[ale] heads up - warning - you could be sharing comcast wifi without knowing it

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Wed Jun 12 10:28:39 EDT 2013 

see below

On 6/11/2013 9:45 PM, David Tomaschik wrote:
> On Tue, Jun 11, 2013 at 5:17 PM, Ron Frazier (ALE)
> <atllinuxenthinfo at techstarship.com>  wrote:
>    
>> Hi guys,
>>
>> I thought you'd like to know about this.  I heard the host on the Tech News
>> Today podcast ( http://twit.tv/tnt ) say something similar to the following:
>> Comcast will be expanding its wifi network by putting wifi gateways in
>> Xfinity users homes. ... Comcast users will get free access. ... Guests get
>> two free accesses. ... If you don't want to participate, you have to opt
>> out.
>>
>>      
> <snip>
>    
>> Supposedly, they replace your cable modem with this new wifi gateway device.
>> It broadcasts two wifi signals.  You log into one of them and use YOUR
>> service as normal.  Guests login into the other, for free if they are
>> Comcast Xfinity customers, and get two free accesses if they're not Xfinity
>> customers.  SUPPOSEDLY, the 2nd connection is independent of the main one,
>> and it doesn't reduce your bandwidth.  Yeah, I believe that.  The APPARENT
>> plan is to replace all the gateways and enable this internet sharing without
>> the customer's knowledge.  That's got to be against the law somehow.
>>      
> Don't see how it would be against the law.  They're going to replace a
> device they own connected to a service they own with another device
> they own connected to a service they own?
>
>    
>> Now, I know some people willingly share their wifi.  I'm not one of them.  I
>> have my wfi encrypted with long ugly passwords.  There are 3 main reasons.
>> 1) Any other user on my modem is a potential security risk.
>>      
> I don't know how they have implemented this, but it would be trivial
> to assign a 2nd public IP (or even NAT through a single
> neighborhood-wifi-network IP) for the 2nd hotspot and route all
> traffic over that.  In that case, a user connected to that has the
> same amount of access as anyone else on the internet.
>
>    

I don't know how they have / will implement(ed) this either, so this is 
hypothetical.  I have several computers on my lan and we use the network 
continuously.  Even with just my own usage, I have to make it a habit of 
rebooting the cable modem and routers every week.  They just seem to get 
flaky.  I have no idea why.  I just know these procedures save me pain 
later.  So, any additional use is likely to make the network even more 
unstable.  If they have one core cpu processing two access points, which 
is likely, then, any potential attacks or failures on the public side of 
the fence are likely to affect my supposedly private side of the fence.  
There is the possibility that the public side could be compromised and 
that could enable people to tap into my data stream.  While I cannot 
definitively prove a security risk, I simply don't like the idea.

>> 2) It does
>> reduce my bandwidth and performance.
>>      
> Citation needed.  The biggest limitation to your bandwidth is the
> traffic shaping comcast performs at their head end unit.  If the
> "public" hotspot is shaped separately, then I don't see how it would
> impact your bandwidth.  *Maybe* you could make an argument regarding
> wifi interference, but a 2nd hotspot on your device won't be any
> different from a 2nd device somewhere nearby.
>
>    

The pipe that I'm paying for has to carry 30 Mb / 6 Mb internet, 
telephone lines, and hidef tv with occasional on demand usage.  I doubt 
the pipe has too much spare bandwidth.  Could be wrong.  Aside from 
that, lets say every resident had this 2nd access point broadcasting 
from their house.  Let's say it's a city environment, and the guest ap's 
are heavily used.  That means they'd have to have an extra 30 Mb of 
bandwidth on every circuit cumulatively, all the way back to the head 
end.  While I don't know the exact ramifications, even if I were willing 
to allow such usage from my house, they would have to prove to me that 
it wouldn't degrade my service.

>> 3)  If someone else does something
>> illegal while connected to your wifi, the police can ( and HAVE ) showed up
>> at your door and arrest you.  You then have to prove you didn't do it and
>> it's a royal mess.
>>      
> Actually, no, the prosecution still has to prove you did it (at least,
> legally), but yes, I suppose it could cause some headaches, unless
> they can look at wifi hotspot vs private network.  Not sure how that
> would work.
>
>    

Actually, yes.  All they need is probable cause, and a warrant.  This 
could be along the lines of "an IP address linked to this physical 
address has been accessing child porn or illegal movie downloads".  They 
can arrest you, confiscate your pc's, question you, harass you, 
influence you to get your lawyer involved because of the circumstances, 
cost you months of time, hassle, and money; ruin your life for this 
period of time, announce that you were arrested for XYZ on tv, and then 
declare that it was a mistake and you are innocent and let you go.  You 
still lose in a big way.  This has happened before.

Sincerely,

Ron

>> Regardless, no ISP should be able to enable this type of access without the
>> user's knowledge and consent.
>>      
> On this, I agree.  This should be with the user's consent, but I don't
> see it as a big bad threat.
>
>
> --
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com
>
>    

-- 

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU

More information about the Ale mailing list