Nebraska Sheriff Wardriving, Sending Letters About Unsecured Wi-Fi

An anonymous reader sends this quote from JournalStar.com: "The Lancaster County Sheriff’s Office has seen an increase in scammers using unsecured Wi-Fi connections to steal identities and mask their crimes during the past six months, Sheriff Terry Wagner said. ... So deputies spent the past few weeks finding unsecure connections and sending 40 to 50 letters to let people know about the potential dangers of strangers accessing their network connections. 'You're just opening yourself up for a series of potential pitfalls,' Chief Deputy Jeff Bliemeister said. ... Bliemeister said only businesses like coffee shops that offer Internet connections to customers need unsecured Internet connections.

Law Enforcement at Work

[ackthpt]

Applause!

Much better than that goofball sheriff in Aridzona.

Re:

[mpoulton]

Applause!

Much better than that goofball sheriff in Aridzona.

Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs. It's a local elected office. I do not understand the national media attention.

With that said, I do not support Arpaio or his policies and do not vote for him.

Re:Law Enforcement at Work

[IceNinjaNine]

Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs. It's a local elected office. I do not understand the national media attention.

As a former Phoenix resident, I have to say maybe it's because of things like this [go.com] and this [wikipedia.org]?

Sorry, but once you step over the line and nobody else is reigning it in, it becomes a federal problem.

Re:Law Enforcement at Work

[Hatta]

Criminal behavior by public officials anywhere in the country affects everyone. The Feds need to make an example of Arpaio, lest his corrupting influence spread.

They've tried

[Sycraft-fu]

A federal grand jury wouldn't return an indictment.

Re:They've tried

[Hatta]

Fuck.

Re:Law Enforcement at Work

[pavon]

Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs. It's a local elected office. I do not understand the national media attention.

American citizens don't deserve to loose the fundamental constitutionally guaranteed rights when they travel through another county. Nor do prisoners deserve to be loose their (more limited) rights because they are transferred into your county. It's essential that his abuses get national media attention, so the rest of us can know to stay out of Maricopa county until you guys (or the feds) finally get around to doing something about it.

Re:

[Larry_Dillon]

Because I might drive through your lovely county some day.

Re:

[Cajun Hell]

I do not understand the national media attention.

Please remember that Charlie Sheen, Lindsay Lohan, etc are also "worthy" of media attention. It's not like the bar is high. They're nutjobs and so is your sheriff, and it's all fair game for worldwide entertainment, whether the nut represents all spectators or not.

It's just that people expect that kind of shit from drug-addled Hollywood types; that's a sort of baseline of entertainment. Maricopa county took it to the next step, beating Hollywood in two wa

Re:

[fm6]

Oh that's funny, It's OK for your local official to interfere with stuff that has nothing to do with his responsibilities or jurisdiction and that affect the whole country. But if the rest of us complain about it, we're the ones messing with a local official?

I love the way right-wingers make idiots of themselves, and then when people notice it, they complain about the "national media". Take some fucking responsibility, dude.

Re:Law Enforcement at Work

[hey!]

Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs.

Not when he started to investigate Obama's birth certificate. Arpaio is the one trying to put the Maricopa sheriff's office on the national stage, and when he does that the people who elected him have to take the criticism that provokes.

Re:Law Enforcement at Work

[Dishevel]

To be fair though the administration started attacking him first.

You must live on Earth-602 or something

[logicassasin]

I just left AZ a bit over a year ago and lived in Maricopa County. Joe Arpaio started his b.s. first, but even before that he and his office were a menace to the Latino populace of the county. Don't get me wrong, there ARE illegals there, no one will ever dispute that claim, however he's been less than truthful when he repeatedly states that they're responsible for all the crime there. Take a look at the mugshots his office posts daily, plenty of black and white faces to go along with the brown ones he singles out.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Law Enforcement at Work

[Anonymous Coward]

He said he would vote against telecom immunity but voted for it.
He said he would have the DoJ ease up on the prosecution of medical marijuana but they did the opposite.
He said he was going to institute a new era of transparency and rule of law but did neither.
He said he would shut Gtimo, and end torture camps around the world, he did the opposite.
He escalated foreign wars and most of them are actually secret, unofficial wars.
He claims the right to kill American citizen without due process; not even Bush made that claim.

The only one that is deluded is you.

Re:Law Enforcement at Work

[wolrahnaes]

On a world scale, yes, yes he is. The US view of "center" is just fucked off to the right by a lot.

