Piggybacking (Internet access)

Last updated

Piggybacking on Internet access is the practice of establishing a wireless Internet connection by using another subscriber's wireless Internet access service without the subscriber's explicit permission or knowledge. It is a legally and ethically controversial practice, with laws that vary by jurisdiction around the world. While completely outlawed or regulated in some places, it is permitted in others.

Contents

A customer of a business providing hotspot service, such as a hotel or café, is generally not considered to be piggybacking, though non-customers or those outside the premises who are simply in reach may be. Many such locations provide wireless Internet access as a free or paid-for courtesy to their patrons or simply to draw people to the area. [1] Others near the premises may be able to gain access.

Piggybacking is distinct from wardriving, which involves only the logging or mapping of the existence of access points.

Background

Piggybacking has become a widespread practice in the 21st century due to the advent of wireless Internet connections and wireless access points. Computer users who either do not have their own connections or who are outside the range of their own might find someone else's by wardriving or luck and use that one.

However, those residing near a hotspot or another residence with the service have been found to have the ability to piggyback off such connections without patronizing these businesses, which has led to more controversy. While some may be in reach from their own home or nearby, others may be able to do so from the parking lot of such an establishment, [2] from another business that generally tolerates the user's presence, or from the public domain. Others, especially those living in apartments or town houses, may find themselves able to use a neighbour's connection.

Wi-Fi hotspots, unsecured and secured, have been recorded to some degree with GPS-coordinates. Some sites host searchable databases or maps of the locations of user-submitted access points. The activity of finding and mapping locations has also been crowdsourced by many smartphone apps.

Long range antennas can be hooked up to laptop computers with an external antenna jack, which allows a user to pick up a signal from as far as several kilometers away. Since unsecured wireless signals can be found readily in most urban areas, laptop owners may find free or open connections almost anywhere. While 2.4 and 5 GHz antennas are commercially available and easily purchased from many online vendors, they are also relatively easy to make. Laptops and tablets that lack external antenna jacks can rely on external Wi-Fi network cards, many requiring only USB, which the laptop can itself easily provide from its own battery.

Reasons

There are many reasons why Internet users desire to piggyback on other's networks.

For some, the cost of Internet service is a factor. Many computer owners who cannot afford a monthly subscription to an Internet service, who only use it occasionally, or who otherwise wish to save money and avoid paying, will routinely piggyback from a neighbour or a nearby business, or visit a location providing this service without being a paying customer. If the business is large and frequented by many people, this may go largely unnoticed. Yet other piggybackers are regular subscribers to their own service, but are away from home when they wish to gain Internet access and do not have their own connection available at all or at an agreeable cost.

Often, a user will access a network completely by accident, as the network access points and computer's wireless cards and software are designed to connect easily by default. This is common when away from home or when the user's own network is not behaving correctly. Such users are often unaware that they are piggybacking, and the subscriber has not noticed. Regardless, piggybacking is difficult to detect unless the user can be viewed by others using a computer under suspicious circumstances.

Less often, it is used as a means of hiding illegal activities, such as downloading child pornography or engaging in identity theft. This is one main reason for controversy. [3]

Network owners leave their networks unsecured for a variety of reasons. They may desire to share their Internet access with their neighbours or the general public or may be intimidated by the knowledge and effort required to secure their network while making it available to their own devices. Some wireless networking devices may not support the latest security mechanisms, and users must therefore leave their network unsecured. For example, the Nintendo DS and Nintendo DS Lite can only access wireless routers using the discredited WEP standard, however, the Nintendo DSi and Nintendo 3DS both support WPA encryption. Given the rarity of such cases where hosts have been held liable for the activities of piggybackers, they may be unaware or unconcerned about the risks they incur by not securing their network, or of a need for an option to protect their network.

