[OpenWireless Tech] The police came to the AP owner first, then sniffed the air to find real culprit​

[Brad Knowles]

On Nov 26, 2012, at 8:22 PM, Andy Green (林安廸) <andy at warmcat.com> wrote:

> But you're right, it adds a hurdle compared to just sitting there with an unencrypted AP.  But for consumers, the truly open AP ship has sailed a while ago, they will no longer do it.

I think that there may be some places left in this world where we could have truly open APs, but they are certainly few and far between.  Nevertheless, I'm not willing to give up on that possibility.

OTOH, I do think that the majority of people will either refuse to run an OpenWireless site at all, or they will insist that it allow only VPN-secured connections.  These people might be in countries like Germany where there is clearly a very real legal threat, or in places where the threat is less well-defined.  But the fear of what might happen would still keep the bulk of the potential participants away.

I see no reason why we should treat these two solutions as mutually exclusive.


HTTP is not XOR with HTTPS.  Some sites will support one or the other but not both, but most sites either allow both or already use some mixture of both.

Yes, this can complicate things in the context of serving web sites, but I don't think that necessarily has to be a problem for us.  There are additional design considerations that need to be taken into account, but I think we can handle that.


I should be able to provide a free entry point for vpn-required.openwireless.org and anyone who wants to connect to that network using a VPN-enabled client should be able to do so.  But if you don't have a VPN-enabled client, you would not be able to use my network connection.

If my neighbor wants to provide a free entry point for unencrypted.openwireless.org and take some extra risk (perhaps minimal, or maybe real), then they should be able to do that, too.

--
Brad Knowles <brad at shub-internet.org>
LinkedIn Profile: <http://tinyurl.com/y8kpxu>