Re:Law Enforcement at Work

[Dzimas]

Take a look at this chart of the political opinions expressed by world leaders: http://www.politicalcompass.org/images/internationalchart.png [politicalcompass.org]

Hugo Chavez is left wing. The Dali Lama is left wing. Romney and Obama? On the broad global stage, they're both sharply right wing. The fact that their campaigns have you believing they're worlds apart is simply not reflected in their actual policies and rhetoric.

Re:Because of racsim

[Anonymous Coward]

I had the same thing happen in my home county. Our jail was under federal oversight for over 13 years due to constant escapes, inmate injury, and general code violations. We had a sheriff who hired a known thug deputy to be an assistant warden. The man hired numerous thugs for guards, and gave a good old boy system "wink, wink" to the guards who "beat the inmates who needed it."

This entire reign of terror ended after an inmate was beaten to death while in the restraint chair. The video showed the man get slammed into the chair, strapped in, pepper sprayed, and hooded with the spit hood. Then each inmate proceeded to either punch/kick, strike with a baton, or use a tazer on the poor victim. The coroner determined what happened and the federal justice department filed criminal charges against a bunch of "officers." I believe 18 of them either resigned, plead guilty, or plea bargained to lesser charges. Only one or two were convicted of the worst charges, and they happened to be the ringleaders. The only lack of justice is that the assistant warden was never charged, he did end up resigning and no longer works in law enforcement. This entire debacle cost the sitting sheriff his seat in the next election.

The man who took his place almost immediately increased the pay for guards, increased hiring standards, and began the process of fixing all of the code violations that had been ignored for years. The county commission thought he was "spending too much money" and fought him non stop. Apparently they don't think anything of having the justice department look over your shoulder for years. I only hope that the sheriff gets re-elected and can continue to fix the problems in the county. I do not want the county to look like "Sheriff Joe" and his "tent city."

Should anyone want to read what happened, the events in question were from Harrison County Mississippi, during February 2006. The sheriffs name was George Payne. I do know it is against the rules to read the article/story/research/etc. but it is an interesting read.

Re:

[ackthpt]

Racsim? That's the new medieval torture virtual reality device, right?

I think unlimited campaign spending launching super PAC commercials is the modern equivalent or mideval torture.

How do they know exactlywhere to send the letters?

[ZorinLynx]

In a dense area you might pick up 15 different access points, 2-3 of them open. Unless they have sophisticated RF locating equipment the letters are just going to be out based on a best guess scenario.

The only place I can see this working is suburbs with wide spacing between homes, or rural areas.

Re:How do they know exactlywhere to send the lette

[wierd_w]

2 deputies with directional antennas.

If you can find warships that way, you can find wifi hotspots.

Re:

[wierd_w]

A directional antenna doesn't need to be expensive to be effective.

I made one for a friend of mine for about 20$ in parts, out of a clamp-on style work lamp, a usb extension cable, and some epoxy putty. Works great. 20dbi increase in gain over a fixed FoV direction.

Couple with netstumbler, kismet, or some other profiling software and a cheap wifi dongle, and you have yourself an aimable wifi probe.

Course, it looks ghetto as fuck, be he doesn't care. It works, and can go through several walls.

I am contempla

Re:

[wierd_w]

Pretty good when you gently touch them with a hot air gun to level the plastic, then gently spray with conductive paint.

(Or give the full montey with silver nitrate solution.)

Re:How do they know exactlywhere to send the lette

[taustin]

You've never been to Nebraska, have you? Google says the population of Lincoln is about 260,000 total. There are apartment complexes in Los Angeles with nearly that many people. Houses have yards, there aren't many multi-story buildings (especially residential). The only "sophisticated RF locating equipment" is the number of bars on the signal idicator in the system tray in Windows, which will vary visible from one house to the next.

Re:

[ackthpt]

How about some id on each wireless access point, which can be tracked through the service providers in the region? Doesn't sound unreasonable, particularly if law enforcement is provided with the necessary tools and training.

Re:

[JDG1980]

In a dense area...

We're talking about Nebraska here.

Re:

[HangingChad]

The only place I can see this working is suburbs with wide spacing between homes, or rural areas.

Or Nebraska.

Re:

[slapout]

If the SSID is broadcasting, "Smith" and the name on the mailbox is "Smith", you can probably take a guess about it.

