[OpenWireless Tech] The police came to the AP owner first, then sniffed the air to find real culprit​​

[Eugene Smiley]

On Wed, Nov 28, 2012 at 4:17 PM, Java Nut <javanut20 at hotmail.com> wrote:

>  >You keep speaking like this is decided and that it is the only way.
> While
>
> >it's a great idea, it's not the only way. Until you can provide a working
>
> >example, stop bludgeoning the list with this way of thinking. It was
>
> >requested that this list be a source of "I need help with X" solutions.
>
> >Your words have merit, but I want to see results.
>
>
> Both ways of using VPNs, Andy's and mine can have merits and are both
> worth discussing and the preference which to use will vary among AP owners.
>

I addressed this because Andy speaks about his VPN as it is the only option
on the table, discarding any other options fitting other AP owners Use
Cases. I have been at the receiving end of this and didn't appreciate it. I
think his idea is a good one, but impractical. If he is willing to put the
effort into it I'll give him his due. He many not realize his phrasing is
off-putting, but it has people tune him out.


> Andy's approach of requiring every guest to go through their own
> pre-arranged VPN does eliminate all the risks I talked about for my own
> approach of making the open AP send all its traffic through a nonlogging
> VPN with clients connecting openly.  But as others have said, Andy's
> approach comes at the price of not creating fully open wireless.
>

There many VPN options. Until this movement gains traction, the individual
AP owners Use Cases are what will determine their chosen route. Incomplete
list of options:

Open. Zero AP protection.

+ Easiest to implement.
+ Cheapest to implement.
+ Most open.
- Most dangerous to AP owner.


Andy's VPN (aka E.T. phone home). The user connects back to their home
router. AP blocks all non-VPN traffic.

+ Puts content responsibility on the user.
- Complex. Effort required of AP-Owner and AP-User to connect.
- Excludes anyone who doesn't have a home internet connection or BYO VPN
service.
- Least open. How does one find out how to join the network?


External VPN. The AP owner drops all GuestAP traffic into a paid VPN
service.

~ Issues go to VPN provider who have varying TOS and laws depending on the
jurisdiction and level of logging
- Additional cost to AP owner.
- Additional setup effort for AP owner.
+ Isolated from Police action. Legal action varies based on VPS service,
jurisdiction, and VPS provider.
+ Content from sites restricted by GeoIP can be accessed depending on exit
point, i.e. Hulu, BBC, etc.
+ Open. User sees no hurdle to connecting.


Internal VPN. The AP owner has many APs connected to VPNs back to a VPS in
a datacenter.

- Additional cost, but less than External VPN
- Additional setup effort for AP owner.
+ Isolated from Police action. Legal action varies based on VPS service,
jurisdiction, and VPS provider.
+ Content from sites restricted by GeoIP can be accessed depending on exit
point, i.e. Hulu, BBC, etc.
+ Open. User sees no hurdle to connecting.


Tor/I2P. All AP data routed onto Anonymizing Networks.

- Speed limited due to overhead and limited Exit Nodes
- Tor/I2P blocked by some ISP and VPS providers.
+ Easy to implement
+ Hard to track, but not impossible. Chance of Police or Legal action
against AP owner low provided steps are taken to reduce troubling exit node
traffic.
+ Open. User sees no hurdle to connecting.


SSH Tunneling

~ Not simple, but not hard
- Not as fully featured as a traditional VPN.
- Not very open. Limited to the ports the AP owner is willing to forward.


Hybrid. A complimentary combination of VPN options above.


The options listed protect the AP-Owner not so much the AP-User. As an AP
User I am inclined to protect myself by using my own VPN regardless of the
protections the AP-Owner provides for himself. I know not all users are
savvy/smart enough to do this, but educating users is an important aspect
to this project.

How does each option work with each mobile device on the market (Android,
iDevice, laptop, etc.)? Not all devices work with the same VPN protocols.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20121128/97d51c04/attachment.html>