Or any common password shared by "open" networks. If enough APs intentionally adopt the same password then they are effectively open, just with the ritual step of having to enter a password.
Probably wouldn't fly in court; the whole idea behind requiring passwords is to be able to tie a person to the device connected to the network.
(I think it is a terrible idea to require this; however, chances are any scheme like the one you are proposing will be shot down in flames once the WiFi owner is dragged into court.
How does requiring passwords tie the user to the device? Sure, in a house for example, you have assurance that the only people connected are your family (or friends). But if you're at, say, Starbucks (and they change the pass every day), the only thing you'll know is that people connected visited that day.
If you require a username and password to access, then sure, you could track who is visiting what websites (provided you don't allow guest/guest like my high school did).
It's not very relevant to the current discussion, but there is a security advantage to requiring a public password vs totally open. For instance, a store could post a sign reading "Welcome to N Guy's Burgers; our WiFi password is 'N'".
You see, if the WiFi network is truly open, then client-to-access point traffic is open and can be sniffed by other clients on the network. But if the network is secured, even trivially as above, then each client's connection to the access point is individually encrypted and cannot be sniffed.
That means, if you needed any password to join the network, you needn't fear the questionable critter with the MBP in the corner (unless he's hacked the store's ISP or upstream from there).
I don't see how this is possible. With a shared secret, there's no way to authenticate the AP. No auth means no defence against MITM. What am I missing? It might be harder to sniff but it's just a tool away, right?
Not true, unfortunately. The session key can be obtained as long as the attacker can capture the initial handshake (and they can send deauth packets to force the client and AP to handshake again). Wireshark does this decryption out of the box, just insert the Wifi password: https://wiki.wireshark.org/HowToDecrypt802.11
From this angle it will be interesting to see why someone should be responsible for protecting someone else property. For example parking owner that is not having security being sued by a stolen (downloaded) car owner.
Just a nitpicky detail: This not about citizenship but actions happening in a certain country. A German citizen in, say, Sweden would not be subject to this German law while a Swedish citizen in Germany would.
Open wifi networks feel to insecure, I'm sure intelligence agencies have all their fingers on it, or at least the companies leasing those service must make a good feast of snooping on their users.
Seeing terms of agreement for a wifi network is a bad enough sign.
One of the few plus sides (debatable) of being governed by morons is that they are not capable of coming up with clever solutions to the problems they make.
EFF's editorialized headline is not meant to be interpreted literally. Quoting directly from the verdict
> password-protecting the internet connection, provided that those users are required to reveal their identity in order to obtain the required password and may not therefore act anonymously
The whole question by the way was not settled by the court but referred back to lower instances and is not something that will have to be answered uniformly across the EU. The court merely found that such a law would be allowed under EU rules.
If the requirement is just to have the user reveal their personal identity before using the network, and nothing is said about keeping that info afterwards, then something like this would be possible: ask the user for their personal info, handle them a hash that would work as a password to reconnect to the network within a short time window, and past this time forget said hash and the user info.
Modern routers should be powerful enough to create an open network and route all it's traffic trough Tor, maybe with a bit of DNS caching plus hostfile adblocking in the middle.
That is basically freifunk.
It is a openwrt router firmware with open wifi and all traffic is routed through VPN outside of Germany to circumvent the legal bullshit.
> Copyright trolling has history in Germany, where lawyers have leveraged the 'formal system of notice' for cease and desist letters (abmahnungen) into a shakedown system against millions for alleged copyright infringement online.
Is this true... millions? With only 80 million people in Germany, it seems like if copyright trolls were shaking down millions of people, it would more or less involve every single organization and household in the entire country.
I'm not sure where that number comes from. Every year around a hundred thousand of such letters get sent (with a downward trend and half of that from a single law firm). But I'd say the vast majority of internet users in Germany is aware of their existence.
Edit: After looking up some more data, at the peak in 2010 there were estimated around 500k of those letters and the million bar was likely crossed.
These are estimates made by looking at data published by both the law firms that specialize in sending out those letters and those that defend users against them. The latter ones are in a parasitic relationship and also profit from the whole thing.
So take this with a grain of salt as both would likely overestimate.
I have no problem believing it's millions. I know many people who got one, some deserved, some not. Last year my mom got one. She died in 2012.
It's also worth noting that these letters cost about 1000 Euros each, there is almost nothing you can do about them, and they require not the slightest bit of evidence that you actually did anything wrong.