Re:

[Rob the Bold]

If the SSID is broadcasting, "Smith" and the name on the mailbox is "Smith", you can probably take a guess about it.

I think if you're a residential broadband customer, and your access point is wide open, the SSID is gonna be "Linksys" or other default name.

Re:

[rat7307]

"Cleetus, we got ourselves another member of that there 'Linksys' family, they sure are a big clan!"

Re:

[History's Coming To]

Unless they're working with the ISPs to recover the address associated with the IPs. If this is simply advice being given out (in line with ISP advice anyway), and information isn't being stored or intercepted then fair enough in my book. Too many people end up in court giving it the "but I was hacked!" excuse when they had no password, or an astoundingly weak one, ignorance may be no ecuse but it's nice to see some proactive action in educating people.

It depends on how you're using the word "dense"

[Picass0]

There are some very dense areas in Nebraska. Some of them are even well populated.

Re:

[cffrost]

There is 1 city in that county, and it ain't exactly NYC.

Well, there's only 1/5th of one city in New York County. :o)

Re:

[Abalamahalamatandra]

And I believe Lincoln is actually the largest city in Nebraska on Cornhuskers game days.

I kid, but it's close. You do NOT want to drive on Interstate 80 when most of Omaha is driving to Lincoln for the game.

Re:

[Anonymous Coward]

As a Nebraskan... yes.

I'm regularly shocked by perceptions people from the larger cities, or from the coasts have. Yes, by land area, Nebraska is mostly rural, but it does have cities that typically have malls, movie theaters, and at least 10 square miles of urban/suburban space.

Lancaster County, in particular, averages 311 people/sq mi, and has Lincoln in the center, which even has some buildings with more than one story. Evidence: http://en.wikipedia.org/wiki/File:Lincoln_DT.jpg

Re:

[SJHillman]

We in NY feel your pain, but in reverse. A chunk of NY larger than several nearby states is designated "Forever Wild" and is the largest state park in the Lower 48. Several townships near where I grew up measure population density in fractions of a person per square mile.

northern NY state is awesome

[Chirs]

I was living up in Ottawa, and it was quicker/easier to cross the border down into the Adirondacks than to drive up to Algonquin park. Fewer people, fewer fees, less traffic. I'm surprised more people don't do it.

I'd leave my wifi open

[mcgrew]

However, the ISP's TOS forbids it. Nobody's going to break into the computer unless it has no password. But as I've gotten free wifi from unsecured hotspots, I see no reason not to repay by doing the same.

Re:

[joaosantos]

In some places you are legally responsible for what people do with your internet connection.

Re:

[kermidge]

Seems to me, a problem is defense on wireless modem/router is static, attack is not; upshot, all defense eventually overcome. So even if your wireless is 'secured', if it's used to do something 'bad' then you're on the hook unless and until somebody else looks better for it. From what I see, prosecutors and judges are more concerned with no-comeback conviction rate to tout in next election than with truth or reality. Existing law is far worse than b.s. ISP TOS.

Proving innocence is a losing proposition. S

Re:

[rtkluttz]

This is FUD at its worst. Yes you'll have to clear your name but this is America and only the person responsible for the crime is the one who is in trouble. I keep my wifi open because I have lots of guests and work on lots of computers. Screw the FUD type threat from the government. I'd send their letter back telling them to mind their own business.

Re:

[Crasoose]

They don't need to break into your computer if you leave it unsecured, everything you are transmitting via wifi is open. Unless you never use wifi, I'd shoot for a dual band router if you are trying to help random people and leave some quality of service on that connection while you're at it. If they need internet so badly at that point they can always knock on your door and ask nicely.

Re:

[hawkinspeter]

That's what I do with mine - a hidden wpa2 network for private use and an unsecured public one (that only has internet access) for friends/neighbours/passer-bys to use. I hate the way people are trying to scare people away from altruistic behaviour - it's kind of like warning people against giving away free water in case someone drowns someone in it.

unsecured wifi?

[clemdoc]

While I think this action is quite cool, I would argue that not even coffee shops and businesses like that need open wireless connections.
They could just as well make the WPA2 key easy to remember and put it in some obvious place, enabling their clients to use encrypted connections and avoid all that Firesheep stuff as well.

Re:

[Anonymous Coward]

Um, firesheep works in that scenario.

