Is it safe to use a stranger's WiFi channel ?

Once in a while, there'll be a friendly neighbor who has broadband internet access with a WiFi router, and has welcomed you to use the channel free of charge.

Is this a good idea privacy-wise? Is it possible, for example, for someone with a wireless router to monitor your internet activity while you're using that router? Also, can they snoop around on your hard-drive?

...

Reply to
wylbur37
Loading thread data ...

In news: snipped-for-privacy@g14g2000cwa.googlegroups.com, wylbur37 had this to say:

My reply is at the bottom of your sent message:

  1. No. But free broadband is worth keeping your private stuff private.
  2. Yes. Lots of packet sniffing software out there. But do they know what to do with that software and how to capture important data from it?
  3. Yes - depending on your having file and print sharing enabled and what folders you have shared or other permissions you have set.

Glad you asked - if they hadn't given you permission it'd be tantamount to theft.

Reply to
Galen

"wylbur37" wrote in message news: snipped-for-privacy@g14g2000cwa.googlegroups.com...

NOTE: Originally posted to alt.internet.wireless, microsoft.public.windowsxp.general, alt.privacy, and comp.security.misc. Reply sent only in microsoft.public.windowsxp.general.

Hopefully they secured their WiFi setup and will permit only those that they authorize to become part of their WiFi network. Otherwise, they are running an open WiFi setup that can be abused by anyone around them which is tantamount to them proclaiming that they run an infect host with a trojan mailer daemon and are inviting anyone to use it to spew out more spam. Will this friend keep their WiFi and cable/DSL modem running 24x7 so you can connect whenever you want? Do they have it on a UPS so when they have a power outage that it doesn't mean you have an Internet outage (if you have power but they don't)? Did you make any agreement on how much of their bandwidth you get to use or how much you get? Did their ISP agree to let non-customers (to the ISP) use their customers network and thus use that ISP's service with your friend? Not likely as personal accounts at ISPs do not permit reselling or redistributing bandwidth to non-customers. Are you willing to incur any legal liabilities for whatever content your friend happens to download or transmit, and they accept responsibility for whatever you get and receive? ISPs can disavow responsibility for content (read their terms of service) but you two can't because you probably haven't signed any TOS agreement. If any of those "friends" sharing the WiFi is a pedophile, be prepared to defend yourself when included in a sting as you are all in the same "family" or entity that is receiving or sending that crap. If the ISP has problems with their service, who are you going to call when your friend happens to be on vacation or simply away at work? You are not a customer of your friend's ISP.

You won't have any privacy with your "friend" because that person can use Ethereal or another sniffer or a proxy to capture all your traffic. The only traffic that will be safe from them is when you use secured connections (SSL) between you and the target site. They won't be able to decipher the traffic but they will still know where you are going (unless you use an SSL-enabled proxy beyond them so that the destination is always to that SSL proxy and the real destination is hidden in the SSL-encrypted traffic you sent to that proxy). Without encrypted traffic, it is possible their proxy can modify the web pages delivered back to you from a site. You think you are safe going to your bank's web site but your friend's proxy modifies the web traffic to modify any URL links to make use of buffer overrun security holes in the browser or to redirect you somewhere else, or they could even add an ActiveX control to install on your host and you think your bank needed it. Note that even your e-mail can be read even when using SSL since SSL is only used to secure the login credentials and NOT the content of the e-mail unless you encrypt your mail before sending it (which means your recipient must be able to decrypt it).

Obviously if you enable file sharing services and enable sharing on your drives then it is shared with whomever else is on your (or their) network. If you really need file sharing amongst your own host on your network, use a NAT router with firewall to connect to their WiFi network which should block file sharing from extending beyond your network.

So how much do you trust this "friend"? Is this really a friend (and one that you have known for awhile so there really is a difference between them being a friend or just being friendly) or just an unknown in the neighborhood that is offering you a free connection (and very probably an illegal one because their ISP doesn't provide redistributing bandwidth to non-customers)? Might be a good deal if your friend is really someone you know and can trust, and someone that is reliable (and so is their WiFi and Internet setup).

Reply to
Vanguard

In general not a good idea, for all of the reasons above. Coming from the other perspective, I do not share my wireless Internet connection with my neighbors because:

  1. There is a (small) risk of them hacking into my computers.

  1. My ISP may see how much bandwidth my router is using and raise suspicions.

  2. I may be responsible if my neighbor(s) use my connection to download kiddie p*rn, stalk someone online, threaten the president, etc.

  1. My neighbor(s) may blame me if anything bad happens to their computers, being on the same LAN in theory I could hack their computers.

There are more I am sure.

Reply to
Joseph Stewart

Perhaps not.