Some jurisdictions have laws requiring residential subscribers to secure their networks (e.g., in France "négligence caractérisée" in HADOPI). Even where not required by law, landlords might request that tenants secure their networks as a condition of their lease.[ citation needed ]

Legality

Views

Views on the ethics of piggybacking vary widely. Many support the practice by stating that it is harmless and benefits the piggybacker at no expense to others, but others criticize it with terms like "leeching," "mooching," or "freeloading." Different analogies are made in public discussions to relate the practice to more familiar situations. Advocates compare the practice to the following:

Opponents to piggybacking compare the practice to the following:

The piggybacker uses the connection paid for by another without sharing the cost. That is especially common in an apartment building in which many residents live within the normal range of a single wireless connection. Some residents can gain free Internet access while others pay. Many ISPs charge monthly rates, however, and so there is no difference in cost to the network owner.

Excessive piggybacking may slow the host's connection, with the host typically unaware of the reason for the reduction of speed. That is more of a problem if many persons are engaging in this practice, such as in an apartment or near a business.

Piggybackers may engage in illegal activity such as identity theft or child pornography without much of a trail to their own identity. That leaves network owners subject to investigation for crimes of which they are unaware. While persons engaging in piggybacking are generally honest citizens, a smaller number are breaking the law in that manner and so avoid identification by investigators. That, in particular, has led to some anti-piggybacking laws.

Some access points, when the factory default settings are used, are configured to provide wireless access to all who request it. Some commentators argue that those who set up access points without enabling security measures are offering their connection to the community. Many people intentionally leave their networks open to allow neighbours casual access, with some joining wireless community networks to share bandwidth freely. It has largely become good etiquette to leave access points open for others to use, just as someone expects to find open access points while on the road.

Jeffrey L. Seglin, an ethicist for the New York Times , recommends notifying network owners if they are identifiable, but he says there is nothing inherently wrong with accessing an open network and using the connection. "The responsibility for deciding whether others should be able to tap into a given access belongs squarely on the shoulders of those setting up the original connection." [5]

Similarly, Randy Cohen, the author of The Ethicist column for The New York Times Magazine and National Public Radio, says that one should attempt to contact the owner of a regularly used network and offer to contribute to the cost. However, he points out that network owners can easily password protect their networks and quotes the attorney Mike Godwin to conclude that open networks likely represent indifference on the part of the network owner and so accessing them is morally acceptable, if it is not abused. [6] [7]

The policy analyst Timothy B. Lee (not to be confused with Tim Berners-Lee [8] ) writes in the International Herald Tribune that the ubiquity of open wireless points is something to celebrate. He says that borrowing a neighbour's Wi-Fi is like sharing a cup of sugar, and leaving a network open is just being a good neighbour. [9]

Techdirt blogger Mike Masnick responded to an article in Time Magazine to express his disagreement with why a man was arrested for piggybacking a cafe's wireless medium. The man had been charged with breaking Title 18, Part 1, Chapter 47, of the United States Code, which states and includes anyone who "intentionally accesses a computer without authorization or exceeds authorized access." The writer himself is not sure what that title really means or how it applies to contemporary society since the code was established regarding computers and their networks during the Cold War era.

In the technical legality of the matter, Masnick believes the code was not broken because the access point owner did not secure the device specifically for authorized users. Therefore the device was implicitly placed into a status of "authorized." Lev Grossman, with Time Magazine , is on the side of most specialist and consumers, who believe the fault, if there is any, is mostly that of the network's host or owner.

An analogy commonly used in this arena of debate equates wireless signal piggybacking with entering a house with an open door. Both are supposed to be equatable, but the analogy is tricky, as it does not take into account unique differences regarding the two items in reference, which ultimately leave the analogy flawed.

The key to the flaw in the analogy is that with an unprotected access point, the default status is for all users to be authorized. An access point is an active device that initiates the announcement of its services and, if setup securely allows or denies authorization by its visitors.

