On Fri, Nov 02, 2018 at 10:15:47AM +0100, Stefan Sperling wrote:
| On Thu, Nov 01, 2018 at 04:01:51PM -0400, AB wrote:
| > I've run into a strange problem using ifconfig's new join statements.
| > I have two join lines in /etc/hostname.iwn0, with no nwid statement.
| > When both of these APs are out of range, it connects to a third,
| > unmentioned (open) AP. This is a network I've manually joined before,
| > but do not want to join automatically.
|
| Our plan is to address this in -current soon.
|
| But it won't be changed for 6.4. Some people expect what you expect (open
| networks are opt-in) some people expect the opposite (open networks are
| opt-out). There's no default behaviour we could choose to satisfy everyone.
| So -current will get a toggle...
Hmm. Open networks are evil. Those of us who are security conscious
may be OK connecting to open networks and protecting our traffic with
higher layer encryption (VPN / SSH / TLS etc), but the majority of
users need (technological) help to protect their devices.
Even WEP is better than open networks: clients with a configuration
like OpenBSD's join will auto-connect to "known" networks. They
broadcast the full set of known networks, looking for them frequently
while their wifi nic is on and not connected. It's trivial to then
configure a network with a matching SSID and have such clients connect
to you, allowing you to capture all their traffic.
But auto connecting to just any open network is just plain evil in
that respect: no concious action (like plugging in a cable) is
necessary, your traffic can be captured without the user even being
aware.
Again, if you are fully aware of all of these things, then by all
means auto-connect to any open network. But John or Jane Doe the
random user is NOT aware of these things, and their traffic is now
snooped without them even realizing it.
All this to say: if you must implement such a toggle (I wish you
wouldn't .. let the user manually configure an open network to connect
to if they must), please default to behaviour that is safe for the
user - DO NOT auto connect to unknown networks.
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