Absolutely. They'll have the ability to see every DNS request you make which will tell them more than they want to know about you if you have habits that are questionable.

But... how will they know it's you and not some other neighbor is the question.

Potentially depending on your level of host based security and fastidiousness with patching. You are giving them a free shot at you on the shared network.

However, the statistical likelihood of someone intentionaly running a honeypot accesspoint and wanting people to join to get hacked is pretty slim vs a clueless average user who doesn't know how to change the default settings of their router. At least in my neighborhood's age/profession demographic.

Best Regards,

Reply to
Todd H.

Yes.

Depends on how your system is set up.

Reply to
Unruh

I would interpret it to mean that he has given permission for his posts to be posted ON Microsoft domains, only. He has that right but, yes, it's silly. One would think that any court would at least tell someone posting from GMail that they have to use Google's X-NoArchive header if they don't want their posts archived. Otherwise you're implicitly permitting users to access your post from a non-MS domain.

Reply to
Derek Broughton

Yes, included in those packets is MAC address info, doesn't take long to figure out who is who in a neighborhood like that, is Joe at work and the house empty, then MAC 123456 must be Bob since he appears to be home.

True in most neighborhoods I suspect. Not hard after all to physically find the AP if you are 'hacked' and skin the neighbor alive

fundamentalism, fundamentally wrong.

Reply to
Rico

Galen wrote: [deleted]

What the heck is that supposed to mean?

*Which* domain? The domain of the (user of the) browser? If so, I didn't know that you/Microsoft/ owned Usenet, or Google, or ... ad infinitum! :-(

If not the domain of the browser, then the heck what, why, etc.?

Reply to
Frank Slootweg

Yes, they can monitor your internet activity. If you don't have a firewall in place it'll be easy to look at your hard drive. Firewalls help but they're not foolproof. It really doesn't matter because the internet is not a secure place. Anyone with a sniffer can monitor your activity on a wired network. Don't expect much privacy on the internet because the government doesn't care and most people don't really care about their privacy because they won't use encryption techniques.

Reply to
johnny

Quite a few packages will select the important stuff automatically. Cain for example will sniff out various kinds of passwords, including ones for VoIP, and can also capture whole VoIP-sessions turning them into soundfiles.

Juergen Nieveler

Reply to
Juergen Nieveler

But even with "X-No-Archive: Yes" one is only asking not to *archive* a posting, not not to *show* it, i.e. the "if you're reading this" bit is still meaningless, 'even' in that (XNAY) case.

Reply to
Frank Slootweg

formatting link

So are you talking about forum software that implements a gateway to Usenet to include newsgroups posts in the forum's message list? While this means more Usenet-dumb users end up in the newsgroups, I can't see how it violates your implicit permission for viewing your posts since you released your content to a public domain, especially since you don't ban viewing your posts on non-Microsoft NNTP servers or with Microsoft's CDO webnews-for-dummies interface.

I'm not sure that the forum admins are using the gateway as a deliberate means to make their forums look more active. Mostly it appears to give their users a forum interface via browser to which those are accustomed so it becomes just another client accessing the newsgroups. Whether you are running a local NNTP client program or using a browser, you are using a product or service that gives you a portal to Usenet. So what's the difference between the webnews interface provided by Microsoft and the forum interface provided by someone else? They both simply provide an interface using the web browser rather than requiring users to learn an NNTP client.

Obviously opening a portal from the forums into Usenet means you end up with boobs that have no knowledge of Netiquette, RFCs, or de facto standards intrinsic to Usenet. They may be a wizard in whatever topic is for the forum but know nothing about NNTP, Usenet, or etiquette. So what? Lots if not most users of OE, Thunderbird, Forte Agent and other NNTP clients are Usenet-challenged users, too. The only complaint that I have with the forum gateway portal is that often they are misconfigured or deficient in regards to the headers and following the RFCs regarding Usenet. Also, some such portals will show the post in Usenet but replies issued from other forum users don't show up in the newsgroups (i.e., only the original post shows up in the newsgroups along with replies that came from the newsgroups but replies submitted through the forum never get back here). Again, that seems a misconfigured portal.

I see the forum gateway as simply another NNTP client that uses a browser, any browser of choice, as its UI instead of requiring a separate NNTP client program that requires the user to learn a new interface. It does, however, mean opening a portal to Usenet from those that haven't a clue as to the environment to which a copy of their posts are getting spewed.

Reply to
Vanguard

"Joseph Stewart" wrote in news:QhFef.23166$ snipped-for-privacy@fe12.lga:

No more so than anyone on the internet doing so.

Of what? As far as they're concerned, it's just some customer using their network connection!

No, you wouldn't be responsible - though you may well get hassled if this happened.

