Hijacking a broadband connection

That is an opinion, not a legal ruling.

Paul.

In this case, the type of property is often offered freely to all, without indication.

When a certain type of product is often given away for free, an owner of the product that decides to not give it away, needs to make it clear that they are not giving it away, either with a sign, or with some sort of security.

Analogies are tough on this one. Maybe air and water from a gas station. Many stations give it away free, even to non-customers. If free use got out of hand, then the gas station would secure the air and water station, and require a token to activate it, as some gas stations have done. But normally the gas station that does give it away to anyone, does not post a big sign that says "free air and water," they just leave it available for anyone that wants it, because it's more trouble than it's worth to secure it. Everyone just knows that unless it's secured, or unless their is a sign that says "customers only" that it's okay to use it.

Of the unsecure wireless networks I can pick up from my house, I happen to know that some of them are offered freely, even there is no indication in the SSID that they are free, while others are probably just the result of the laziness of the owner to setup a secure network.

Many of the intentionally free wireless networks do not give any indication in the SSID that they are free. Nor do the unintentionally free networks give any indication in the SSID that they are not free.

Windows makes it worse by simply connecting to the insecure network as if it is available to anyone, with only a warning that the data sent over the insecure network may not be secure.

There are so many intentionally free wireless networks, especially in some areas, that the presumption is that any unsecured network is available to anyone that wants to use it.

Very creative snipping.

"SSID is set by a network administrator and for open wireless networks, the SSID is broadcast to all wireless devices within range of the network access point."

This is precisely the point. If the SSID is broadcast, then it's an open wireless network. If the network is not intended for open access then either the SSID is not broadcast, and/or the network is secured by WEP, WAP, or MAC filtering. The quick-set-up instructions of wireless routers explain exactly how to do this.

If someone turns on their notebook PC and it automatically connects to an unsecured wireless network, it is not their responsibility to know if it is one of millions of free access wireless networks, or if the owner of the network simply neglected to set up security.

Easy.

You are broadcasting the presence of your network outside of your premises. You are explicitly inviting people to use it, especially if you do not put any security around it.

If you *don't* want people to use it, you would a) not broadcast it and b) put security around it.

It's the direct equivalent of putting "help yourself" in front of a pile of goods you leave outside your property boundary. It is

*exactly* the same as that.

No. It is nothing like that at all. Not remotely like that.

Paul (all IMO, of course)

And *if* the user can discover the Internet IP address that the wireless network is using - which is not at all straightforward. (It is not usually the IP address allocated to the wireless client).

And you clearly have no concept of boundaries, broadcasting and the implications thereof.

Paul.

That is a terrible analogy. Few people ever intentionally leave access to their home open to anyone, but many people, and businesses, intentionally leave access to their wireless network open to anyone, with the express intention that anyone that wants to use it, may use it.

Find another analogy, if you can, because the garage analogy doesn't apply here. It's not easy to find an appropriate analogy of something that is often intentionally supplied to the anyone that wants it, at no charge, that is also often not intended to be available at no charge. Especially when it's something that is not really 'used up' by providing it at no cost.

The bottom line is that there are two types of unsecured wireless networks, and both types are widespread:

1. Unsecured wireless networks that are intended to be available to anyone that wants to use them.
2. Unsecured wireless networks that are not intended to be available to anyone that wants to use them.

The operators of the first type are either altruistic, or they are a business that sees an upside to providing free access.

The operators of the second type are either lazy, clueless, or don't really care if someone else uses their network.

It's further complicated that the predominant computer operating system will simply automatically connect to an unsecure network, without the understanding of the computer user as to what is happening and why they suddenly have internet access.

When I set up my home wireless network, and those for relatives, I secured them because I was more concerned that someone might use them for nefarious purposes, than I was concerned about the bandwidth that they would use up. In the U.S., the last thing you want is some pervert using your network connection, since the police will come knocking on _your_ door, and confiscate _your_ computers and servers, while they investigate.

Actually... I've worked in the communications industry for more than 40 years, and have a *very* well developed understanding of exactly those implications.

There are a lot of people who get the idea that "broadcast" means you can do what you like with it, but the legal facts are that it is not true.

It is also not true that the term "broadcast", when applied to the SSID, is the same as you think it is!

As I've noted previously, if you broadcast your SSID it means you guarantee that it is visible at short intervals. If you

*don't* broadcast the SSID, then it is *still available* (and still fits the *legal* definition of a "broadcast", but the intervals are dependant upon traffic usage. Either way you are "broadcasting" your SSID to whatever extent the range of your wireless coverage allows.