A house door, on the other hand, has physical attributes that distinguish access to the house as authorized or unauthorized by its owner. Even with an open house door, it is plain whether one has been invited to that house by its owner and if entrance will be authorized or denied. A house owner's door is passive but has an owner who knows the risks of leaving their door open and house unprotected in the absence of the gate keeping presence. Equally, wireless access point owners should be aware that security risks exist when they leave their network unprotected. In that scenario, the owner has made the decision to allow the gatekeeper or access point to authorize all who attempt to connect because the gatekeeper was not told whom not to let in. [10] [11] [12] [13]

Prevention

Laws do not have the physical ability to prevent such action from occurring, and piggybacking may be practiced with negligible detection.

The owner of any wireless connection has the ability to block access from outsiders by engaging wireless LAN security measures. Not all owners do so, and some security measures are more effective than others. As with physical security, choice is a matter of trade-offs involving the value of what is being protected, the probability of its being taken, and the cost of protection. An operator merely concerned with the possibility of ignorant strangers leeching Internet access may be less willing to pay a high cost in money and convenience than one who is protecting valuable secrets from experienced and studious thieves. More security-conscious network operators may choose from a variety of security measures to limit access to their wireless network, including:

Disabling SSID broadcasts has been recommended in the past as a security measure, although it only hides networks superficially. MAC addresses of routers are still broadcast, and can be detected using special means. But worse, a device that once connected to a hidden SSID will continuously transmit probe requests for this SSID and is vulnerable to the Evil Twin attack. Therefore, SSID hiding can no longer be considered a security measure.

Alternatives

There are several alternatives to piggybacking. Internet access is available on many data plans for smartphones and PDAs. Although it may have browsing limitations compared with Internet access from traditional Internet service providers for desktop or laptop computers, the Internet can be accessed anywhere there is an adequately strong data signal. Some mobile phone service providers offer mobile Internet service to other devices via a data connection from the mobile phone. Also known as tethering, one can interface to their phone either wirelessly using Bluetooth or Wi-Fi or wired via cable allowing access to the Internet anywhere there is a cell network signal.

Many jurisdictions have been experimenting with statewide, province-wide, county-wide or municipal wireless network access. On September 20, 2005, Google WiFi was announced as a municipal wireless mesh network in Mountain View, California. Baltimore County, Maryland provides free Wi-Fi access at government offices, libraries, and county facilities. [15] This service was first provided in May 2007 in the central business district of the county seat, Towson, and gradually expanded throughout the remainder of the county. [16] When the service was expanded to more public areas in 2014, Baltimore's acting chief technology officer, L. Jerome Mullen, remarked, "Projects like this are just the beginning of the opportunities that remain as we strengthen and expand the City's fiber optic network. We are building digital city infrastructure, and the possibilities are endless." [17] In New York City, the Department of Parks and Recreation provides free Wi-Fi in parks across the city. [18] BAI Communications was contracted by municipal public transportation authorities to install free Wi-Fi in underground subway stations in Toronto, Canada [19] and in all 279 Manhattan, Queens, and Bronx underground subway stations in New York City. [20] On January 8, 2013, Google and the Chelsea Improvement Company, a local public advocacy group, announced that they would install free Wi-Fi in the New York City neighborhood of Chelsea. New York Senator Chuck Schumer said at the press conference, "It's not very expensive at all—just a smidgeon of what Sandy cost. The mayor and I said maybe we could get this done for all of New York. We look forward to the day when all of New York has free Wi-Fi." [21] On November 17, 2014, the mayor of New York City, Bill de Blasio, announced LinkNYC, an infrastructure project to create a free, encrypted, gigabit wireless network to cover New York City by replacing the city's payphones with Wi-Fi hotspots and web browser kiosks where free phone calls could also be made. These pilot programs may result in similar services being launched and interconnected nationwide.

