"A WiFi base station is not a Web server any more than a dial-up account is a Web server."

But it is a Web server (i.e., a public service that responds when you send it a query) in the same way that a guest account on a Unix box is -- that is, if I can connect to your Unix box, type "guest" as login and leave the pass blank, I should (and do!) assume that your guest account is there for me to connect to. That's the way it works in the Internet world: if I ask a question and you answer it, I should assume that you intended to answer me. The way I find out if your service is available is to ask it for a response and, finding one, I know that I've found a resource I'm allowed to use.

A WiFi base station is not a Web server any more than a dial-up account is a Web server. I set up a Web server and let the public access it because I get some benefit from doing so, but there is no benefit to me in letting you use my access point. I get a dial-up account for ME, not for you. I set up a LAN for ME, not for you. And I set up a WiFi network for ME, not for you. That MUST BE the default assumption: it's not yours, it's mine, and unless I tell you you can use it (either explicitly in person or by using some obvious indication in the network name), YOU MAY NOT.

It's nice to share, I'm not saying you shouldn't. I'm saying you shouldn't assume people intended to share, you should look for indications that they did, in fact mean to.

It's simply not true to say that "in my day, people didn't use things that didn't belong to them without obtaining permission to do so first. Okay, they may have done so, but they knew it was wrong and felt guilty about it."

In your day, you've seen the rise of the Internet, where, without *any* explicit permission, you consume services that cost the remote party money, reduce the remote party's access to that service, and never think twice about it.

The default assumption of a network service is that if it honors your request, you may use it. That's fundamental to the Internet and to the services that run atop it, such as the Web, email, net-news, and so on.

There is a trivial means of signalling your unwillingness to share your AP with passers-by. I'm all for people who want to limit access to their APs using this (provided that they don't do so under the mistaken belief that this provides some kind of "security" from malefactors, since such security is illusory).

If you want to evangelize for less sharing, then by all means, do so.

I think that warchalking and the open wireless movement is beneficial not only in that it allows more people to connect in more contexts, but because it encourages sharing, which I think is socially beneficial.

It's really sad to feel like an old fogey at the age of 33, but in my day, people didn't use things that didn't belong to them without obtaining permission to do so first. Okay, they may have done so, but they knew it was wrong and felt guilty about it. I'll double-check my own access point to be sure it's secure, since you never know when one of these whippersnappers with their modern sense of morality will drive by and start up a Gnutella client.

I seem to recall Federal courts (at least in the US) decided a while back that electronic (and any other emissions) from a house or building were 'public' and not entitled to protection from search. e.g. Law Enforcement can monitor your house's EM, garbage and sewer discharge w/o a search warrant. Given that, can a signal from a AP ever be considered theft?

It seems to me that the fundamental difference of opinion here revolves around how you determine the intentions of the operator of a given wireless node. For what it's worth, I'm on Cory's side on this one. People don't "forget" to secure their wireless networks, they choose to leave them open to the public. They may choose by conscious decision or by simple apathy, but there is a choice involved.

Considering that it's so simple to secure a wireless node, it's reasonable to assume that if you find a network that is open, the operator either doesn't mind if you use it or actively *wants* you to use it. (Anticipating the obvious objection here, I don't think you can make physical analogies relevant in this situation -- i.e. "but if I leave my door open, it doesn't mean you can walk in to my house and drink my lemonade." The more apt analogy would be a self-replenishing lemonade stand which you purposely put on the sidewalk. In this case, warchalking is simply someone making a tiny sign that says, "Hey, free lemonade." If you don't want people to drink your self-replenishing lemonade, the obvious solution is to take the darn stand off the sidewalk, rather than writing angry letters to the editor claiming "Terrorists are drinking my lemonade!)

I believe people in general are smart enough to make choices, including the choice to leave their networks open to the public or not. If you don't think people have even this much common sense, how can you justify democracy?

At risk of adding to the fracas, but with the hopes of adding clarity, I'll throw in my $.02 as an IT Manager.