You're confusing L2 security with transport security for http traffic, very different things

Re:

[cluedweasel]

We tried this where I work. You would think it would be easy. Just set a key and put a notice up with the key on it. Forget it. It was way beyond the ability of most of our visitors to input a simple key, just a simple pass phrase. After a week of people complaining, the boss decided we should go back to fully open guest wireless access.

Re:

[Anonymous Coward]

set BSSID to: the password is McDonald's

Re:

[Nikker]

Just wait till they type in as the password "the password is McDonald's", allow hilarity to ensue.

Re:

[fermion]

I am not opposed to shops printing a code at the bottom of a receipt to get into the Wifi for a number of hours. If the WiFi is close, that is the only thing that makes sense. On the key is known, then anyone can use it and it might as well be open. Even the individual key is not going to stop snooping.

Honestly, if I were going to snoop traffic, I would do it at a public place where the acces was open. People are crazy and wil do all sorts of confidential stuff over an open line. At home you feel safer

Re:unsecured wifi?

[DarwinSurvivor]

On the key is known, then anyone can use it and it might as well be open. Even the individual key is not going to stop snooping.

You obviously don't understand anything about wireless security. If a connection is open (no encryption), anyone (even those not connected to the router) can stniff EVERYTHING sent over the connection (barring https and the like). With a password, even if every person in the world knows the password, nobody can sniff anyone else's packets. The passwords intiates a transaction where the router and your computer set up their own sessions keys which are used to encrypt everything else. so even though everyone used the same password, everyone is using different encryption keys, so everyone is protected (at the wireless level at least).

Re:

[Vegemeister]

That doesn't stop man in the middle attacks. If I know the password, I can run my own AP with the same SSID and password, and proxy all traffic through to the real AP, with whatever snooping of malicious transformations I care to implement.

Actually solving the prolem requires public-key cryptographic verification of the access point. WPA-PSK just authenticates the users to the AP, not the other way around.

Re:

[gnasher719]

With a password, even if every person in the world knows the password, nobody can sniff anyone else's packets.

I think that's not quite true for WPA. In the version where everyone knows the password, there are certain attacks possible once you know the password. That's why it's fine for home use where only trusted people get the password, but not say for company use where you can be sure that a hacker will find some idiot giving them or selling them the password.

Re:unsecured wifi?

[PTBarnum]

I thought that using a PSK still allowed people to decrypt your packets, as long as they knew the PSK and were able to capture the beginning of your session. So while having a PSK is slightly better than not having one, it doesn't really guarantee a secure connection.

Does anyone make an easy-to-use 802.1x appliance for coffee shop type uses?

Re:

[MrKevvy]

Only if you use a weak password. There's no known attacks against WPA other than dictionary and brute-force which will work on anything. It allows a 63-character password, so for all practical purposes a 63-character WPA password of random mixed-case letters, numbers and punctuation is unbreakable (currently.)

WEP, of course, is cryptographically weak and crackable

Re:

[PTBarnum]

Having a highly secure password does not help, if you give it out to everyone who walks into the store.

Re:

[whoever57]

There's no known attacks against WPA other than dictionary and brute-force which will work on anything

You mean, apart from known [wordpress.com] attacks [google.com]on WPS, which is commonly enabled on access points using WPA.

Proactive Police Work Preventing Victimization

[Lashat]

Other Law Enforcement please take note. Follow this model for other crime prevention and imporve your community.

Thank You
Taxpayers

Re:

[Revotron]

If you were to equate this article to trying to prevent rape, then the equivalent action by the police would be to tell women not to fall asleep naked spread-eagle in a dark alley. To some people, that's a "duh" thing, but to some less-street-smart people it's quite a notion. THAT'S the basic premise here. Make it harder for a criminal to do their job and you decrease the chance that a crime will happen.

Re:

[AK Marc]

They've already made it illegal to leave your car running with the keys in to prevent auto theft. But I never see anyone complaining about that.

Re:

[chrismcb]

Thats awesome. And they are trying to amend the law to allow you to warm up your car in your driveway if the temp is below freezing.
How about, let me do what I want to do?
The claim is 40% of cars that are stolen, have the keys in them. Does this mean they won't arrest the car thief now, if you leave your keys in the car?
And what will they do when 100% of the cars that are stolen, don't have the keys in them?

Oops...

[mcgrew]

What's with slashdot today? An earlier story gave a bogus link and this gives none at all. I tried to find it by googling wifi sheriff site:JournalStar.com but the story didn't come up. Is this for real?

Re:Oops...