The significance, and the reason it is called a "broadcast", is that legally a third party can *use* the information in a broadcast. Hence you and I can discuss the fact that my neighbor sends out an SSID of "ONE-CALL". One the other hand, the data in his normal traffic packets is *not* a "broadcast", but is a private communications and legally if either one of us happens to gain access to that data it is illegal to use it or divulge it to another party.

In the US, of course. Exactly what the technical differences are in the UK I am not sure, but I doubt they are major.

Likewise in the US it is illegal to gain unauthorized entry to a computer; hence connecting to a WLAN and actually accessing any other host on it is a crime.

There is an expectation that some things in society are often not charged for. A store with a water fountain and restrooms doesn't put up a sign saying "free water," or "free restrooms." If a store doesn't want the public using their restrooms they will put up a sign "no public restrooms," or "restrooms for customers only," or require a coin or token to use the restrooms. It is the responsibility of the owner to make sure that it is obvious that they don't want you to use it, since in most cases it is intended that you be permitted to use it without asking.

The same applies for wireless. Wireless is often not charged for, and there is an expectation that it is okay to use an available wireless network, unless the owner says otherwise; the way they say that it's not okay is by requiring a key.

To call that utter bollocks is being far too polite about it.

The possibility the courts might agree with your ridiculous sentiment is pretty close to nil, IMO.

It isn't even remotely close to that. It is the same as leaving your gate open, *nothing* more.

If all routers were delivered with the defaults et up being to hide the SSID, then that might have *some* merit, but not much.

Given the fact that every router I have come across has factory default setting of displaying it, and no warnings in the manual that you should hide it, I would expect the majority of people have not done anything with it.

That absolutely does NOT mean that most people are inviting anyone who wants to share their connection.

IMO, your attempts here are just an attempt to justify theft.

Yes it is.

Putting encryption on is like locking the door. Hiding the SSID is like camouflaging the door.

How would you know, since he has demonstrated a *far* better understanding of the implications than you have?

A *lot* of people don't lock their doors. I lived in a house for 20 years that didn't even *have* a lock on the door.

And if you *know* that it is intended to be available for your use, then clearly you can legally use it. The idea that just because you can physically gain access implies permission is ridiculous at best, and at worst it approaches perversion to tell impressionable people that they have the right to invade someone else's property just because they can! If, because of your encouragement, even one person's network and privacy are invaded, that is bad. But it would be a horrible tragedy if someone you encourage ends up being convicted of a crime and spends time in jail...

You aren't paying attention. The analogy was not mine, and *my* point was that it doesn't apply here. There are *no* exact analogies, and the appropriate point is that it is morally and often legally *wrong* to connect to a WLAN just because it is not sufficiently secured to keep you out.

*That* is the bottom line, and there is no escaping responsibility.

And if you *know* that to be the case, then using it is perfectly acceptable.

And if you don't know that it is *intended* to be available, using it is *dishonest*.

Which has legal significance, because they explicitly have authorized use of their property.

Which has no legal significance, because none of those characteristics reduces or allows abuse of their legal rights.

That is indeed a complication. But what the computer does automatically is not an indication of the user's intent, legal or otherwise.

That is true. Some people think it makes no difference, but even if you are innocent it won't be fun going through the system that proves it.

Rubbish.

If you decide to use something that doesn't belong to you, then it is

*your* responsibility to ensure that the owner is happy for you to do so.

It is NOT the responsibility of the owner to make sure it is obvious they don't want you to use it.

Here in the UK (I hadn't noticed till now that the thread is alos in a non-uk group), that is a very bad analogy, because the majority of filling stations that don't charge DO have signs saying "Free air and water".

The problem is that you don't understand what the SSID is, what it means to broadcast it, or why that is done.

Anyone who thinks disabling "SSID Broadcast" is the correct configuration for a wireless AP, is wrong.

Anyone who thinks disabling "SSID Broadcast" hides the SSID, is wrong.

Anyone who thinks enabling "SSID Broadcast" is an invitation hasn't got a clue.

It is "broadcast" for the explicit purpose of allowing other networks to *avoid* interference!

Cite please! That is technically incorrect.

All the broadcast does is make the SSID available at short, regular, intervals. The idea is that a *short* site survey scan (short because when an AP does that it must disconnect from all clients, switch to Client Mode, make the scan, and then return to AP Mode) will be able to spot all other networks (without excessive interuption of AP mode).

The purpose is *not* to allow connections to networks, but to allow networks to be aware of others using the frequency spectrum assigned to wireless; and thus making it possible for networks to avoid interfering with each other.

As far as users knowing what the SSID is, any network that is being used is making its SSID available with every single packet sent, regardless of enabling or disabling SSID broadcasting.

real tough that. Then there's all those security scanner sites.

Phil

He's not "demonstrated" anything. Merely expressed an opinion.

Paul.

No it isn't - you're just being too juvenile to admit it.

Paul.