Someone is eventually going to go to prison after stupidly uploading evidence of themselves wiretapping a wireless network they don't own.
There's also an interesting double standard here: would it be quite so acceptable to casually listen in on people's GSM calls or wireless house phone calls?
Does there exist legal precedent for this? It would seem hard to argue for expectation of privacy on an unsecured wireless network on a protocol without TLS.
Phones, like mail, are a special case in a whole bunch of ways, legally, is my (Not A Lawyer) understanding. Using them as a basis for comparison is probably not going to reveal a lot.
Well we were talking about expectations here, were we not? I certainly expect my IM, email, VoIP and other forms of communication to be no less private than phone or post. So does, I believe, nearly everyone else. Just because one stumbles (stumble is not the right word though for what article described - the malicious intent was clear) into an unsecured segment does not make it right to eavesdrop.
Do you not picture a distinction between a landline (non-cordless) phone and wireless internet?
By 'trivial' to tap into, you mean I'd have to physically cut your line somewhere and attach a listening device, right? It seems very reasonable to expect privacy on a physical point to point wire.
With Wifi, if you're my neighbor, I need to sit at home with my computer and your photons come straight to my antenna. It's like you're giving them to me. I don't see the similarities.
If one looks at historic FCC regulation, it was always okay to listen to communications, but not to divulge the contents to 3rd parties. Even with just those older regulations, using data "heard" would be prohibited since that would involve transfer to others. I believe strong protections similar to wiretap laws were added for cell service, but unlicensed gear that has no protection from interference generally doesn't have any. For example in spite of an expectation of privacy, cordless phones are unprotected. Anyway, while there may be room to argue over access to certain communications being permissible, it's clear that one is prohibited from using anything heard (obviously including passwords, credit card info etc.)
The FCC rules for WiFi devices basically state that they must not cause any harmful interference and must accept any interference that occurs including that which may cause undesired operation. Read the manual that comes with any WiFi device and the text of that will be in there (the FCC rules require it to be).
Is that actually also legal to wiretap networks that they own? What about the classic method of setting "Free WiFi" using simple tools and a 3G phone? Does that make it "legal" to wiretap in US, at least?
Not to people who read HN, certainly, but just judging from behavior, it's something that's totally lost on a lot of people (even people who ought to know better). There's a weird assumption of nonexistent privacy when people use their computers; a fair number of users seem not to grasp that using the Internet at Starbucks (or at a hotel, or in an airport) is very different and much less secure than using it at home.
Trespassing into an apartment building seemed a bit gratuitous and creepy, though, and might distract from the lesson (by making people think they can really improve their security by being on the lookout for nerds tailgating them in the door). I think the point could have been made just as well by sitting in a coffee shop, or checking into a hotel with free Internet access for an evening.
To you, maybe not. But to the general population it is.
Remember the huge fuss that came about when people found out Google was getting the same data with their streetview cars... Tis why I started the article with that.
Wow, had no idea the article would become so popular.
I wrote the article and would just like to make a few points.
I am NOT a hacker. I don't claim to be. I'm just a geek that's curious about network security. They called it "A hacker story" because this is what hacking is to the general populace.
I understand that REAL hacking is completely different.
The point of the article is this:
It's REALLY easy for even a non-hacker to get all this information. I'm not saying to stop using open netqworks, just be careful what you do on them. That's all.
I'm sorry but looking at packets on an unsecured network is in no way "hacking". Even cracking a WPA network and using a MITM attack is trivial with all the tools and tutorials available.
Firesheep is just an automated GUI for what we've been doing all along. Ettercap, wireshark, etc are far more flexible and can be used to execute a wider variety of attacks. Firesheep, for example, won't ARP poison on a wired network.
There's also an interesting double standard here: would it be quite so acceptable to casually listen in on people's GSM calls or wireless house phone calls?