With the proliferation of wireless computing technology (aka “wi-fi ethernet”) and people freely using other people’s open wireless networks — I have a hard time calling it “stealing” but it is — I started asking myself: is it morally wrong to set up a transparent HTTP proxy that injected malicious scripts into the HTTP response to exploit people’s computers who are using your wi-fi? My gut says that knowingly destroying other people’s computers is wrong, always wrong, even if they’re illegally trespassing on your wireless network and stealing your bandwidth without your permission. But, then I wonder if it’s a framing or context problem. Is it so obviously wrong because it’s happening in an intangible space and all highly theoretical? So, I tried to redescribe the problem in more mundane terms.
What if you were a candy store, and you had a serious shoplifting problem: where people would randomly walk into your store and help themselves to some of your candy without paying for it? Would it be wrong to poison a subset of candy and mark the poisoned goods in such a way that only you could identify them? If a real customer came along and wanted to purchase the candy, you’d recognize it as being poisoned and replace it with a clean version. But, if someone just came along and grabbed it and walked off with it, if they proceeded to eat it, then they got what they deserved? If they didn’t get permission to take your candy, you have no obligation or responsibility as to what happens to them if they steal it, right?
Are the two situations (unauthorized use of wi-fi vs. owning a candy store) really different? Is the aggressive defense mechanism acceptable in one situation but not the other? Are both unacceptable? Should the entire burden of securing a wireless network rest on the shoulders of the owner of the network, or should there be some responsibility and etiquette for people not to just assume that because a wi-fi network is unrestricted that it doesn’t make it open for public use? If I set up open wi-fi and want to signal that it’s open for public use, I’ll include “public” in the SSID to signal it as such.
What do you do with your wi-fi networks? Do you secure yours, or leave it wide open, or what? If you leave yours open, do you have a problem with people jumping onto it and using it? Have you ever had someone use your wireless network and send spam using it, or anything else you’d not want them to do, but you still want to leave it open so that other good people can use it when they need to?
If you’re leaving your network open, you must want people to use it. If you’re going to “poison” that network, you should probably just leave it closed. Otherwise you’re just being a bad host. If you don’t want guests, don’t send invitations.
Update: There’s been a few responses over on my LiveJournal.
I think the right way of handling the situation is with what’s known as a “captive portal.” Allow folks to connect, but keep them restricted until they either authenticate or go away.