The Privacy BlogThoughts on privacy, security, and other stuff.

CAT | Wi-Fi

Apr/14

3

Don’t be an Ostrich about open Wi-Fi

Wi-Fi router with lockBack in 2010 I blogged about Google’s legal troubles over capturing sensitive open Wi-Fi data with their Street View cars.

In a nutshell, Google was accused of violating the federal Wiretap Act when it intercepted the data on open Wi-Fi networks it passed. The purpose was to capture just the MAC addresses of the base stations to improve their enhanced location services. It appears that recording small amounts of data was accidental. Certainly if they were trying to collect data, they could easily have grabbed much more.

Google lost that case and is now appealing to the Supreme Court, hoping to overturn the decision.

Obviously it was inappropriate for a company like Google to drive around sniffing people’s Wi-Fi traffic, but they are not really the threat. What we all need to be worried about is hackers war driving our neighborhoods, either using our networks to hide their illegal activities, or capturing our personal information for their own purposes.

Whatever the legal outcome of whether it is “OK” to sniff someone’s open Wi-Fi traffic, the reality is that people do, and doing so is trivial. Anyone with a laptop can download free software and be sucking down all the Internet activity in their local coffee shop in just minutes. I think laws like this give a false sense of security. It is like saying that, as you walk down the sidewalk, you can not look in through your neighbor’s big picture window at night when they leave the curtains open.

Thinking that people are “not allowed” to sniff your open Wi-Fi just gives a false sense of security. What we need to do is make sure that ALL Wi-Fi is securely encrypted. Even public Wi-Fi should be encrypted, even if the password is “password” and is posted prominently on the wall. Using encryption changes the situation from looking though a window as you walk by to drilling a peep hole through the wall.

None of should be in denial about this. Open Wi-Fi is insecure. It will be sniffed.

If you find yourself in a situation where you have to use an open Wi-Fi hotspot, for whatever reason, make sure you immediately establish a VPN to protect yourself. I might be biased, but I use Anonymizer Universal for this purpose.

Lance Cottrell is the Founder and Chief Scientist of Anonymizer. Follow me on Facebook, Twitter and Google+.

·

Play

Welcome to the 12th episode of The Privacy Blog Podcast brought to you by Anonymizer.

In September’s episode, I will talk about a court ruling against Google’s Wi-Fi snooping and the vulnerabilities in the new iPhone 5s fingerprint scanner. Then, I’ll provide some tips for securing the new iPhone/iOS 7 and discuss the results of a recent Pew privacy study.

Hope you enjoy – feel free to add questions and feedback in the comments section.

· · · · · · ·

Play

Welcome to Episode 11 of The Privacy Blog Podcast, brought to you by Anonymizer.

In this episode, I’ll discuss the shutdown of secure email services by Lavabit and Silent Circle. In addition, we’ll dive into the problem with hoarding Bitcoins and how you can protect yourself while using the increasingly popular online currency. Lastly, I’ll chat about whether teens actually care about online privacy and an ad agency’s shocking decision to use high-tech trash cans to measure Wi-Fi signals in London.

Please leave any questions or feedback in the comments section. Thanks for listening.

· · · · · · · ·

Play

Welcome to our November 2012 podcast. In this episode, I’ll be talking about the tactics websites use to charge one customer more than a customer in a different city, state, or country. After that, I’ll discuss the dangers of using the Internet while on the road – as many of you are likely to do this holiday season.

Don’t miss our video showing how your Facebook account can be compromised on an unsecured connection. Follow this link to Anonymizer’s site and select ‘Video 2′.

Download the transcript here.

· · · · ·

CNET’s Declan McCullagh reports on Microsoft restricting access to their Wi-Fi geolocation database shortly after this CNET article describing how to track devices using such databases. I have written about these databases before here, here, and here. Specifically Microsoft is preventing users from querying for the location of a single Wi-Fi device by specifying just one MAC addresses. Prior to the change it was possible to track an individual phone or laptop by querying for the location of that device’s MAC address.

CNET describes a test where they were able to track a device as it moved around Columbus Ohio. This would indicate that the underlying database is updated in near real time, and that it is collecting on mobile devices as well as on the fixed Wi-Fi base stations it is supposed to catalog for enhanced location services.

Tracking mobile devices can only harm the accuracy of enhanced GPS location services because they move around and could potentially give misleading information. It would be easy to eliminate such devices from the database because the type of device is discoverable from the MAC address they are collecting.

While there is no reason to track mobile devices for enhanced GPS, there are all kinds of less savory reasons to gather and track this kind of information. I note that Microsoft’s solution is to prevent access to this individualized tracking information about mobile devices rather than to stop collecting it…..

· · · · ·

Older posts >>