Tilted Forum Project Discussion Community - View Single Post

Mephisto2 · 08-31-2004, 01:21 PM

This thread has an interesting mixture of some valid facts, and some FUD (Fear, Uncertainty, Doubt).

Having recently architected a global guest wireless networking solution, I can tell you that security and auditability are major concerns, for enterprise or commercial deployments. In these circumstances, the hotspot likely has a HTTP redirect that presents you with a welcome splash page, with a link or display of the terms and conditions of use. There is likely also a legal disclaimer. By clicking on the <OK> button, you are effectively accepting those conditions and proceeding on that basis. In "pay to play" hotspots, you will either enter a credit card number, or perhaps a UserID if you already have an account.

Commercial/enterprise hotspots will likely maintain a log of assigned IP addresses. By definition, these IP addresses will probably be associated with a userID, account or guest name. No one will maintain a list of MAC addresses, unless by default this information is captured. It's just too much hassle and not really worth that much as they can be spoofed in anycase.

"Free" hotspots will probably log very little or no information at all. You people have to remember that everything has a cost associated with it. Even configuring an Access Point takes some time and, as the old saying goes, "time means money". Why would a hotspot provider waste time and effort in setting up complex and robust logging and security settings for something they're giving away for free? It's most likely a "take it or leave it model". You assume the risks, they provide the amenity.

Unless you are sending threatening emails to the Whitehouse, sharing information on anthrax or dirty bombs (simply writing those words has probably marked this post as "interesting" by NSA Echelon freaks anyway...) or are sending/receiving emails to Osama, then no one is going to setup a "sting" to catch you. People have better things to do. And there are plenty of easier to catchfile-sharers out there.

My final advice? Just don't do anything illegal. That's one sure fire way of not getting caught...

Mr Mephisto

08-31-2004, 01:21 PM	#7 (permalink)
Mephisto2 Junkie	This thread has an interesting mixture of some valid facts, and some FUD (Fear, Uncertainty, Doubt). Having recently architected a global guest wireless networking solution, I can tell you that security and auditability are major concerns, for enterprise or commercial deployments. In these circumstances, the hotspot likely has a HTTP redirect that presents you with a welcome splash page, with a link or display of the terms and conditions of use. There is likely also a legal disclaimer. By clicking on the <OK> button, you are effectively accepting those conditions and proceeding on that basis. In "pay to play" hotspots, you will either enter a credit card number, or perhaps a UserID if you already have an account. Commercial/enterprise hotspots will likely maintain a log of assigned IP addresses. By definition, these IP addresses will probably be associated with a userID, account or guest name. No one will maintain a list of MAC addresses, unless by default this information is captured. It's just too much hassle and not really worth that much as they can be spoofed in anycase. "Free" hotspots will probably log very little or no information at all. You people have to remember that everything has a cost associated with it. Even configuring an Access Point takes some time and, as the old saying goes, "time means money". Why would a hotspot provider waste time and effort in setting up complex and robust logging and security settings for something they're giving away for free? It's most likely a "take it or leave it model". You assume the risks, they provide the amenity. Unless you are sending threatening emails to the Whitehouse, sharing information on anthrax or dirty bombs (simply writing those words has probably marked this post as "interesting" by NSA Echelon freaks anyway...) or are sending/receiving emails to Osama, then no one is going to setup a "sting" to catch you. People have better things to do. And there are plenty of easier to catchfile-sharers out there. My final advice? Just don't do anything illegal. That's one sure fire way of not getting caught... Mr Mephisto