Re: AW: Re: Wireless access (off topic)

["Robert Holmgren" holmgren@xxxxxxxx]

** Reply to message from flash  on Thu, 03 Nov 2005 07:46:27
+0100

> Just because you haven't posted a 'no trespassing' sign on your front
> gate, that is not and should not be tantamount to declaring your front
> yard a public park.

Funny thing, my farm *is* a public park, or open to the public anyway (an
arboretum). There are no "No Trespassing" signs anywhere near where I live.
Most people view themselves as caretakers, not owners -- maybe because they've
been there for generations. After all, if you harbor the land, that's what you
are -- a temporary caretaker. I get unannounced visitors nearly every day.
Reminds me of the old days in computing when nobody gave a thought to commerce,
and everybody shared. Sharing is important to me. All this phony alarmism and
control addiction, which arose in tandem with Internet commerce, is really
depressing.

> So, it's not wrong if a) the victim doesn't know what he's exposing
> himself to and/or b) the victim doesn't care?

No, I don't think anything is wrong if there's no "wrong" done. He may be
exposing himself(sic), but if that exposure isn't exploited to his detriment,
where's the "wrong"? And clearly it's not wrong if the "victim" doesn't care
and isn't victimized! That's me: it's not so much that I have a deliberately
public AP, it's that I simply don't care. You assume that "login"
automatically means "victimization" (how else could Peter Cassidy's URL be
considered "very relevant"? It talks about spoofing, spyware, stolen financial
data, etc etc. That's quite a leap from fetching your personal Email, and I
don't know how or why we got there. Must be fear. Fear of lost profits, in
particular. Who's driving this discussion, anyway? Who, for example, are
APWG's patrons? "1300+ companies & agencies worldwide, 8 of the top 10 US
banks, 4 of the top 5 US ISPs, hundreds of technology vendors..." If these
technology vendors are so bloody concerned, then why do they sell wireless APs
with WEP disabled by default? I wonder how many of APWG's "1900+ members" have
a financial stake in the biz?)

I'll bet victimization is actually an extremely rare occurrence. Sure, it
happens, and the consequences may be serious. But how often? Once in how many
logins from separate IPs? A thousand? Several million? Most people, I
hazard, never victimize anybody. They're moral, if you will. I reserve
"immoral" for things like extraordinary rendition and unwarranted (no probable
cause) searches in public places, like subways and airports. Freedom is a very
risky proposition. People are so easily scared that they're eagerly complicit
in the breach. Acquiescing to treat everyone as a criminal, rifling their
pockets, without any evidence whatsoever.

How do you distinguish between an inadvertently public AP and an intentionally
public AP -- or (third case) somebody who doesn't care? I don't know how. But
it's most certainly not my job to invent explanations, or to presume what "most
private people" are doing.

> Most private people who 'offer' public access to their LANs are probably
> doing so inadvertently... ; if they knew what they were
> opening themselves up to, they wouldn't.

If you put a router between your LAN and your AP, and you lock your LAN down,
what are you opening yourself up to? Holes in the router firmware, maybe --
nothing more.

Amazing how fetching your Email morphed into high crime! I find it hard to
believe that freeloading is always a crime (although I admit, I simply don't
know -- would like to read the language of this "law"). I looked at my ISP's
rules & regs, and they say nothing about it. What would I need to do to
decriminalize my AP freeloaders? Send a personally inscribed invitation to
each? Post a sign down by my rural delivery mailbox?

And how would you use Amazon's web server for anything other than the purposes
Amazon intends? That's not a "public" server.

-----------------------------
Robert Holmgren
holmgren@xxxxxxxx
-----------------------------