Free Internet access hotspots have also been opened by a wide range of organisations. Companies sell hardware and network management services to establish hotspots. Other hotspot-based efforts have been launched with the intention of providing global, low-cost or free Internet access. Fon is a wireless router vendor which allows owners of its routers to share Internet access with other owners of Fon routers. Users who do not own a Fon router can also connect at a small price. Guifi.net is a free, open, international telecommunications community network organized and expanded by individuals, companies and administrations. On November 27, 2012, the Electronic Frontier Foundation and a coalition of nine other groups launched OpenWireless.org, an Internet activism project which seeks to increase Internet access by encouraging individuals and organisations to configure their wireless routers to offer a separate public wireless guest network or to open their network completely. [22]

See also

Related Research Articles

<span class="mw-page-title-main">Wireless LAN</span> Computer network that links devices using wireless communication within a limited area

A wireless LAN (WLAN) is a wireless computer network that links two or more devices using wireless communication to form a local area network (LAN) within a limited area such as a home, school, computer laboratory, campus, or office building. This gives users the ability to move around within the area and remain connected to the network. Through a gateway, a WLAN can also provide a connection to the wider Internet.

<span class="mw-page-title-main">Wireless community network</span>

Wireless community networks or wireless community projects or simply community networks, are non-centralized, self-managed and collaborative networks organized in a grassroots fashion by communities, non-governmental organizations and cooperatives in order to provide a viable alternative to municipal wireless networks for consumers.

<span class="mw-page-title-main">Wi-Fi</span> Wireless local area network

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks, used globally in home and small office networks to link devices and to provide Internet access with wireless routers and wireless access points in public places such as coffee shops, hotels, libraries, and airports to provide visitors.

<span class="mw-page-title-main">Wireless access point</span> Device that allows wireless devices to connect to a wired network

In computer networking, a wireless access point, or more generally just access point (AP), is a networking hardware device that allows other Wi-Fi devices to connect to a wired network. As a standalone device, the AP may have a wired connection to a router, but, in a wireless router, it can also be an integral component of the router itself. An AP is differentiated from a hotspot, which is a physical location where Wi-Fi access is available.

<span class="mw-page-title-main">Wardriving</span> Search for wireless networks with mobile computing equipment

Wardriving is the act of searching for Wi-Fi wireless networks, usually from a moving vehicle, using a laptop or smartphone. Software for wardriving is freely available on the internet.

Wired Equivalent Privacy (WEP) was a severely flawed security algorithm for 802.11 wireless networks. Introduced as part of the original IEEE 802.11 standard ratified in 1997, its intention was to provide data confidentiality comparable to that of a traditional wired network. WEP, recognizable by its key of 10 or 26 hexadecimal digits, was at one time widely used, and was often the first security choice presented to users by router configuration tools.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

<span class="mw-page-title-main">Captive portal</span> Web page displayed to new users of a network

A captive portal is a web page accessed with a web browser that is displayed to newly connected users of a Wi-Fi or wired network before they are granted broader access to network resources. Captive portals are commonly used to present a landing or log-in page which may require authentication, payment, acceptance of an end-user license agreement, acceptable use policy, survey completion, or other valid credentials that both the host and user agree to adhere by. Captive portals are used for a broad range of mobile and pedestrian broadband services – including cable and commercially provided Wi-Fi and home hotspots. A captive portal can also be used to provide access to enterprise or residential wired networks, such as apartment houses, hotel rooms, and business centers.

<span class="mw-page-title-main">Wi-Fi hotspot</span> Wi-Fi access point

A hotspot is a physical location where people can obtain Internet access, typically using Wi-Fi technology, via a wireless local-area network (WLAN) using a router connected to an Internet service provider.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

<span class="mw-page-title-main">Fon Wireless</span> UK Wi-Fi service company

Fon Wireless Ltd. is a for-profit company incorporated and registered in the United Kingdom that provides wireless services. Fon was founded in Madrid, Spain, in 2006, by Martín Varsavsky where it headquarters most of its operations.

