[OpenWireless Tech] No probl/ which VPN

Tue Nov 6 23:38:48 PST 2012

https://play.google.com/store/apps/details?id=de.blinkt.openvpn

Root free OpenVPN for Android!

I'll just say this: No VPN or other proxy + untrusted routers = only a
minor security advantage against active attackers over the current way of
doing things. (Though much more secure against passive attackers, but
active attacks are easy on WiFi.)

Please, go with VPN:s of some sort. As I suggested before, put a link in
the client to a database over trusted VPN:s, including free ones. Let it
pick one from there.
Den 7 nov 2012 07:54 skrev Andy Green (林安廸) <andy at warmcat.com>:

> On 11/07/12 12:29, the mail apparently from John Gilmore included:
>
>> Brad> How many people are willing to be the Kent State victims...
>>>
>>> Brad> Feel free to put your money where your mouth is and actively go
>>> Brad> out and seek UC Davis or Kent State type experiences and then
>>> Brad> report back to us how well this works for you to encourage
>>> Brad> others to do the same.  We'll wait.
>>>
>>
>> No need to wait.  I've been running one or more open wireless networks
>> on and in my house for many years.  I had one on my roof back when it
>> was called "802.11b" instead of WiFi -- when you could actually hear a
>> signal from blocks away.  (Now there's so much other WiFi traffic
>> nearby that I can't see my access points from more than a few houses
>> away.)
>>
>> So far nobody has sued me, broken into my house, tried to shut down
>> my internet access, etc.  Of course, I exercise discretion in choosing
>> my ISPs - I'm not on one that claims I can't run servers or access
>> points.
>>
>
> Enough people have gotten into problems that it is now widely understood
> to be "dangerous and unwise".  I'm not saying it is, actually I think what
> you are doing is great.  However that's what the man in the street thinks
> and he has put WPA screens around his AP because of it.
>
>  Any device should be able to connect without authorization, and
>> immediately pass real, unfiltered Internet traffic.  If your pedometer
>>
>
> Agree with this... I don't like the monetization ideas at all.  If it's
> going to be offered, it should be as near zero hassle as possible.
>
>  wants to report your jogging time, or your camera wants to upload the
>> three pictures you took before you wandered into open WiFi range, it
>> should work.  These apps should all be supported without manual
>> intervention.
>>
>
> Right...
>
>  I think we should put our attention on solving some of the real
>> problems in open access wireless, such as its susceptibility to
>> radio-link wiretapping, its lack of ease of configuration, and do some
>> negotiation with ISPs to improve their terms.  Forcing every open
>> wireless node down a VPN strikes me as a lot of work that somebody
>> else could do later, or "maybe never".  For example, it would require
>> protocol changes in every client device.  Real "open wireless" would
>> work with unmodified client devices.
>>
>
> I think those things are orthogonal, they can and maybe should be done but
> they don't really change the VPN-only advantages.
>
>
> You're right it's just talk right now.  To move it on we need to beat out
> some consensus leading to a short specification document for what it is and
> how it works.  If the EFF are behind it, we can probably get introductions
> to the major router manufacturers and their input to improve it.
>
> One problem is what VPN protocol... Android does not support the obvious
> one OpenVPN out of the box.  It looks like OpenSwan is needed?  Does that
> make trouble on other platforms, eg, Apple or MSFT?
>
> -Andy
>
> ______________________________**_________________
> Tech mailing list
> Tech at srv1.openwireless.org
> https://srv1.openwireless.org/**mailman/listinfo/tech<https://srv1.openwireless.org/mailman/listinfo/tech>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20121107/b23cb51e/attachment.html>