With regards to the 4 Points in debate. They are all true statements. None are lies. I've tried, for a few moments to see Cory's side of the argument honestly, but I'm not seeing it. I do understand his frame of reference. The whole Information Wants to be Free stuff. But that's pretty much nonsense too. Debatable nonsense to be sure. But these points aren't really debatable. The statements simply are true. To wit:

1. This is theft, plain and simple," wrote Nokia in its advisory.

While I agree that warchalking per se is probably not a crime. Though, maybe it is: trespassing? Defacement? Some other misdemeanor. The actual use of someone else's network infrastructure without permission is theft. If the intent of the owner is to run an open AP then I guess it's not. But I think the point Nokia is making is in regards to the unknowing taking of bandwidth.

2. The company said that anyone using a company's bandwidth without permission is reducing the amount of a valuable resource available to the workers in that organisation

True enough. It does not matter if the AP uplinks to higher-bandwidth network. Every node on an AP decreases the bandwidth of that portion of the LAN. APs are like hubs, not switches, all traffic is seen promiscuously by other nodes on the AP.

3. Nokia warned that if too many warchalkers log on together, the whole network inside a company could slow down

Obvious. Given #2. Of course, "whole network" is not defined here. If the whole network is 802.11 based then you would have a slowdown. But Cory's point is well taken. Most corporate networks utilize APs as an extension to a hardwired, high-bandwidth network.

4. It also said that unscrupulous spammers could use a network as a proxy to despatch millions of unwanted e-mail messages with no danger of being traced.

Of course. But this is getting more into the problem of open relays than open APs. There are far easier ways to spam the planet than wardriving.

"No, but it's certainly incitement to theft, and I'd say it's unethical. It's certainly rude."

It's neither. It's an observation on the nature of our world. If I go about and say, "In the Marina, shopkeepers have broad windows with lovely, tasteful displays, while in the Mission displays are marred by bars on the windows and steel shutters," or "I prefer to shop at store x, as I hate to check my bags and detest the interference the antitheft scanners at the doorway creates with my Walkman headphones at store y" I'm neither rude nor unethical.

"People put up Web servers to share stuff with the public, that's what the Web is for. People put up WiFi networks for their own use."

SOME people put up web servers to share with the public. Some don't. Some people (like me, and about a hundred others I could introduce you to) put up WiFi APs to share with the public and some don't. By law and tradition, any radio signals modulated over the public airwaves can be intercepted and played back by any member of the public, especially in the scientific bands like 2.4GHz. Moreover, an 802.11b card whose SSID is set to "ANY" will promiscuously connect to whatever WiFi signal is strongest, unless there is WEP control. So it's not reasonable to expect that WiFi users in your neighborhood will stay off your network unless you WEP-encrypt it.

"Bandwidth costs money; nobody should use it without permission, and that permission is not implied by the mere existence of an open access point. Err on the side of caution, man! That's only the nice thing to do."

This is just as true of the bandwidth consumed when I connect to your webserver as it is when I connect to your AP. Moreover, as we have discussed on many occassions here, bandwidth does not inherently cost money -- certainly, I don't pay for my bandwidth, I pay for a service from Earthlink that lets me xmit and receive 1.5/0.384 Mbit/sec 24/7. There are business-models that involve charging by the packet. There are those that don't. There are no inherent variable costs associated with the use of a network. However, it is FAR more likely that bandwidth used in an http session will involve a metered charge than a connection to your AP.

"I like how you magically can tell what kind of networks people are running from outside the building, so you somehow "know" that your use is not impacting anyone. Because, you know, nobody is running 802.11 off of dialup or ISDN these days, and everyone has gigabit Ethernet."

I like how you can magically tell that the people with open networks (like me) don't want the public to connect to them.

Also, your comment reflects either a misunderstanding of my point or ignorance about networking. I'm not talking about the speed of the connection to the Internet (nor was Nokia), I'm talking about the speed of the LAN. You can't even buy a 10BT hub these days. A 2Mbit AP on one port of your hub will not -- cannot -- saturate the backplane on your hub on the SLOWEST network available. If you use a switch -- as most everyone does -- no amount of traffic on one port can affect throughput on your other ports.

Gigabit Ethernet doesn't enter into the picture, I'm not sure why you've mentioned it.