<span class="mw-page-title-main">Wireless security</span> Aspect of wireless networks

Wireless security is the prevention of unauthorized access or damage to computers or data using wireless networks, which include Wi-Fi networks. The term may also refer to the protection of the wireless network itself from adversaries seeking to damage the confidentiality, integrity, or availability of the network. The most common type is Wi-Fi security, which includes Wired Equivalent Privacy (WEP) and Wi-Fi Protected Access (WPA). WEP is an old IEEE 802.11 standard from 1997. It is a notoriously weak security standard: the password it uses can often be cracked in a few minutes with a basic laptop computer and widely available software tools. WEP was superseded in 2003 by WPA, a quick alternative at the time to improve security over WEP. The current standard is WPA2; some hardware cannot support WPA2 without firmware upgrade or replacement. WPA2 uses an encryption device that encrypts the network with a 256-bit key; the longer key length improves security over WEP. Enterprises often enforce security using a certificate-based system to authenticate the connecting device, following the standard 802.11X.

Wi-Fi calling refers to mobile phone voice calls and data that are made over IP networks using Wi-Fi, instead of the cell towers provided by cellular networks. Using this feature, compatible handsets are able to route regular cellular calls through a wireless LAN (Wi-Fi) network with broadband Internet, while seamlessly change connections between the two where necessary. This feature makes use of the Generic Access Network (GAN) protocol, also known as Unlicensed Mobile Access (UMA).

<span class="mw-page-title-main">Evil twin (wireless networks)</span>

An evil twin is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications. The evil twin is the wireless LAN equivalent of the phishing scam.

<span class="mw-page-title-main">Wireless repeater</span> Wireless computer networking device

A wireless repeater is a device that takes an existing signal from a wireless router or wireless access point and rebroadcasts it to create a second network. When two or more hosts have to be connected with one another over the IEEE 802.11 protocol and the distance is too long for a direct connection to be established, a wireless repeater is used to bridge the gap. It can be a specialized stand-alone computer networking device. Also, some wireless network interface controllers (WNIC)s optionally support operating in such a mode. Those outside of the primary network will be able to connect through the new "repeated" network. However, as far as the original router or access point is concerned, only the repeater MAC is connected, making it necessary to enable safety features on the wireless repeater. Wireless repeaters are commonly used to improve signal range and strength within homes and small offices.

Laws regarding "unauthorized access of a computer network" exist in many legal codes, though the wording and meaning differs from one to the next. However, the interpretation of terms like "access" and "authorization" is not clear, and there is no general agreement on whether piggybacking falls under this classification. Some jurisdictions prohibit it, some permit it, and others are not well-defined.

A mobile broadband modem, also known as wireless modem or cellular modem, is a type of modem that allows a personal computer or a router to receive wireless Internet access via a mobile broadband connection instead of using telephone or cable television lines. A mobile Internet user can connect using a wireless modem to a wireless Internet Service Provider (ISP) to get Internet access.

<span class="mw-page-title-main">Typhoid adware</span>

Typhoid adware is a type of computer security threat that uses a Man-in-the-middle attack to inject advertising into web pages a user visits when using a public network, like a Wi-Fi hotspot. Researchers from the University of Calgary identified the issue, which does not require the affected computer to have adware installed in order to display advertisements on this computer. The researchers said that the threat was not yet observed, but described its mechanism and potential countermeasures.

SoftAP is an abbreviated term for "software enabled access point". Such access points utilize software to enable a computer which hasn't been specifically made to be a router into a wireless access point. It is often used interchangeably with the term "virtual router".

A Wi-Fi deauthentication attack is a type of denial-of-service attack that targets communication between a user and a Wi-Fi wireless access point.