That's true, but this is more a perception issue than anything else. A little upfront neighbourly education on computer security would probably be more sensible, suggesting that although they may let you use their connection, they should probably still treat your systems the same as any on the internet (i.e. protect against them).

Unless your neighbour is prepared to trust your system, in which case they'd just have to pass it off as a learning experience, regardless if you caused their problems or not...

That's a silly comment. Being on the same LAN does *not* mean that you'd be able to "hack their computers".

Unlikely. The only significant downside to sharing someone's connection is that they can (of course) monitor everything you do on their connection.

I'm assuming the original poster *has* taken reasonable steps to secure their computer of course. If not, it doens't make much difference if you're using your own network connection or sharing someone elses - the chances are you'll get infected with *something* a short time after going online...

Reply to
framarks

In news:437b7e72$0$33780$ snipped-for-privacy@news.wanadoo.nl, Frank Slootweg had this to say:

My reply is at the bottom of your sent message:

I don't think I mentioned copyright. I mentioned lack of permission. There's sites which steal, yes steal, the usenet posts and insert them into their forums in order to get traffic or to appear as if the content was created by them. This, this signature, is for those site readers to know that they're not accessing the actual source of information and that the posts that are being included on those sites have indeed been taken without permission.

I wondered how long it would be before someone noticed the signature. It's been there for a while - since I noticed that when I was checking site ratings that some of the sites that I was either linking to (or my own) were actually lower in the ratings - the higher ratings were these forums that had been using the posts from us here to generate traffic. I'm not too picky - I'd happily give permission if asked, my posts aren't that important really. Beyond that, I haven't any complaint with Google - they'd adhere to the no-archive if I wanted to use it. I don't...

I take it you're either a site owner who's using, say, VB Forum (or what ever the most popular one is) to steal the posts here or you're not a site owner who hasn't any idea what level of dedication people put into the work they perform for their site? Either way the choice is up to you. I make absolutely no claim to copyright. As a site owner I'd be flattered if someone took the content of our site and framed it. In fact our copyright gives people permission to do so. As a site owner I'd no sooner frame someone else's site without their permission. It's a matter of respect I should think - never mind the legality, that's secondary when it comes to humanity. If you created some sort of work, framed it, and then I came along and took a photograph of it and sold it (or gave it away so that people wouldn't want to buy your's) then I'm willing to bet you'd be bothered. More so if your livelihood depended on your work. I'm fortunate - mine does not.

Again, I make absolutely no claim of copyright. These are Microsoft's servers and open to the public. The issue at hand hasn't anything to do with copyright in my opinion but in deception. The end-user has a right to know that the limited access they're being granted through the forums that copy our posts do not originate at the site they're visiting. They have the right to know that they're able to freely use this service without supporting a webmaster who's simply installed and configured a script and a plug-in. They have the right to know how to access the site without any need to visit a specific site, sign up for anything, nor adhere to any conditions other than those set forth in the expectations given in the user's guidelines. Basically, the end-user has a right to know that the site they're are using is not in any way associated with this other than that of leeching the content without permission.

Just for the record - this isn't what you might term usenet in the normal sense of the word. This is a server owned and operated by Microsoft. It is the only one to which I am responding - I don't use the regular newsgroup server offered by my ISP to post to these groups so these posts don't go to the alt.* groups at all. I do not own the server, I make no claims of this. I do, I suppose, have a reasonable expectation of ownership of my work though I opt to make no claims for it.

I'll show ya something funny...

This is from a site that leeches our posts -

formatting link
- and here's a bit from their terms of use:

"You agree not to copy, republish, frame, download, transmit, modify, rent, lease, loan, sell, assign, distribute, license, sublicense, reverse engineer, or create derivative works based on the Content or Design of the Website." - quoted from:

formatting link
Now, you brought up the subject of copyright? Okay... Here these people are - whom I have no idea who they really are nor why they think they can do this - saying that they can leech my content (my text - which is certainly mine in most cases and if not then attribution is given) and that they can place limits on how my work is used? Their content is actually mine in some areas? Yet they're now making some sort of legal claim on it? Pfft! Here's a random example:
formatting link
Err, they (the site owner) didn't author the question nor the responses and yet they make a claim towards the content? Pfft... I'd happily give it to 'em if they asked. I'd happily give it to 'em if they were honest. I'd happily give it to them if they didn't make a claim about owning the content. Heck, I'd happily give it to 'em regardless - the signature is there for the end-user and not for the site owner. Ah well, I've wasted too much time answering this.