[CanHasDIY]

Here you go: http://journalstar.com/news/local/crime-and-courts/sheriff-looks-to-lock-down-open-internet-connections/article_3a98d107-05c6-5a11-8d09-8769e6e7dacd.html [journalstar.com]

Re:

[cffrost]

What's with slashdot today?

I ask myself that question every day.

vs google?

[v1]

so how is this any different than when people went ballistic over google's streetview cars logging wifi?

Not that I'm saying there should be anything wrong with it in the first place, but why are the freaks that tried to go after google for doing this going to leave this guy alone? Looks like about the same thing to me.

Re:

[idontgno]

Do you have evidence that the Sheriff's wardriving captured and stored packet information? Because the furor over Google doing it was precisely that: indiscriminate and promiscuous capture and storage of any packets in transit in any AP's footprint that they passed through. And then Google kept that information, even after being ordered to delete it.

Tell me that a law-enforcement agency is sniffing and recording packet traffic and trolling for evidence of lawbreaking without formal suspicion or a wiretap co

Re:

[Hatta]

It's not. People blew that way out of proportion. Transmissions on public spectrum can be recieved by anyone. People need to deal with it.

Might Want to Talk to the Local University

[Revotron]

The University of Nebraska-Lincoln's general student wireless network (UNL-AIR) is wide open and unencrypted. The only form of security in place is a MAC access list. I'm pretty sure somebody wardriving around the campus (or "warsitting" in the middle of the damn student union) could collect all sorts of yummy private data from that network each and every day.

So, will the University be getting a letter from the Lancaster sheriff? Probably not. Should they change it anyway? Hell yes.

No, they dont *need* to secure them

[nurb432]

Its a choice, not a law. The police needs to stick to enforcing the law, which is their job.

Re:

[SydShamino]

Police also walk around parking lots and point out cars whose doors aren't locked, and they drive around neighborhoods where nothing has happened - yet. Preventing crime isn't any less important than investigating it, and it seems that in this case they are trying more to point out the possibilities of crime than punish those who made a choice.

Utter Horse-shit!

[Penurious Penguin]

In my area DSL isn't available and FIOS or broadband is upward of $70. This affects me and many others who have difficulty with such prices. The act of intimidating people with open APs is ludicrous and shit-brained. A secured router with a unique user-ID, strong password, along with various options such as filters, availability-configurations, etc., is more secure than WEP with default settings. This sheriff should have a router fastened to his head until the microwaves loosen the rocks. I think the EFF elaborated [eff.org] on this topic quite well, also mentioning Schneier and his views on the subject [schneier.com].

Sharing, especially of educational/informational resources is a good thing. Intimidating people into doing otherwise against their will is encouraging greed, inefficiency and paranoia.

Re:Utter Horse-shit!

[Jeng]

So the sheriff is trying to put a stop to cyber crimes and you oppose it because you like to leave an access point for neighbors?

Why not give the password to the neighbors you want to allow on your network?

Re:

[Penurious Penguin]

Why intimidate others into conforming to one (reasonably-disputed) perspective? If the sheriff had distributed passive, informative information, I would condone the effort, but disagree with the premise. Instead, intimidation was used without exploring other possibilities. The number of people committing serious "cyber"-crimes is too low to warrant this level of paranoia, especially when sporting a WEP-key does little to prevent it.

We have all sorts of buzzards poking around in our personal data, whether

Re:

[Penurious Penguin]

Footnote: If law-enforcement can wiretap me with the warm, affectionate assistance of the ISP and without a warrant, maybe my neighbors should be given a fair chance too! -- at least they are more likely to be employed in something other than whoring to the plutocracy and fucking over the serfs. I've had very few neighbors (if any) that have ever pulled a gun on a marijuana-smoker and stuffed them in a cage, or tazed someone because they were having a bad day. I also highly doubt most of my neighbors would

Re:

[Threni]

> Why not give the password to the neighbors you want to allow on your network?

He might want to let *anyone* onto the network. What's he going to do, paint his password on the front of his house?

