cross-posted from: https://slrpnk.net/post/30993218

Copious access points are deployed by naïve admins who are oblivious to the fact that not everyone runs the latest gear. The shitty practice of pushing wi-fi in an arbitrarily exclusive way needs pushback. The first step is exposure. We need to enumerate the various ways demographics of people are being excluded and collect a DB on it.

The wi-fi protocol is the first point of failure. E.g. 802.11b vs 802.11a/g/n… All new hardware is backwards compatible with older protocols. When an 802.11b device cannot see a signal, it’s because some asshat proactively disabled 802.11b.

Most exclusivity occurs with shitty captive portals. There are countless ways to fuckup a website to make it exclusive. E.g.

  • to impose SSL, which inherently imposes recent certs and CAs that exclude old devices. It’s essentially rock stupid when the captive portal is nothing more than a button that says “I accept the ToS”.
  • to impose JavaScript, which encapsulates a whole industry of poorly trained people who have no concept of stability of standards and interoperability.
  • to impose SMS confirmation, which makes the ignorant assumption that every single user has a mobile phone, that they carry it with them, and that they are willing to share their number willy nilly.

🌱environmental impact🚮

The brain dead practice of deploying public Internet access using needlessly exclusive tech is a form of forced obsolscence. It’s one of the factors that pushes people to throw away working devices in order to overcome these ecocidal Internet access deployments.

🔧the fix💾

An app that records SSIDs, their location, and all the detectable exclusivity characteristics. It should also take human input with notes to record exclusivity that is not auto-detectable. Ideally the local DB would sync with a central DB. It should also be possible to extract a GPX file for a given region which could then be imported into OSMand or Organic Maps.

  • poVoq@slrpnk.net
    1·
    7 days ago

    If someone is offering a public wifi, there is a reasonable expectation that other people sitting in the same cafe for example can’t listen in on what you are doing on your device. As older wifi encyption standards are easily compromised, this requires enforcing a semi-recent wifi-standard. You can of course make your own judgement in your own home, but in a public space it is different.

    As for SSL certificates… this isn’t only a captive portal issue. If your device has such outdated root certificates that you run into issues already at the captive portal, you will have also issues with each and every website that uses https. Root certificates are only cycled out of use for good reasons, such as them becoming compromised, so by using an super old root certificate on your device you are wide open to MITM attacks on supposedly secure connections.

    • activistPnk@slrpnk.netOP
      1·
      4 days ago

      If someone is offering a public wifi, there is a reasonable expectation that other people sitting in the same cafe for example can’t listen in on what you are doing on your device. As older wifi encyption standards are easily compromised, this requires enforcing a semi-recent wifi-standard. You can of course make your own judgement in your own home, but in a public space it is different.

      I think WEP is pretty much dead. Even my first Android (2.2) supported WPA. WPA can still be snooped on with some effort when the attacker has the PW. Apart from that, you’re still trusting whoever supplies the uplink. I do not think people have an expectation of privacy on public networks. There are far too many compromises, the most trivial being an imposter AP. I always tunnel in some way over public wifi by using either Tor or a VPN. So even WEP or fully open is still secure enough for my use.

      I would not want user nannying to get in the way of someone who knows how to secure themself. I’m also not quick to support the idea of dumbing down the community so people don’t develop self-defense skills and take personal responsibility. If someone cannot be bothered to tunnel, then hopefully they would buy a device that is configured to insist on WPA3. But in the end this is the user’s responsibility one way or another while nannying is a kind of tyranny.

      As for SSL certificates… this isn’t only a captive portal issue. If your device has such outdated root certificates that you run into issues already at the captive portal, you will have also issues with each and every website that uses https.

      They are completely independent. I can do what I need so long as the captive portal doesn’t fuck with me. Captive portals can be broken in more ways than the web generally is. And when a captive portal is shit, it’s a disaster across the board… It breaks all apps that need the net.

      Root certificates are only cycled out of use for good reasons, such as them becoming compromised, so by using an super old root certificate on your device you are wide open to MITM attacks on supposedly secure connections.

      I don’t recall if the sparse cert errors I had were due to root certs or normal certs, but I should indeed pay close attention. My only persistent problem was getting OSMand maps, which I solved by side-loading the maps from a PC.