his Internet connection, but that is not an issue that I have to deal with. As far as I'm concerned, I've been given permission, so it's OK.
So is there any evidence that it's possible to steal something you've been given by the owner? I don't think so.
However, I don't think that's what is going on here.
Imagine you have a coffee machine in your office, and that one day you go to it and push the button for a latte. Now either the machine will flash up a message telling you to put some money in, or it will spit out a latte. Now, you haven't put any money in, but would anyone accuse you of stealing the latte? Maybe the machine has prices printed on the front. Maybe it doesn't. Maybe it's supposed to be set up to be free. You don't know. All you know is that there's a latte sat in the dispenser that you haven't paid for. Great! Free coffee! Always a bonus.
So what if I'm sat in a coffee shop with my laptop (it's been a couple of hours since my last cup and I apologise for the beverage related analogies), I search for a wireless network, one pops up and I click 'Connect'? Two things might happen: I may get asked for a password, at which point I've been made aware that I do not have permission to use this network, as I haven't been given the password; or I may connect to the network, and hence the Internet. At no point have I done anything malicious.
What's the difference between these two cases? I'm not seeing one. There was a possibility in each case that something would restrict me, and it didn't. As far as I'm concerned, the coffee machine has granted my request for a latte, and the router has granted my request to connect. Where is the crime?
Note I'm not talking about any form of malicious attack where one sniffs out passwords or spoofs IPs in order to connect to the network. I've simply requested a connection and been granted one. It would have been very easy for the person setting up the router to set it to either need a password, or not to accept unknown MAC addresses, but it hasn't. Now I'm using someone else's Internet connection.
The thing is: they've allowed me to do it. A computer does not force a router to accept its request for access. It asks for it politely. The router in question has granted my computer's request. Whether the person paying for the connection is aware of it or not, he has given me permission to use his wireless network.
I'm not saying that the current scenario is how it should be. I'm of the opinion that routers should be set up to ensure some form of security is available, precisely because of this kind of vulnerability. My point is that I don't think it can be illegal to connect to an open wireless network. It may be illegal for the owner of the network to allow me to use his Internet connection, but that is not an issue that I have to deal with. As far as I'm concerned, I've been given permission, so it's OK.
So is there any evidence that it's possible to steal something you've been given by the owner? I don't think so.
No comments:
Post a Comment