Tuesday, August 5, 2014

The dangers of a guest wifi network


The site is associated with Walt Mossberg, so they usually have pretty cool stuff. However, I couldn't agree with this article. Before reading my response, you really need to read the article.

Essentially, the article makes the argument that getting to the internet from your phone via WiFi is better than via a cellular data connection, and therefore people should enable the guest WiFi network in their homes because it's pretty much safe.


Conceded: Enabling the guest WiFi in most residential routers does not pose any additional threat to the internal, private WiFi and local area network.

The big issue with allowing someone else to use your WiFi is that whatever they do with it is your responsibility. Your home internet router uses a very good, very legal technology called IP address overload (aka NAT) to allow multiple devices in your home to access the internet while you only pay for access for one device (your router). Your router acts as a proxy of sorts to the internet for all devices in your home and on your wifi. To anyone on the internet, when your phone accesses a website, it looks like your router is accessing that website. The router's NAT technology takes care of accessing the website for your phone and ferrying the data back to your phone. This is great because it allows you to pretty much have as many devices as you want on your home network, and they all have access to the internet, via your router.

Your router is masking the internal machinations of your home network. This means that it's practically impossible to determine which device on your home network your router is proxying. This is also great because it builds a barrier between the outside world (the internet) and your inside network, making it harder for malicious users to gain access to your inside devices. The best they could do would be to try to communicate with your router, which is usually pretty well protected against malicious attacks.

However, if you allow anyone to get onto your WiFi, their traffic is also proxied by your home router. So, if I come to your front curb and jump on your WiFi and download a movie and the MPAA/FBI happened to observe my download, they would not be able to determine the "inside" device that initiated the download. To them, it just looks like your router is downloading a movie. The owner of the internet access (you) could go to jail for piracy. The argument, "It wasn't me; it was someone who hacked me" doesn't fly in court.  Since authorities on the internet see one device doing everything, there is no way to determine whether the activity is coming from your guest wifi or your own computer. So, they hold you (the owner of the one device they can prove is doing something: your router) responsible.

Places that have guest WiFi networks have very powerful systems in place and/or legal agreements that you agree to before being allowed access that prevent you from doing anything malicious with their internet and which hold them blameless for any malicious activity you may do with their free WiFi.

If you have those mechanisms in place, feel free to open up your guest WiFi. I'm a network tools guy and I don't even have those kind of tools in place. I don't recommend that you do, despite the benefit it might give to someone walking by.