Free Wifi providers and abuse

Forums › Off topic › Free Wifi providers and abuse

mattwnz

4256 posts

Uber Geek

Topic # 111139 25-Oct-2012 13:47
Recently I received an abusive message through a contact form on my website. I track all IPs and tracked it down to an organisation that providers free wifi services. I contacted them about the abusive email I received and whether they had any details on that user. I was surprised to learn that they don't do any tracking of people using their free service nor require any log in of users. I would have thought that they would have been required to, as they are essentially an ISP service, especially when abuse occurs. It isn't difficult to setup some form of login system, or use a login system like facebook, google or twitter login, and people would expect it these days. What are peoples thoughts on this. It was obviously a cowardly action by the sender, and they obviously knew thy couldn't be tracked through this particular free service.

1 | 2

3202 posts

Uber Geek

Subscriber

Reply # 706407 25-Oct-2012 17:25
If I understand the privacy legislation correctly it would take a police complaint before the operators of the service would consider releasing any information related to that session. For instance the operator may not have contact details but may have MAC and possibly browser user agent information which could be used in part to identify the user.

mattwnz

4256 posts

Uber Geek

Reply # 706479 25-Oct-2012 19:10
gzt: If I understand the privacy legislation correctly it would take a police complaint before the operators of the service would consider releasing any information related to that session. For instance the operator may not have contact details but may have MAC and possibly browser user agent information which could be used in part to identify the user. I agree and didn't expect them to provide me with the information. However the free wifi provider told me that they don't have any details either and don't track users on their free service, as they don't have to login. I think this leaves them very open to abuse, if they aren't protecting themselves. The type of email wouldn't warrant police action as it wasn't threatening. It was more rude than anything.

coffeebaron

2603 posts

Uber Geek

Trusted

Subscriber

Reply # 706506 25-Oct-2012 20:35
McDonald's free WiFi doesn't take any details. Same with most free WiFi spots. Chorus has spent $1.4 billion on making their ADSL broadband network faster. Why not spend a couple of hundred to make sure you are getting the most out of your connection? Geekzone special price: $150* for master splitter install, normally $200+ through your ISP. Auckland and Waikato areas. *Travel charges may apply. Additional costs may apply for complex installs. I install - Naked DSL, DSL Master Splitters, VoIP, RBI Rural Broadband. Also a dealer for WorldxChange. Need help in Auckland or Waikato? Click my email button, or email me direct: [my user name] at geekzonemail dot com

rhy7s

98 posts

Master Geek

Reply # 706509 25-Oct-2012 20:43
A spoofed MAC address and false details wouldn't leave you any better off. There's no authentication at public or private phones either.

mattwnz

4256 posts

Uber Geek

Reply # 706562 25-Oct-2012 22:19
coffeebaron: McDonald's free WiFi doesn't take any details. Same with most free WiFi spots. I know, libraries are the same. But I wonder how much legal liability these providers would have if illegal activity occurred by one of their users, and they weren't recording users details. ISPs don't have this problem because they do log all their users, and can link an IP number to a particular account at a particular time. But using free wifi appears to get around this. Personally I think it is quite reckless of them not to have a log in system, or they are not identifying their users. Especially as anonymity is declining on the internet with things like facebook, twitter etc.

chevrolux

979 posts

Ultimate Geek

Subscriber

Reply # 706568 25-Oct-2012 22:28
When you deploy free wifi you generally a) limit the bandwidth guests get and b) limit total data per user. Granted mac spoofing will get around data quotas as these are generally mac based controls the speed can be bought right down to somewhere around 512kbps. Facebook will work fine at that speed, so will emails, trademe etc. In reality people aren't going to sit on that all day trying to torrent movies and keep changing their macs when the quota gets reached.

mattwnz

4256 posts

Uber Geek

Reply # 706585 25-Oct-2012 23:29
chevrolux: When you deploy free wifi you generally a) limit the bandwidth guests get and b) limit total data per user. Granted mac spoofing will get around data quotas as these are generally mac based controls the speed can be bought right down to somewhere around 512kbps. Facebook will work fine at that speed, so will emails, trademe etc. In reality people aren't going to sit on that all day trying to torrent movies and keep changing their macs when the quota gets reached. That isn't the type of problem I was referring to. I was referring to people using free wifi to abuse others, troll, cyberbully or even post defamatory information etc. Essentially from what I have been told, they can get away with it because these free providers don't track users. However you couldn't really get away with this if you use your home ISP, as if the police get involved, they can track you down by getting your ISP to link the IP address to the user using that IP address at the time. The same can't be done with free wifi hotspots that don't track users or have a login. So even though I have got the IP address of the abuser, and complained to the free wifi provider, they have basically said bad luck. It doesn't make sense to me that the free providers don't protect themselves or others.

sbiddle

16713 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Subscriber

Reply # 706635 26-Oct-2012 07:45
So you think every single provider, company or cafe who wants to offer free wifi should ask for multiple forms of ID before they let anybody use the internet? *Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

blair003

361 posts

Ultimate Geek

Subscriber

Reply # 706661 26-Oct-2012 08:45
I'm pretty glad we don't live in a world where individual users can be tracked to that degree. Going forward it would be technically possible to require everyone to get a separate static ipv6 address for each device they want to connect to the internet so they can always be tracked wherever they go. Some people no doubt advocate this sort of requirement for the internet. Thank god for at least some notion of anonymity. Trolls are a very, very small price to pay.