Here [1] is a fairly exhaustive examination of this scam...mind boggling..here is a sample
"In cases involving peer-to-peer sharing of music files, the value of the claim was regularly set at €10,000 per file by the rights-holders...Recipients of Abmahnungen often pay the costs without consulting a lawyer, or negotiate a settlement themselves. There is a noticeable tendency to pay rather than challenge the claim..."
and
"the evidence collected about the infringement will only identify the IP...This IP address needs to be matched against the subscriber to whom it was allocated at the time of the infringement...by way of a judicial disclosure order...[in which] German courts are rather reluctant to engage in an assessment...[for instance] within 9 months in 2009, 2824 disclosure orders were sought in Cologne alone, each relating to several hundreds of IP addresses."
Yes, it is absolutely correct. It happens so frequently that I actually know several friends of mine who had to pay for downloading a video or a music album. (about $800 to $1000 - but there are limits now on how much you can be charged for an illegal download - I believe it is 150€ or something like that)
It's bad but on the other hand I also do understand copyright holders who see their product being used for free without receiving payment in return.
It's a grey area in most countries because so many people (me including) do this that laws become basically unenforceable. It's not surprising that Germany is one of those countries where this can be enforced.
One thing that these lawyers like to do is to target people downloading porn, because very few of them are going to fight back on that risking that it gets publicly known what kind of porn they are into.
I don't think so, it is surely within ISP's capabilities to log who had which dynamic IP at what time, and it is known that the government wants this data to be stored and available for it's own use.
I've seen an article here linked yesterday where the EU will make it mandatory for WiFi networks to use password authentication. So when you say how about people that have dynamic IP's or how about people that only access public WiFi networks the government will always find a solution by passing a law that restricts access to those who have authenticated (and therefore made themselves trackable in some way)
These restrictions are never implemented for your own safety but instead they claim it is for the safety of the businesses providing these services. How is it for the safety of these businesses? It's because the government implements a framework which makes ISP's and public WiFi network providers liable for damages caused by their users.
So the government has a problem in its never ending quest for more power caused by people doing stuff they don't want them to do (and frankly, in the case of the Internet it is by nature very often exchange of some kind of information or knowledge) so they create liability issues for businesses that enable their users to do these things.
It's in P2P networks (e.g. BitTorrent), where people share content. While you download, you offer what you already have downloaded and that's associated with your IP. And that's their attack vector: you're distributing copyrighted content without a license.
After that file hosters (e.g. Rapidshare) became popular, where only one person is uploading and the downloaders are hard to identify and even harder to sue.
For future reference, there is a contact link at the bottom of the page if you wanted to ask the mods a question directly. In my experience they're very responsive.
"Passport-protected open network"...heh, that reminds of the "anonymous functions" in PHP (the ones documented with the sentence "Creates an anonymous function from the parameters passed, and returns a unique name for it") :D
France has passed a law making an open wifi owner responsible of "negligent security", a legal offense. I am not aware of a single ruling about open access wifi.
I used to groan and add a password to my open wifi but then I saw one of the MP who actually voted the law who marveled, during a trip in S.Korea that he could connect without hassle to open wifis. "In France we always have to register, what a pain! Why do we make things complicated for ourselves?"
Reading that, I decided that open wifi respected the spirit of the law, and that stupid guy (Thierry Mariani, for those interested) could probably quoted before a tribunal to argue exactly that.
So Germany bans WhatsApp from collecting data on its users(whether you agree with this or not, at least WhatsApp provides a service with some utility). Yet, not less than a week later, demands that WiFi operators collect data on its users for the RIAA/MPAA.
Don't let the name copyright owners fool you into thinking that this is about actual content creators. The case that in question is Sony vs. Some German Open WiFi operator. Bravo EU! Middle men with sophisticated lobbying experience can get access to user data, but actual content and platform creators can't.
It's clear to me that the EU doesn't truly care about user privacy. They just have an irrational bug up their ass when it comes to American tech companies.
> It's clear to me that the EU doesn't truly care about user privacy. They just have an irrational bug up their ass when it comes to American tech companies.
I don't think it cares about anything. It's just a huge bureaucracy machine. So huge, that even if all participating agents would be rational (which we are so far away from), just a simple communication lag between people (all organizations in different countries, governments and subdivisions) would make it hard to reach any rational consensus.
By that logic almost every organisation should have a private wine cellar. Normally when entertaining you buy wine from suppliers on demand, not build up an enormous stash yourself.