Reply to
Galen

In news: snipped-for-privacy@TK2MSFTNGP09.phx.gbl, Vanguard had this to say:

My reply is at the bottom of your sent message:

formatting link
> Err, they (the site owner) didn't author the question nor the

That's not even remotely the problem, again - if asked I'd happily give my personal permission for my personal silliness to be copied elsewhere. Heck, if they want it they can have at it but don't try to claim it's their property or try to prevent other people from using it. They are leeches - they can at least admit to that and not then try to restrict usage of what I gave to the network freely. And that's speaking just for myself... To be frank I don't care one bit about the objective of the site owners - I care about the honesty

The problem is the deception and the claim to copyright that they make. The problem is the end-users right to know the truth about the content and that the claim of copyright of the work that I (or you) give away for free is being claimed as their work and restrictions placed on it and that is about as low as one can go online. To take someone else's work and then lay claim to it as your own (and I did point out their use policy) is tantamount to the lowest one can aspire to be as an online parasite. Even the GNU license requires attribution. My issues are that the site makes the claim of ownership, doesn't tell the truth as to the source of information/content, and finally the end-user's have a right to know. MY permission has been given (quite clearly actually) but what of the person behind me? What of the people who limit their publications? I am NOT making an effort to bring another person here but there's at least one person who expressly prohibits publication of his answers which is within his legal right in both the country he resides in, the country the owners of some of the servers live in, and the country in which this server that I'm posting to resides in. The people who grab the posts by adding a script to their site's forum are leeching. If you owned a site - and you might, I don't know that but I have watched you for a while - you might feel the same. I think the only answer I could give that would equate to you specifically is if you created the ultimate answer to the most problematic newsgroup question and then someone came along and took it and, in one form or another, charged people to access it or to respond to it and not only didn't ask you but claimed that they were responsible for the controlling of that information... I can only hope that that equates with you. It's about all I can think of that's specific.

*chuckles* I've been using this signature for quite some time now. It's funny that it's first being mentioned now. The objective of my signature is to inform the reader - no matter where they come from - that they're freely able to come to the source without a need to remit a username, password, and email. The objective is to inform them that they can access this freely, get help from you (or me) without charge, and to ensure that usenet lumbers on in it's current form to the best of my ability because I haven't time nor inclination to check 200 forums a day. The statements in my signature are completely true - if they're reading this in a browser and that browser is not pointing to a domain owned by Microsoft then this work is being used without permission. It's not that hard to understand and it's not like it's not true or accurate. It doesn't mention me, it doesn't mention you. It is a simple statement of truth. Besides - I change my signature once a month or so (even if it doesn't need it) so it's not like it will remain there for long unless I know it's effective. Thank you for your insight - to be honest I read it and I've been a good hour responding because I figured if I'd spent this long reading your posts I'd give you the benefit of the doubt. In this case I see your position and ideals but in this case I'm afraid the signature is both valid and remains as it is until I find a Sherlock Holmes quote to fill it again. (Honestly? I was out of quotes that fit that particular day so, well, they got this which I'd been thinking about for a while.)
Reply to
Galen

No. Using someone's unsecured wireless network without permission is wrong. Furthermore, you never know if those networks are set up intentionally or not.

Is it possible, for example, for

Definitely yes. My old Netgear WGR614 wireless router logged everything. It logged every website visited including the ip address of the advertisement associated with the visited websites. It even associated the log entries per computer on my LAN.

Also, can they snoop around on your

Yes.

Reply to
Doug Jamal
[POSTED TO alt.internet.wireless - REPLY ON USENET PLEASE]

Actually much more, since they are inside NAT and any hardware firewall.

Both the amount and the type of traffic could be concerns with the "abuse" policies.

It could arguably be "contributory negligence", and the hassle could be quite unpleasant in any event.

I'd say a contract is in order.

It does make it easier than being on the external Internet.

Reply to
John Navas

I'm reading this post in comp.security.misc on my ISP's ordinary newsgroup server (it's actually outsourced to Giganews). So it looks like the Microsoft server *does* propagate posts to the rest of Usenet. If you don't want your posts to propagate, take all the non-microsoft.* groups out of your Newsgroups: line.

And in general, I believe Microsoft propagates all the microsoft.public.* groups out to Usenet. That's how I read microsoft.public.mac.virtualpc.

Reply to
Barry Margolin

news.wanadoo.nl!xref.euro.net!scavenger.euro.net!beastiality.euro.net!news2.euro.net!news.glorb.com!newshub.sdsu.edu!msrtrans!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl

Frank Slootweg wrote:

news.wanadoo.nl!xref.euro.net!scavenger.euro.net!beastiality.euro.net!news2.euro.net!news.glorb.com!newshub.sdsu.edu!msrtrans!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl

absolutely right!

The idea of Internet is to share knowledge and its structure is built on shared resources.

Imagine an upstream provider denying access to its DNS records when asked to "provide zone information about a domain" by your ISP server!!!!

Here is an article that may help:

formatting link

-aljuhani

Reply to
private.mailbox

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.