"If someone explicitly names their WiFi network "public" or "open" or something of that nature, so it's obvious that they're inviting the public to share their bandwidth, then go for it. Otherwise, it doesn't belong to you and you have no business using it, even if you can log on."

I have operated FOUR open APs for THREE YEARS each, a cumulative TWELVE YEARS of open AP provision, and none of them is named "open" or anything of that nature. Feel free to log on, you have every business in the world connecting to them. You will find them at:

* Fraser Ave and the railroad tracks, Toronto

* King and Niagara, Toronto

* 17th and Mission, San Francisco

* 19th and Shotwell, San Francisco

They are conveniently war-chalked so that you can find them.
"There is also the antagonistic nature of the terminology being used; surely no one wants to have "war" waged upon them. If you talk about it using words that make it seem like an attack, don't act all surprised and shocked when someone takes it as one. Advocates of the practice could have picked a term other than "warchalking." (Yes, I'm aware of the derivation of the term. Most of the people using it now were barely crawling when that movie came out, if that.)"

I can't imagine why you believe that this is relevant.

Who cares when people using the phrase "warchalking" were born? I'm sure they know as much about the etymology as you, as does anyone with access to Google.

As to people being worried about the antagonistic language, I'm more inclined to think that they're worried about people who run around telling lies about busying-out the LAN, non-existant drive-by spam, using words like theft to describe something that is theft neither by statute or common-law, etc.

Um, Cory... the BBC didn't report any of Nokia's statements as fact.

In fact, they not only very clearly attributed all of said statements to Nokia and made clear that such were Nokia's opinions, they ask their readership whether they agree with Nokia.

They're just reporting what Nokia has said and that Nokia said it, which is perfectly reasonable.

Edited by author 09-20-2002 10:02 PM
Cory:

It is NOT illegal to advertise that stores don't have security measures, nor is such tantamount to theft.

No, but it's certainly incitement to theft, and I'd say it's unethical. It's certainly rude.

As for your argument that the Internet is open by default, yeah, whatever. People put up Web servers to share stuff with the public, that's what the Web is for. People put up WiFi networks for their own use. If they forget to secure them, that's not an invitation anymore than me leaving my front door unlocked is an invitation. Bandwidth costs money; nobody should use it without permission, and that permission is not implied by the mere existence of an open access point. Err on the side of caution, man! That's only the nice thing to do.

I like how you magically can tell what kind of networks people are running from outside the building, so you somehow "know" that your use is not impacting anyone. Because, you know, nobody is running 802.11 off of dialup or ISDN these days, and everyone has gigabit Ethernet.

If someone explicitly names their WiFi network "public" or "open" or something of that nature, so it's obvious that they're inviting the public to share their bandwidth, then go for it. Otherwise, it doesn't belong to you and you have no business using it, even if you can log on.

There is also the antagonistic nature of the terminology being used; surely no one wants to have "war" waged upon them. If you talk about it using words that make it seem like an attack, don't act all surprised and shocked when someone takes it as one. Advocates of the practice could have picked a term other than "warchalking." (Yes, I'm aware of the derivation of the term. Most of the people using it now were barely crawling when that movie came out, if that.)

Warchalking is theft, says Nokia ... well, is it?

by: wire.less.dk


These are just a few remarks,
triggered by the fact that this article on BBC
chose to use one of our chalk signs as the headline picture.

To begin with, we would like to state that nobody following our chalk sign
will ever be considered a thief -
the one that was chosen as the headline picture for the article
points at an open community network,
which we symbolically and gladly share with our neighbours and visitors.
Be sure to drop by if you come to beautiful Copenhagen! :)

We assume that the contents of a Nokia advisory on Warchalking
are indeed what they have been reported as in e.g.

http://uk.news.yahoo.com/020918/175/d9vp7.html
http://news.bbc.co.uk/2/hi/technology/2268224.stm

(we havent been able to find an original Nokia document).


Such an advisory would have to be seen as
a sign of serious misconceptions on the author's side
and, as intellectually very disappointing.

On misconceptions:

Rubbing a piece of chalk against a wall pulls bits out of a computer network -

now, this would have to be a new quantum or chaos physics phenomenon hitherto unknown,
not unlike the butterfly flapping its wings in china changing the weather in, say, Finland.

