2016-21. Wi-fi networks named openwireless.org
are available
to everyone for occasional, lawful internet access subject to terms of
service. It's an initiative established by the Electronic Frontier
Foundation (EFF) in 2012/ Sadly, it was placed on the back burner. But
they do still support it
( ). Electronic Frontier Foundation.
2021. OpenWireless.org.
Electronic Frontier Foundation, June 17. (Also
archive.org eff.org /page
/openwirelessorg#important.) Important
points:
Ironically, providing an isolated guest Wi-Fi can increase the security of your private Wi-Fi. Think of your private Wi-Fi as your banking Wi-Fi. The guest Wi-Fi is for all devices you can't be certain won't compromise your banking Wi-Fi.
Untrusted devices include all devices you do not personally own, control, and keep updated. When your neighbor's Internet goes down, you shouldn't give them your banking Wi-Fi password. You should tell them to use your guest Wi-Fi, openwireless.org. Similarly, if a guest wants to use your Internet, tell them to use the guest openwireless.org. Don't let their devices connect to your banking Wi-Fi. You may trust your neighbors and visitors, but you absolutely, positively cannot trust their laptops, smartphones, or tablets.
Untrusted devices also include every Internet thing you own. Every such device is a hacker's entrance. When you get a nifty web-connected thermometer, weather sensor, security camera, door lock, or TV, if you connect it to your banking Wi-Fi, you're just screaming for trouble. Connect them via your guest openwireless.org instead. When they are hacked -- and they will be -- they cannot do as much damage when they can't open connections to each other or your banking Wi-Fi.
Openwireless.org gives you the option of moving some or all untrusted devices off of your private banking Wi-Fi. That's one of the reasons it is too useful to be without. In an environment of detached homes where all the neighbors have Internet, and when there's been no abuse, there may not even be a compelling reason to put a shared password on this network. It might be just as satisfactory to blacklist the occasional problematic device, like someone's Internet TV that probably erroneously connected to your system.
Theoretically, it's good practice to replace a Wi-Fi router's factory firmware with open-source firmware. It's often more powerful, for example allowing limited logging to an external PC. Some factory firmware doesn't even let you name a guest network 'openwireless.org', only allowing the main name with the suffix '-guest'. That doesn't make it obvious that it's open. Some won't even allow a passwordless network.
Practically, installing and maintaining open-source firmware is not for the faint of heart. For example, I'm currently running preinstalled open-source firmware in place of the OEM firmware on my router. It needs to be updated. But the company that preinstalled it no longer provides support. And I don't want to risk bricking the only working WiFi router I have.
Guest client isolation should be turned on. This lets guest devices access the Internet but not each other. Direct connections facilitate peer-to-peer file transfer, which is often illegal pirated content. It also facilitates hacking by one rogue guest of all other guest devices and propagation of worms from one infected device to all the others.
Content filtering may and possibly should blacklist adult content, malware, and/or force safe search. This is because any openwireless.org network is inherently accessible by unsupervised minors and problematic adults. But everyone should understand that when content filtering applies, search engine results omit thousands of innocent pages, and connections to thousands more will be blocked.
Blacklisting may be necessary, but it is not benign. Blacklisting one problematic site may deny access to thousands of innocent pages because hundreds of unrelated sites commonly share a single rented server. In one case, a state forced the blocking of 376 illegal websites. The side effect was to block access to 1,190,000 innocent US pages plus another 500,000 at terra.es ( ). E.D. Pa. (DuBois, J.). 2004. Memorandum, Center for Democracy & Technology v. Pappert; Case No. 03-5051 (109 page PDF). E.D. Pa., Sep. 10 (Unofficial copy). (Also archive.org cdt.org /wp-content /uploads /speech /pennwebblock /20040910memorandum.pdf.)
Safe Search may be necessary but is not benign
either. It de-indexes huge swaths of perfectly acceptable
content. SafeSearch blocks at least tens of thousands of web pages
without any sexually-explicit content .... [including] sites operated by
educational institutions, non-profits, news media, and national and
local governments
( ). Edelman, Benjamin. 2003. Empirical Analysis of Google
SafeSearch. Cyber.law.Harvard.edu, Apr. 14.
(Also archive.org cyber.law.Harvard.edu
/archived_content /people /edelman
/google-safesearch/.)
Still, it's probably better practice to apply content filtering and run an openwireless.org Wi-Fi than not to run one at all. Services that offer content filtering for free for personal use in 2021 include:
Wi-Fi log files are a huge potential liability and should probably be disabled. To be sure, they're extremely useful for security and troubleshooting purposes. But as noted above, a side effect is that they typically create a time-stamped record of every device every time it enters or leaves the vicinity. It matters not that the passer-by never connected.
Wi-Fi log files are a huge privacy intrusion even for newer devices that randomize their ID. That random ID is usually persistent for any given access point. That makes it easy to pull the cover off the anonymity.
Are you exposing yourself to potential civil penalties if you store Wi-Fi log files? If you're in Europe, does the General Data Protection Regulation apply? If you're in California, does the California Consumer Privacy Act apply? In any jurisdiction, do stalking laws apply? Creating records of people's schedules, even accidentally, is very, very not good.
If you have Wi-Fi log files, you can't guarantee visitor privacy. Once served with a legal demand for the records, it's illegal to destroy them. You nearly always have to turn over what you have. And you can't even disclose the risk to passers-by who have never used or heard of your system.
If you must have Wi-Fi log files, hire an expert to manage them. You'll need data protection, retention, and destruction standards. Whole volumes have been written about that ( ). Kent, Karen and Souppaya, Murugiah. 2006. Guide to Computer Security Log Management (72 page PDF). NIST Special Publication 800-92, Sep. (Also archive.org nvlpubs.nist.gov /nistpubs /Legacy /SP /nistspecialpublication800-92.pdf.)
Your life will be simpler and arguably safer if you don't create or store Wi-Fi log files at all.
It's difficult to find good practices for open Wi-Fi systems. I'm certainly no expert. These are simply some things to think about. Alas, if you ask computer security people for help, you probably won't get any guidelines on how to run an open Wi-Fi responsibly. Instead, you'll probably get a screaming tirade of why you shouldn't. But the reasons don't stand up to inspection. The EFF's idea was a good one. It's too bad they put it on the back burner.