But it's not the fact that they have drinks on site that surprised me. It's the vast quantity. The entire stock of all drinks including non-alcoholic drinks you point to is worth only about £30,000 vs the EU which has over 40,000 bottles of wine alone. I'd guess the value of the EU drinks cabinet is thus at least 10x great, probably more like 50x-100x greater. It's reflective of a wider problem with incredibly profligate spending on luxuries for EU staff at a time when most European governments are trying to cut their spending to manageable levels.
Most EU countries have free & open wifi hotspots. This is not an EU thing, it's a German thing. All the EU court said is that it's not illegal for Germany to have that law.
It's also not true that Whatsapp was banned from collecting data on its users, only that it can't share that data (most of which collected before the sale) with Facebook without explicit agreement.
As pointed out by other fellow HNers, you're wrong, but that didn't stop you from pushing your own agenda while complaining about the EU having an agenda against American companies.
Trust me, the EU is not against American companies. They're just beside the EU citizens.
Sigh. No. They don't demand that WiFI operators collect data on it's users for the RIAA/MPAA. It's right there in the first paragraph: The ruling says that after being informed of copyright infringement, you can be ordered to restrict access to registered users, if you want to avoid being held liable.
> They just have an irrational bug up their ass when it comes to American tech companies.
No, they don't. The difference between WhatsApp and RIAA/MPAA is that US is willing to project its political might over the latter, which creates a bit of a problem for opposing them. EU is trying, but it has to be done in a careful way in order to not piss USGOV too much.
I still don't get it why they did this. So some of the obvious problems: passwords are saved so I can use the wifi anytime, I can tell the password to others, even if they keep track of users with 30 concurrent customers it doesn't matter if they ask for names.
That's something that has been discussed again and again in German politics, but no government clearly wanted to say "Free Internet is worthwhile enough to allow protecting it from 'illegal' activity, even if it can't offer the the log data a traditional ISP can".
So now we have a bunch of rules that only apply if you something to stop it, but it doesn't really matter if that is actually effective, and how much that something hurdle is depends on what court or politician you ask. Maximum uncertainty for small operators, so it's mostly a few larger commercial operators and some enthusiasts with VPNs. And a lot of places without wifi that would have it in other countries.
And it’s only an issue with the CDU on federal level prohibiting any move towards it, often with contradictory arguments why.
Evil tongues claim that they just want to protect T-Mobile’s business, being corrupt.
Luckily, on state level that’s not yet an issue, the parliament of Schleswig-Holstein just approved a test project of running some Freifunk nodes on/in public buildings, and a local company has started putting up free hotspots everywhere in Kiel.
Eh, I somehow feel like the federal SPD is just so positive on the topic right now because they know the CDU will work against them anyways.
I hope pressure and organization from state or city level will help somewhat. Public organisations can provide similar shields as the commercial providers do right now, and once somebody makes a state look stupid the federal level will have more of an incentive to fix it.
The disintegration of the European Union needs to accelerate. The non-democratic powerful elite junta known as the EU is increasingly passing policy goals which ultimately serve only the elite minority. Our rights our being eroded, chipped away a little bit at a time like sand being carried away by flowing water. We must resist these policies and rebuild a stronger foundation for our civil liberties, including a truly free Internet. We need to return to stronger local governance and a more decentralised power structure. What we are seeing today is a consolidation of power and the emergence of a singular totalitarian state. https://en.wikipedia.org/wiki/Democratic_deficit_in_the_Euro...
Arbitrary circuit breakers added to circumvent dissenting opinions. Article 7 TEU. "Far-reaching sanctions" can be exerted, and a country can be stripped of all voting rights in the EU and have funding blocked. In January this year, Frans Timmermans, the first ever unelected Commission "vice president," who is in charge of "human rights," triggered the mechanism for the first time against Poland’s government which came to power in a record-breaking, landslide election in 2015. http://ec.europa.eu/justice/effective-justice/rule-of-law/in...
"If freedom of speech is taken away, then dumb and silent we may be led, like sheep to the slaughter." - George Washington. Or more recently, led straight into the gas chambers for a nice "hot shower."
We must ask ourselves what is the end game here? Dissenting opinions are now often twisted into being labeled as "hate speech" and "racism." Europe has already experienced the suppression of free thought and expression with the fall of the Roman Empire. What followed was a chilling effect which lasted 1000 years. Do we want to go down this road again?
Good points. My goal is to provoke the readers and their friends to start asking questions and not to provide conclusive evidence or solutions to these problems.
reply