mattwnz

4256 posts

Uber Geek

Reply # 707250 27-Oct-2012 00:21
sbiddle: So you think every single provider, company or cafe who wants to offer free wifi should ask for multiple forms of ID before they let anybody use the internet? Not multiple forms of ID, just one form of ID. You need an ID for most things these days. If you sign up to an ISP you have to prove your are who you say you are, and essentially free wifi providers are acting as an ISP. If they are not an ISP, then they are the ones who would have to take responsibility for everyone they lend their connections to. I guess they are already liable if someone downloaded copyright material through their connection, so it is surprising that they don't have require some form of ID to at least protect themselves. eg You have to login via your facebook account, google, or open ID, or like apple you just link the person to a credit card, so everyone seems to be doing it now to some degree. Paid wifi providers do require you to login, so free ones shouldn't be any different.

mattwnz

4256 posts

Uber Geek

Reply # 707251 27-Oct-2012 00:23
blair003: I'm pretty glad we don't live in a world where individual users can be tracked to that degree. Going forward it would be technically possible to require everyone to get a separate static ipv6 address for each device they want to connect to the internet so they can always be tracked wherever they go. Some people no doubt advocate this sort of requirement for the internet. Thank god for at least some notion of anonymity. Trolls are a very, very small price to pay. Although there is very little anonymity on the interent. I mean if someone reaslly had to track someone down, it is often possible, unless they go out of their way to hide their identity, or use a free wifi connection that has now restiction on who connects.

blair003

361 posts

Ultimate Geek

Subscriber

Reply # 707258 27-Oct-2012 01:27
I think you're right - there is already too little anonymity on the internet these days, so I think calling for less is not good. I also think you're barking up the wrong tree. If wifi providers took ID, how does that help anything at all? Given all the computers will be NAT'ed, and only the public IP will be tracked on the internet and be accused of posting abuse on your web form it wouldn't help much at all. They would have to take id, get a mac address of the device, allow wifi access to that mac, create a database of mac addresses to id's and LAN IP's and log all requests from each IP address to see who was going there. And assuming the wifi provider had done all of these things in this case, they would not be giving any information to you anyway... you would need to lay a complaint with the police so they can investigate whatever crime it is that has occurred.

sbiddle

16713 posts

Uber Geek

Moderator

Trusted

Biddle Corp

Subscriber

Reply # 707283 27-Oct-2012 07:19
mattwnz: sbiddle: So you think every single provider, company or cafe who wants to offer free wifi should ask for multiple forms of ID before they let anybody use the internet? Not multiple forms of ID, just one form of ID. You need an ID for most things these days. If you sign up to an ISP you have to prove your are who you say you are, and essentially free wifi providers are acting as an ISP. If they are not an ISP, then they are the ones who would have to take responsibility for everyone they lend their connections to. I guess they are already liable if someone downloaded copyright material through their connection, so it is surprising that they don't have require some form of ID to at least protect themselves. eg You have to login via your facebook account, google, or open ID, or like apple you just link the person to a credit card, so everyone seems to be doing it now to some degree. Paid wifi providers do require you to login, so free ones shouldn't be any different. So you're pretty much calling for the end of free public WiFi? *Need help configuring your Linksys ATA or IP Phones for New Zealand? Check my blog post

gzt

3202 posts

Uber Geek

Subscriber

Reply # 707388 27-Oct-2012 11:28
mattwnz: That isn't the type of problem I was referring to. I was referring to people using free wifi to abuse others, troll, cyberbully or even post defamatory information etc. Essentially from what I have been told, they can get away with it because these free providers don't track users. However you couldn't really get away with this if you use your home ISP, as if the police get involved, they can track you down by getting your ISP to link the IP address to the user using that IP address at the time. The same can't be done with free wifi hotspots that don't track users or have a login. So even though I have got the IP address of the abuser, and complained to the free wifi provider, they have basically said bad luck. It doesn't make sense to me that the free providers don't protect themselves or others. This discussion is a bit abstract because you consider it is not worth reporting the message/incident to the police. The free wifi provider you called cannot provide you with any information because they correctly comply with the privacy act. If the police called it might be a different story. The provider may well have a log of mac and user agent at least for a day. These things - "abuse others, troll, cyberbully or even post defamatory information" - are not necessarily illegal or are not necessarily matters police will get involved in. So there is every chance a user will not be identified even if they used their home computer for this purpose. Someone using free wifi can do much the same thing from public telephones, phone cards that route overseas, paid voucher wifi, prepay phones, - add to this it is a long list. You are suggesting ID must be provided for all these things? You also advocate use of Google/Facebook/Twitter logins for identification. This is not a solution because these can be obtained without identification. Google and Facebook have said many times they would like to see the end of online anonymity for their own reasons unrelated to these issues and no doubt are actively supporting any moves in this direction around the world. In the media cases of cyber bullying the perpetrators were well known to everyone involved - but nothing at all was done. Identifying perpetrators was never an issue - they were known to everyone. Seeing bullying as the problem and dealing with it was the issue.

chevrolux

979 posts

Ultimate Geek

Subscriber

Reply # 707496 27-Oct-2012 15:37
So when you go to a cafe and buy a coffee and they give you a free wifi voucher would you expect they ask for ID at the same time and note down all your details? It is simply just a waste of time and would be a deterrent for any business offering free wifi if they had to have these kind of access controls. The type of abuse you are talking about is a fairly small issue in the scheme of things. In reality if someone wanted to be extremely abusive on the internet there are things you can do to be anonymous from your home connection anyway so there wouldn't be much point imposing these access controls on free wifi providers as it wouldn't solve the problem at all.

1 | 2