We assume such an effect does not exist.

People intending to take a free ride on other s people's bandwidth
are typically using Software,
for example that incorporated in operating systems like Windows XP -
which can automatically put you on the best available open network.

Look there.

Only if you add the assumption that networks unintentionally open are being chalked -
with the intention of exposing them to abusers -
does this in any way connect to (connect to, not: be identical to) theft.


However, this assumption is wrong.

Putting chalk signs on walls is a symbolic act
of
informing the public of available networks
and
of opening the discussion about public virtual and real space
in an illustrative and fun way.

Do we really and honestly think,
that people with a serious interest in stealing
(or even terrorism - a line drawn by advisories even further out ...)

would signal their activities by putting bright half meter signs on walls?

...

Exactly.

...

One has to admit,
that the vocabulary chosen
(Wardriving, Warchalking - ironically in the first place,
but irony tends to get lost as inside jokes make it to the mainstream)
has contributed to the misconcenptions,
as has a stupid pseudo-hacker romanticism adopted by some,
discrediting hacking as well as chalking.

So, part of this is the fault of the chalker's community themselves.

As far as we are concerned,
we tend to chalk in the broad daylight - preferrably in pink :) -
and maybe we should introduce the terms Peacecycling and Peacechalking.

....

All too often, the actors in the current security discussion
tend to shoot the messenger -
and Nokia's attitude is no exception.

You will not prevent computers from doing what they are good at doing just by outlawing indications of what they can be doing.

It would be great to see a more competent dicussion,
that responsibly takes on issues of public interest and company interest,
and how we organize an intelligent approach that satisfies both. Such a discussion would help system administrators with a problem, as well as open interesting perspectives for future networking, urban planning, art, computer security, ... etc etc.

In the meantime,
companies with unintentionally open networks
should be grateful for every chalk sign that informs them of their problem.

Jerry, the default assumption of the Internet is that open services can be connected to. That's as true of httpds on port 80 as it is of WiFi. If this regime that you're calling for were true, then there would be no means for people in good fath to connect to websites, for search engines to spider, for people to exchange email.

Nokia calls it theft, the courts and statutes don't. That makes it a lie.

It is NOT illegal to advertise that stores don't have security measures, nor is such tantamount to theft.

NO companies have stepped forward to claim that they are being targeted by warchalkers who identify their networks for use of service or illicit access.

"The company said that anyone using a company's bandwidth without permission is reducing the amount of a valuable resource available to the workers in that organisation"

This insinuates an untruth, namely, that reducing the availability of a service that is not loaded at peak results in any material loss.

"Nokia warned that if too many warchalkers log on together, the whole network inside a company could slow down."

An outright lie. There is 2Mb/s or 11Mb/s of connectivity available per AP. A 100BT network CANNOT be slowed down by 2MBs on one channel. A switched network of any speed is likewise immune.

"It also said that unscrupulous spammers could use a network as a proxy to despatch millions of unwanted e-mail messages with no danger of being traced."

Likewise, spammers can use Internet cafes, libraries, and airport kiosks. They don't. They use their home computers and convienent lists of open smtp relays maintained by ORBS and the like. There are no verified reports of this, period. The person who was reported to have made this assertion that this was going on now says that he was misquoted.

FUD, FUD, FUD.

So, which one of those four bullet points is untrue? Theft of network services is, tautologically, theft (you can tell because it's called "theft"); anyone using bandwidth naturally leaves less for others; overuse of a network does reduce its performance; and yes, spammers could use wireless networks to send bulk mailings. The first reason, of course, is the only one needed to condemn warchalking. It is the same thing as posting a sign outside a store indicating that the store has no security measures. The implication is, hey, go ahead and steal.

This idea that anything I don't explicitly forbid you to do with my property should be automatically permitted has got to go. No: since it's mine, you require my permission if you want to use it. If someone intentionally opens up a wireless access point, that's one thing. (Presumably they would make this known somehow, perhaps in the network name, and wouldn't mind a warchalking mark.) But for people to act as though they have some right to enter through a window someone has accidentally left open is reprehensible.