If he wants to let people use his internet connection, that's his business. And if that makes it harder for people to figure out who has done what online, tough shit! If you're serious about freedom you have to make difficult choices* like `what if me letting people use my house as a TOR exit node or free wifi

Re:

[Penurious Penguin]

If you are actually being serious, the term "secured wifi" colloquially and often formally implies either WEP or WPA. In addition, the term "open wifi" does not imply insecure. When addressing those not in the field of IT, I expect both terms are more often misnomers than not, particularly when the terms are being used to promote something by dubious sources. I presume you are trolling though, and give you credit for successfully wasting a small amount of my time. Now either go do your high-school homework

FCC has sole authority to regulate WiFi devices

[schwit1]

http://wifinetnews.com/archives/2006/11/fcc_smacks_down_boston-logans_dubious_wi-fi_claims.html [wifinetnews.com]

Kills plausible deniability

[DoofusOfDeath]

For someone up to no good, I'm not sure that securing WiFi is smart move.

If someone has an open wifi, and something illegal (copyrighted content, kiddie porn, etc.) is downloaded via his IP, the person has plausible deniability that he himself did the downloading.

If that persons has secured his WiFi with a password, then I would think he's more likely to get convicted.

Re:

[Anonymous Coward]

Except that Jammie Thomas already tried that defense in two separate jury trials, and lost both times. An open wifi does not give you plausible deniability.

Re:

[gnasher719]

If someone has an open wifi, and something illegal (copyrighted content, kiddie porn, etc.) is downloaded via his IP, the person has plausible deniability that he himself did the downloading.

Obviously a prosecutor will hold that against you. If you are a person who knows about secure WiFi, passwords, and plausible deniability, then keeping an unprotected connection means you're up to no good.

Wow

[nilbog]

Wow this is what we've been asking for all along - someone to educate everyone on securing their wifi. I think this is a good thing for police to spend their time doing. Serve and protect.

Re:

[fak3r]

well said!

Re:

[mcgrew]

If it is legal and not unreasonably dangerous for a business to use an open wifi connection, then why can't I?

You can. This sheriff isn't arresting people for having hotspots, he's simply mailing them FUD.

Re:

[idontgno]

It's not strictly FUD. For people who leave an AP open because they don't know better, this is a good service. For people who leave a WAP open because of some kind of principled and conscentious decsion, there's nothing there they're not already familiar with and willing to risk.

And let's face it. There is risk. If some random bad actor uses your unsecured WAP for random badness, it will inconvenience you. You will be a "person of interest" until they find a better suspect. Again, this might be a risk worth

Re:

[hawguy]

It's not strictly FUD. For people who leave an AP open because they don't know better, this is a good service. For people who leave a WAP open because of some kind of principled and conscentious decsion, there's nothing there they're not already familiar with and willing to risk.

And let's face it. There is risk. If some random bad actor uses your unsecured WAP for random badness, it will inconvenience you. You will be a "person of interest" until they find a better suspect. Again, this might be a risk worth taking if you decide it is, but for a clueless schlub who just bought the router and plugged it in? Not so much.

Agreed, it's not FUD - the majority of people with open Wifi access points don't know and and don't know why it's bad. Those that leave their AP open on purpose will read the letter and ignore it. I used to keep a guest Wifi connection open, bandwidth constrained to less than 1mbit with port 25 blocked outbound. I saw a few dozen MAC addresses on it, so I think it was useful to some people.

Hopefully the letter included some online resources and companies that those AP owners could use to secure their Wifi

Re:

[Kjella]

You can. This sheriff isn't arresting people for having hotspots, he's simply mailing them FUD.

Then again while it's fully legal to not lock your doors there's also no laws against the sheriff saying "You may want to lock your doors at night, sir. It will help protect you against burglary and vandalism." A crime is always 100% the criminal's fault, a theft is the thief's fault, a robbery the robber's fault, a rape the rapist's fault and so on. And it's still 100% the criminal's fault even if you act stupidly or recklessly, nobody forced them to be criminals even if you gave them an easy opportunity.

Who says you can't?

[phorm]

I don't see anything in the article that said it was illegal to have open wifi, or that you couldn't.
It said that open wifi was being used for identity theft, and that notices of potential dangers (I'd imagine such as possible repercussions for the wifi owner if fraud is traced back to their internet connection) were sent out.

For a couple of older folks or just generally non-technical people who potentially just plugged in an unsecured D-link, not a terrible thing to be given information about, and somewhat pro-active of the Sheriff. It seems little different from the notices given to people who leave their cars unlocked in neighbourhoods experiencing an increase of car thefts...

Re:

[PRMan]

So the Sheriff laughs at visitors for locking their cars, but tell the locals to lock their internet?

