[OpenWireless Tech] A small question about tracking

Sun Nov 4 23:45:06 PST 2012

Nice indeed, unless you are a user that worry the router owner might spy on
you. But then you probably have your own VPN anyway. So at least it *won't
decrease* security for anyone.
Den 5 nov 2012 08:09 skrev "Christian Huldt" <christian at solvare.se>:

> WLAN-slovenia has (or are working on?) a solution with a tunnel to a
> server so that the open network does not come out of the router owners
> connection - just to handle the fear of the owner -
>
> http://wlan-si.net/en/blog/2012/10/29/tunneldigger-the-new-vpn-solution/
>
> The nice thing is that the client just connects to an open network, the
> tunnel is from the router to some server somewhere.
>
> Yes, they are very nice people, providing servers for the community (not
> dedicated though)
>
>
> 2012-11-05 kl. 07:50 skrev Andy Green (林安廸):
>
> > On 11/05/12 10:14, the mail apparently from Christian Huitema included:
> >
> > Hi -
> >
> >> That might work for laptops, but that feels rather hard to implement on
> >> a smartphone. And it seems a bit far from the model of “open wireless.”
> >
> > No VPN-only is perfectly consonant with "open wireless".  The wireless
> part can then be literally open in a way it daren't be without it.
> >
> > If you look at captive portals in WLANs, where you are not given service
> until you click through in a browser, your phone now signals to you that
> you can get a connection by doing that even before association.
> >
> > This can be handled the same way
> >
> > - one-time, put pre-shared key in your home router
> > - one-time, setup VPN to your home dynamic DNS with pre-shared key
> >
> > then when roaming
> >
> > - phone says there's a VPN-only AP available
> > - click notification, associates, select VPN to use if more than one, if
> only one set up immediately use it
> >
> >> Can’t we think of a solution that does not require the visitor to do
> >> anything special? A true “open wireless” should mean just that, click
> >> connect and be there.
> >
> > See above, when connecting this is less hassle than a captive portal
> clickthrough.
> >
> > -Andy
> >
> >> *From:*Natanael [mailto:natanael.l at gmail.com]
> >> *Sent:* Sunday, November 04, 2012 6:09 PM
> >> *To:* Christian Huitema
> >> *Cc:* tech at srv1.openwireless.org
> >> *Subject:* RE: [OpenWireless Tech] A small question about tracking
> >>
> >> I did suggest a possible solution before - allow access to only one IP,
> >> specified vy the client. Maybe some kind of VPN detection too.
> >>
> >> In other words, we ask the client to specify what VPN it will use and
> >> limits it to that one.
> >>
> >> If he has none, we can provide tunneling to a 3rd party service that
> >> lets the user set up a VPN (listing paid ones along free low bandwidth
> >> ones and free-for-a-day VPN:s, etc). Then the connection resets and this
> >> time the user has a VPN to specify.
> >>
> >> Den 5 nov 2012 03:02 skrev "Christian Huitema" <huitema at huitema.net
> >> <mailto:huitema at huitema.net>>:
> >>
> >> Germany definitely puts the onus on the router owner, and it is not hard
> >> to imagine other European countries following Germany’s example in the
> >> future. It is also not hard to imagine “the police”  conducting a smear
> >> campaign against open wireless with that argument. At a minimum, that’s
> >> a point that should be discussed in the FAQ.
> >>
> >> I did actually study the scenario in details when I was in charge of
> >> Wi-Fi development for Microsoft Windows. We looked at the various
> >> objections to connection sharing, which we wanted to make easy. Most
> >> could be solved convincingly, security of the local provider network,
> >> bandwidth utilization, security of the visitor using the open access.
> >> But the accountability issue was really what prevented the vision of
> >> “free, open network.” The best we could do was “almost free,” i.e.
> >> requiring some kind of explicit registration.
> >>
> >> The VPN is an interesting mitigation, as it shifts the burden away from
> >> the local provider. But how would we implement that exactly? With a
> >> filter on packet type? With a “white list” of accepted VPN provider
> >> addresses?
> >>
> >> *From:*Natanael [mailto:natanael.l at gmail.com <mailto:
> natanael.l at gmail.com>]
> >> *Sent:* Sunday, November 04, 2012 5:48 PM
> >> *To:* Christian Huitema
> >> *Cc:* tech at srv1.openwireless.org <mailto:tech at srv1.openwireless.org>
> >> *Subject:* Re: [OpenWireless Tech] A small question about tracking
> >>
> >> This has been dealt with before.
> >>
> >> Only very few countries put the responsibility on the router owner. And
> >> you can route everything through Tor anyway. We might also let router
> >> owners require VPN:s.
> >>
> >> Den 5 nov 2012 02:40 skrev "Christian Huitema" <huitema at huitema.net
> >> <mailto:huitema at huitema.net>>:
> >>
> >> I love the idea of open wireless access, but I have a what if question.
> >> What happens if someone uses my open access point to connect to the
> >> Internet and commit some sort of crime? Isn’t the police going to trace
> >> that back to my home, and accuse me of doing it?
> >>
> >> -- Christian Huitema
> >>
> >>
> >> _______________________________________________
> >> Tech mailing list
> >> Tech at srv1.openwireless.org <mailto:Tech at srv1.openwireless.org>
> >> https://srv1.openwireless.org/mailman/listinfo/tech
> >>
> >>
> >>
> >> _______________________________________________
> >> Tech mailing list
> >> Tech at srv1.openwireless.org
> >> https://srv1.openwireless.org/mailman/listinfo/tech
> >>
> >
> > _______________________________________________
> > Tech mailing list
> > Tech at srv1.openwireless.org
> > https://srv1.openwireless.org/mailman/listinfo/tech
>
> _______________________________________________
> Tech mailing list
> Tech at srv1.openwireless.org
> https://srv1.openwireless.org/mailman/listinfo/tech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20121105/e1333487/attachment.html>