http://en.fon.com/

BBC Story http://news.bbc.co.uk/1/hi/technology/5116960.stm

Certainly interesting.. with a number of points to raise..

1. Bye-bye security.
2. Hello more security-jobs..

3. I don't see any UK ISPs even bordering on agreeing to this, mostly for DPA and other legal reasons.. that and pure cowardice.
4. Ths ISPs would LOVE it, because they charge by the MB or GB in many cases and it would boost their revenues.
5. The ISPs would also hate it because they are under enough pressure to handle the amount of data being transferred daily as it is.. let alone opening the floodgates for more data. But then given that they charge for this data.. see point 4.

6. * Alkatraz sits back and waits for the tree-hugging, nanny-state anti-personal-freedom, pro-communist fascists to start getting WAN Wi-Fi banned for environmental/medical reasons that *probably* don't even exist, but given that their research is all politically motivated, is irrelevant anyway.

Woh. where did that rant come from?

It's not something I'd even contemplate.

I have a BT business connection, so I'm not capped and in real terms am a 'low bandwidth' broadband user.

However, apart from a freeloading neighbour using my bandwidth to download vast amounts of stuff, or hitting my connection all evening with games or streaming media when I'm trying to work, my main fear would be how I prove that any dodgy deeds done using MY connection have been done by these external interlopers, and not by me?

I wouldn't trust teh powers that be to get the right people.

No matter what people say, Broadband Internet access isn't some sort of human right or 'need'; it's a consumer privelege. Get used to paying for it.

I think it would be a brilliant idea to try to get universal Wi-Fi provision from the ISP level.. but given what I've said and what you've said.. sharing eveyone and his brother's connection out to everyone else is a *very* dangerous waste of time.

I think it would be superb.

1>. Security is not a problem - if set up correctly

2>. I could use skype on my pda and save a fortune.

I am all for "war walking". But i am not capped either.

Bear in mind security is my whole career path.. security means a lot of things.. and many problems are opened up by this suggestion.

Obviously you have the main problem of, if someone has access to your wireless network, they are likely to have access to your local machines. Now, it may be true that it is possible to deny this activity.. but how many random home users are capable of doing so. Ok, so maybe it's denied inside the router firmware.. but how long before there is an exploit released for the router's firmware that then means every single router these people have sold is publicly vulnerable until patched.. which again, how many home users know how to do? This can then lead to a connection being COMPLETELY unsecured, internally and externally.

Then there's further security problems. The internet connection is provided by an ISP and the ISP provides mailservers. It is the ISPs' responsibility to ensure that these systems are not abused. Even now, ISP mailservers are being blacklisted left, right and centre because of malware-infected machines spamming every address in the known universe through their ISP's mail server. Currently, the recourse the ISP has is to shut down a connection or otherwise restrict or penalise or contact their end user advising them that that user's connection, for which that user is SOLELY responsible for is being used for abusive purposes and it is that user's responsibility to anti-virus their machine. Or, in cases where someone has warjacked a WiFi connection, it is that user's responsibility to secure their WiFi so that it can no longer be abused, and therefore restrictions and threats of service termination can be lifted.

If you are intentionally allowing anyone access to your home connection, through a legally approved sharing system... who is liable for the security? The ISP, who cannot, in most cases, have that level of control? The End-User, who cannot, in most cases, understand the concepts involved, let alone effect useful security?


This doesn't just apply to mail spam.. but what about penetration attacks on public networks? Let's assume a hypothetical in which public shared private connections have legal precedent.

Who tried to hack us? This IP: *.*.*.* .. right let's go speak to the ISP the IP has been assigned to. Ths ISP has two choices, point the invesitgators at the end user.. or block the end user's connection, depending on the cirumstances.

1. Block the end user. End user calls up: I've been blocked. Why? I am paying your for a service you are not providing. ISP: You broke the Terms and Conditions.. End user: No I didn't.. prove that I did. ISP: It came from your connection, which you are responsible for. EU: But I am using a public access sharing system that relieves me of responsibility to monitor my wireless connection. ISP: Oh. Um. Right. We'd better unblock you then.

2. Send investigators to the End User.. Inv: You hacked us! EU: No I didn't. Inv: Yes you did! EU: No I didn't, prove it. Um. We can't. We can prove it came from your connection. EU: So? Inv. Um. Right. Yes. Bye then.


Internal, external, it doesn't matter, security would be very severely under threat with this type of system in place. It's like communism. It works amazingly well in theory.. but only in theory. In theory you can have EVERY end user as an experienced linux administrator with industrial experience in security and can the make every end user culpable for maintaining the network they have decided to share.

In practice, you have a billion people connected to the internet. A hundred thousand know what they are doing. A thousand have a real 'clue'. Another thousand have immediate criminal intent.

Give them all open access to everyone's home network and ISP network and you have just opened the floodgates that bring down "The Internet Version 1".


Now I appreciate some of the examples I have cited are a little extreme.. but I hope you can see, as I have pointed out, security isn't just a matter of "setting it up properly". It's a friggin minefield.