Re:

[Hatta]

The only 'danger' you expose yourself to by keeping an open wifi is that a moronic lawyer claims it must have been you and decides to sue you for things you didn't do.

Or if a moronic judge issues a search warrant for your home.

Re:

[YrWrstNtmr]

I have the right to keep an open WIFI connection and if someone else uses it for bad purposes that does NOT expose me to any reasonable danger or risk.

It does make you the initial point of contact/suspicion until they (maybe) figure out it wasn't you. But by then, your PC's have been confiscated, your name in the news, and possibly dragged through the courts.
I get your point, but if someone does use your open connection for illegal purposes, you are where the investigation will start.

Re:

[Liquidretro]

They are not mandating you close your wifi, they are just suggesting you do. Making you aware of something you were unsure of maybe. Very much the same as if they were to wring your door bell to tell you your garage door is open at midnight, etc.

Re:

[cbiltcliffe]

If my doorbell is that saturated with water that it needs it, they're welcome to wring it, but I think it'll still not work when they're done....

Re:

[mpoulton]

If it is legal and not unreasonably dangerous for a business to use an open wifi connection, then why can't I? If I get incorporated, does that make it safe?

No, but there's a general presumption that it's intentional when a business does it and that they understand the risks and decided to accept them. There's a (well justified) presumption that when a random house has an open AP called "Linksys" it's an accidental result of cluelessness. The sheriff isn't shutting peoples' netowrks down or threatening them with any sort of law enforcement action, they're just informing people that it's a security risk.

The only 'danger' you expose yourself to by keeping an open wifi is that a moronic lawyer claims it must have been you and decides to sue you for things you didn't do. The proper response to that is to counter sue the lawyer and to educate the public, judges and jury that an IP address does not prove identity. I have the right to keep an open WIFI connection and if someone else uses it for bad purposes that does NOT expose me to any reasonable danger or risk. People have the right to anonymity and that means government and lawyers do not have the right to intimidate people into making anonymity harder to obtain.

If you want to play lawyer for yourself without being o

Re:

[DarwinSurvivor]

Others have already explained why you can, so I'll explain why you shouldn't

• Unless you have 2 wireless connections, everything you do is ALSO transmitted unsecured over the air exposing you to packet sniffing. Even your internet connections (from one computer to the other over samba/shared folders/etc). BAD
• Coffee shops typically have surveillance cameras in and round their building, so if someone uses the connection to steal CC numbers or upload child porn, the police have at least some leads as to its so

you are free to do so, but

[OrangeTide]

The vast majority of people with open APs at home don't know what the fuck they are doing.

A coffee shop has some business interest in maintaining open access to wifi. Perhaps the assumption is that there is some chance of them hiring someone who can configure a basic firewall+AP properly. I'm not particularly optimistic about that, but let the Sheriff solve one problem at a time.

Re:

[Hatta]

Wifi encryption is useless if anyone and everyone can join the network. Once you join, it's just like being on any other shared medium network. All your packets are available in the clear. If you're worried about security, use application level encryption.

Re:

[gnasher719]

Wifi encryption is useless if anyone and everyone can join the network. Once you join, it's just like being on any other shared medium network. All your packets are available in the clear. If you're worried about security, use application level encryption.

It's not useless. Packets are not available in the clear, because everyone joining the network with the same password will get a different key. However, there are attacks possible against that version of WPA so a hacker on the network can crack someone else's key. But nothing is in the clear.

Re:

[Revotron]

It's so easy to bust down your door, run into your house, and grab your big-screen TV, so why don't you just leave your door unlocked so I can walk right in?

Also, since it's so easy to smash your car's windows, hotwire it, and drive away, why don't you just leave your car unlocked and set your keys in the cupholder?

Re:

[hawkinspeter]

Open wifi isn't a problem if you always use https to connect to websites. https://www.eff.org/https-everywhere [eff.org] is an easy way to use https if it's available for a website.

Re:

[hawkinspeter]

WPA2 isn't at all easy to crack, but it's definitely easy to spoof MAC addresses.

Re:

[Penurious Penguin]

I strongly disagree in cases where WPA is properly configured. It is simply insane to try to crack a strong WPA2 setup for any average or even above-average person. Also, the MAC can be duplicated by the attacker and used during times when the owner is not active -- it can also cause problems. On the rest, I concur. A good router -- especially with good firmware -- can be intricately configured and offer quite a bit of basic security. Aggressively discouraging people from maintaining open APs is stupid and