[OpenWireless Tech] Setting up an open network now?

[Eugene Smiley]

> Display of policy page

What you are looking for is called Captive Portal. Examples are nodogsplash,
nocatsplash, CoovaChilli.

> Provide for Termination

This is easier said than done. MAC address filtering is easily bypassed.
You'd have to have actual user accounts and maintain a radius server or
something like that to have that level of control.

> Use a Password?

If you are going to promote OpenWireless and potentially redirct users to
the OpenWireless site via Captive Portal, password protecting the
connection makes no sense. It's like a business saying, "We are open, but
you have to have a key to come in."

> Managing Police Mistargeting Risk

Since you are providing for a group of users you are less likely to have
the Police busting down everyone's door. You are more likely to have them
busting the door down of the one person the ISP account is registered to
and if it is a business class internet service and registered to a business
name, like Condo X broadband Coop, you might avoid action all together and
just get a complaint notice. Can you imagine a police raid on a McDonald's
or Starbucks?

I have a Google Spreadsheet of many of the popular VPN services I
researched. Trying to compare apples to apples is quite a challenge in that
market. There are companies I wonder how they are in business considering
how complicated their pricing structure is. If anyone is interested in it,
let me know.


On Sat, Nov 10, 2012 at 12:16 PM, Java Nut <javanut20 at hotmail.com> wrote:

>  I am interested in setting up a DD-WRT (or could switch to another
> firmware if another is more suited to this task) router to participate in
> the EFF Open Wireless Movement to assist a very small inn of condominium
> units (each with different individual owners all in one building) offer
> wifi to their guests while controlling their legal risk for doing so.
> (Jurisdiction is USA.) I have some questions about implementing the EFF
> recommendations. I have already confirmed that a single router has enough
> range for where I want the network to go.
>
> Display of policy page
>
> How might I cause a user's browser to be initially redirected to a policy
> page before the user may browse to the web site of their choice. Perhaps I
> could show the EFF page to tell the user it is a part of the Open Wireless
> Movement, or show a page of my own hosted on a hosting service somewhere,
> or one stored in the router itself? I would be interested in hearing
> answers that are for DD-WRT or other open source firmwares like Tomato,
> etc, if those are better suited to this task.
>
> Provide for Termination
>
> I am really not sure how I would be able to effectively provide for
> termination of a user. I know how DD-WRT can be set up to block MAC
> addresses and that could be used to terminate someone, but if I receive a
> complaint about someone later, I would not know how to identify which user
> it was and would not have the MAC address to block. It would seem I would
> need a log of all web pages visited by each user if I am to realistically
> be able to terminate anyone. Keeping such a log would require too much
> memory for a low power router to store. To what extent is it necessary that
> a small time network operator be prepared to implement a termination
> policy? Is it OK to just say I have a termination policy, but not be
> prepared to implement it?
>
> Managing Police Mistargeting Risk
>
> The open wireless movement web pages link to this list of VPNs that I
> might consider routing all traffic through so the policy do not come to the
> property if someone terribly abuses the network.
>
>
> https://torrentfreak.com/which-vpn-providers-really-take-anonymity-seriously-111007/
>
>
> Has anyone here tried any of these and vouch for one over another? Has
> anyone here used an open source firmware configured to route all traffic
> through one of these automatically from the router, with no extra user
> configuration to connect? If so, what firmware and how did you set up?
>
> Of course, this would render the need to implement an effective
> termination policy moot because if someone abused the network, It would not
> be traced to anyone involved in setting up the network or owning the
> property, even if they were doing serious criminal activity. I would still
> be interested in displaying a splash page including a fake unenforced
> termination policy just to ask people to behave.
>
> A drawback is the network would fail if there is any problem with the VPN
> service or problems caused by more complicated router setup. The router may
> be left unattended weeks or months at a time and then be expected to work
> at any time. I plan to configure a daily automatic router reboot if I can.
>
> Use a Password?
>
> Should I use a password to keep others on the neighborhood hillside from
> accessing the network, or am I better off to leave it completely open when
> it comes to concerns about legal risk? This is a trade off -- If completely
> open, there are more people in the pool of potential suspects and more room
> for plausible deniablity, but also greater risk someone would actually do
> something bad.  Which way would be better as far as controlling the risk of
> police taking condo-owner computers for investigating nefarious activity
> done on the network by abusers? Of course if I go with VPN, this question
> would become moot, one could let everyone on the local hillside on safely
> then.
>
> Thanks
>
> _______________________________________________
> Tech mailing list
> Tech at srv1.openwireless.org
> https://srv1.openwireless.org/mailman/listinfo/tech
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20121110/b4004163/attachment.html>