Wi-Fi
by Third Parties, ssd.eff.orgNovember 30th -0001
Wireless networking is now a ubiquitous means of connecting computers to each other and to the Internet. The primary privacy concern with Wi-Fi is the interception of the communications you send over the air. In some cases, wireless routers might also store a small amount of information about your computer, such as its name and the unique number assigned to its networking card (MAC address).
Wireless networks are particularly vulnerable to eavesdropping — in the end, "wireless" just means "broadcasting your messages over the radio," and anyone can intercept your wireless signal unless you use encryption. Listening in on unencrypted Wi-Fi communications is easy: almost any computer can do it with simple packet-sniffing software. Special expertise or equipment isn't necessary.
Even worse, the legal protections for unencrypted wireless communications are unclear. Law enforcement may be able to argue that it does not need a wiretap order to intercept unencrypted wi-fi communications because there is an exception to the rules requiring such orders when the messages that are being intercepted are "readily accessible to the public." Basically, any communication over the radio spectrum that isn't transmitted by your phone company and isn't scrambled or encrypted poses a privacy risk.
Encrypting a Wireless Network
If you want to protect your wireless communications from the government or anyone else, you must use encryption! Almost all wireless Internet access points come with WEP (Wired Equivalent Privacy) or WPA (Wi-Fi Protected Access) encryption software installed to encrypt the messages between your computer and the access point, but you have to read the manual and figure out how to use it. WEP is not great encryption (and we recommend strong, end-to-end encryption for sensitive communications regardless of the transmission medium), and practiced hackers can defeat it very quickly, but it's worth the trouble to ensure that your communications will be entitled to the legal protections of the Wiretap Act. WPA is much stronger than WEP, but it still only covers the first step your packets will take across the Internet.
When Using Open Wi-Fi
If you're using someone else's "open" — unencrypted — wireless access point, like the one at the coffee shop, you will have to take care of your own encryption using the tools and methods described in other sections. Tor is especially useful for protecting your wireless transmissions. If you don't use Tor, and even if you do, you should also always use application-level encryption over open wireless, so no one can sniff your passwords.
Because of the threat of password sniffing, it is crucially important that you do not use the same password for all your accounts! For example, http://www.nytimes.com/ requires a username and password to log in, but the site does not use encryption. However, web sites for banks, like https://www.wellsfargo.com/, always use encryption due to the sensitive nature of the transactions people make with banks. If you use the same passwords for the two sites, an eavesdropper could see your unencrypted password traveling to the newspaper site, and guess that you were using the same password for your bank account.
Original Page: https://ssd.eff.org/tech/wifi
Shared from Read It Later
No comments:
Post a Comment