References

  1. Yi, Matthew (2003-08-25). "Wi-Fi hits the spot". San Francisco Chronicle. Archived from the original on 2007-11-12. Retrieved 2007-09-03.
  2. Cheng, Jacqui (22 May 2007). "Michigan man arrested for using cafe's free WiFi from his car". Ars Technica. Archived from the original on 28 June 2012. Retrieved 1 July 2012.
  3. 1 2 Marriott, Michel (2006-03-05). "Hey Neighbor, Stop Piggybacking on My Wireless". The New York Times . Archived from the original on 2006-04-23. Retrieved 2007-04-09.
  4. Boutin, Paul (2009-11-20). "How to steal Wi-Fi". Slate . Archived from the original on 2022-04-07. Retrieved 2022-10-07.
  5. Seglin, Jeffrey L. (2006-02-26). "If Internet connection is open, feel free to use it". The Columbus Dispatch . Archived from the original on 2011-07-21. Retrieved 2014-07-01.
  6. Cohen, Randy (2004-02-08). "Wi-Fi Fairness". The New York Times . Archived from the original on 2008-06-05. Retrieved 2007-09-03.
  7. Randy Cohen (Director), Jennifer Ludden (Director) (2005-04-17). "Stealing Thin Air". All Things Considered . National Public Radio. Archived from the original on 2007-08-08. Retrieved 2007-09-03.
  8. Lee, Timothy B. (2006-08-03). "For Shame!". The Technology Liberation Front. Archived from the original on 2015-09-05. Retrieved 2016-09-27. At the request of Mr. Berners-Lee's publicist, I've contacted the New York Times and asked them to add a clarification indicating that I'm a different Timothy B. Lee.
  9. Lee, Timothy B. (2006-03-17). "Wireless Internet: Hop on my bandwidth". International Herald Tribune . Archived from the original on 2008-06-13. Retrieved 2014-07-01.
  10. Masnick, Mike (2008-07-19). "On The Criminality Of WiFi Piggybacking..." Techdirt . Archived from the original on 2010-04-23. Retrieved 2010-07-12.
  11. Grossman, Lev (2008-07-12). "Confessions of a Wi-Fi Thief". Time. Archived from the original on June 16, 2008. Retrieved 2010-07-12.
  12. "Is making use of unprotected Wi-Fi stealing?". 2010-02-27. Archived from the original on 2010-08-24. Retrieved 2010-07-12.
  13. "NO FREE LUNCH (OR WI-FI): MICHIGAN'S UNCONSTITUTIONAL COMPUTER CRIME STATUTE" (PDF). UCLA Journal of Law & Technology. Spring 2009. Archived (PDF) from the original on 2010-03-07. Retrieved 2010-07-12.
  14. "WiGLE - Wireless Geographic Logging Engine - Stats". Archived from the original on 2013-06-03. Retrieved 2013-05-05.
  15. "Baltimore County Government WiFi Access". Baltimore County Government. Archived from the original on 2016-10-01. Retrieved 2016-09-28.
  16. Malarkey, Jaime (2007-04-11). "Towson gets free wireless Internet". The Baltimore Examiner . Archived from the original on 2009-02-04. Retrieved 2016-09-28.{{cite news}}: CS1 maint: unfit URL (link)
  17. Rector, Kevin (2014-09-08). "Baltimore launches free wi-fi in Inner Harbor". The Baltimore Sun . Archived from the original on 2016-10-02. Retrieved 2016-09-28.
  18. "Wi-Fi in Parks". NYC Parks. New York City Department of Parks & Recreation. Archived from the original on 2016-10-01. Retrieved 2016-09-28.
  19. "TCONNECT". TCONNECT. BAI Canada. Archived from the original on 2016-10-01. Retrieved 2016-09-28.
  20. "Transit Wireless WiFi". Transit Wireless WiFi. Transit Wireless, a BAI Communications company. Archived from the original on 2016-10-01. Retrieved 2016-09-28.
  21. Goldman, David (2013-01-08). "Google to bring free Wi-Fi to New York City". CNN. Archived from the original on 2016-10-02. Retrieved 2016-09-28.
  22. Spiegel, Dana (2012-11-27). "Share Your Network–Join New Open Wireless Movement". NYCwireless. Archived from the original on 2016-10-02. Retrieved 2016-09-28.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.