A secret war is being fought in the internet industry right now, but unless you are a die-hard student of all things tech, you might not even know it’s taking place. The more conspiratorial-inclined among us accuse the mainstream media of avoiding coverage of this debate because of their close ties to the opponents of net neutrality, but it’s also a very complex, “unsexy” topic that is hard to explain in easily digestible soundbites.
The principles of “network neutrality” have been the subject of hot debate for over a decade now, but as of yet, there has only been one highly publicized incident of a company actively “violating” the basic tenet of net neutrality, which is that all data on the internet should be treated equally, both in terms of accessibility (can I see it?) and how quickly it loads. For Americans, censorship is a hot-button topic, so the accessibility issue isn’t normally included in the ongoing debate. What’s at stake is whether internet service providers like Time Warner, Comcast and AT&T can charge content providers (NetFlix, Google, Spotify) more because they use so much data, and if those companies refuse to pay the premium, would their bandwidth be throttled, lowering the quality and/or value of the service itself.
Another aspect of this debate is whether the US Government (or any government, for that matter) should regulate the internet like a utility. Both sides of the net neutrality fight are of mixed opinion on this. Some argue this would encourage (enforce) competition in the ISP market, and would allow oversight into ensuring net neutrality was observed, but as many others have pointed out, this didn’t work so well for the telecomm industry the first time we tried this. The other thorny facet of this issue is the plain fact that the internet is not owned nor controlled by any one country, though it could be argued that the US holds a “majority stake” in its creation and continued wellbeing.
What this means for you:
Today, the FCC has presented a plan that many feel completely undermines network neutrality by providing a “regulated” means for ISPs to create “fast lanes” of service into which content providers may opt, and if they do not, presumably their content would be delivered via the “normal lanes”. If no one opted into the fast lanes, this would be a moot point, but as you all know, in business, those who get to the finish line first win, and everyone else, regardless of whether they finish at all, lose. Even the most altruistic of companies (Google maybe?) are willing to get their claws out when it comes to competing, and being slow on the internet is the difference between being Facebook or being MySpace.
In my opinion, network neutrality is a concept worth understanding at minimum, and if you take the long view on improving our civilization, an important principle that should be upheld. Competition is what made America great once, and it is what created the amazing technology we have now, including the internet. Creating tiers of accessibility and quality within a service that most would view as a fundamental need (if not right) might end up creating a version of the internet (at least in America – imagine the irony) that is the antithesis of internet that is spreading information, freedom and equality around the world.
Image courtesy of Stuart Miles / FreeDigitalPhotos.net
Customer’s of Comcast’s Xfinity broadband service are slowly coming to discover that their new in-home routers are being used as wi-fi hotspots for any other Comcast customer within range of the router. Comcast introduced the service in mid-2013, but seems to have not taken great pains to ensure that its customers understood exactly what the service was. Many consumers just assumed when Comcast said “hotspot” that it meant they would now have wireless internet in their home. The new routers do provide that feature, but additionally they are also programmed by default with another wi-fi network labeled “xfinitywifi” which can be accessed by any current Comcast account login and password.
What this means for you:
If you are a new Xfinity subscriber, or had your Comcast router replaced in the past 6 months, your new equipment may be providing this hotspot. Anyone with a Comcast account can use your hotspot to access the internet. Keep in mind, this doesn’t require them to actually be the account owner – all any wi-fi device needs is that account’s login and password. Assuming they know it, anyone can use that login information anywhere an Xfinity hotspot exists.
Regardless of how savvy you are with your home equipment, you can’t disable this feature yourself – you have to call Comcast to have them turn it off. According to Comcast, the impact on your bandwidth of providing this hotspot should be minimal, and is helping them provide more accessible wireless bandwidth to other Comcast customers in your neighborhood. The question you need ask yourself is whether you feel its appropriate for Comcast to use equipment in your house as an extension of services provided to people you don’t know.
It’s still too early to tell whether having a hotspot on your home network is inherently less secure, but think of it like this: Imagine your property sat in front of a popular amusement park. The amusement park has asked if they can provide entrance to their park that requires customers to traverse your property via a secured walkway. They promise they will keep your property completely safe, private and separate. Would you allow that walkway?
As if you didn’t have enough to worry about, the security blogosphere has dragged another bogeyman out into the daylight, and this one is ugly. Researchers from ioActive are now positing that rather than targeting businesses and their more sophisticated technology defenses, hackers could very easily begin to target consumer-grade equipment installed by internet service providers (ISP’s e.g. Time Warner or Comcast) in your home.
Why would they do this? Aside from the much flimsier technology used throughout the home-internet industry, the IP address assigned to your device is easily discoverable because the ISP’s themselves publish information about entire blocks of internet addresses that are allocated to them. This is doubly bad because not only do hackers now have an easy-to-parse list of targets, they can make assumptions about the targets based upon the ISP that services those addresses: things like the types of equipment used by the ISP (and default passwords), geographical locations, even the types of internet service (ie. DSL, cable, satellite, etc).
As part of their investigation into the feasibility of such an attack, ioActive researchers were able to compile a list of 400,000 actual devices installed in customer homes that might be vulnerable to a simple attack that could allow hackers to “own” the device and use it as a means to gain access to any computer connected to that device, ie. all the computers in your home. The basis for the attack? The simple assumption that the default administrative password was not changed since it was installed by the ISP.
What this means for you:
Having equipment installed in your home that you don’t understand and can’t personally confirm as secure is risky and negligent. It would be akin to leaving power tools lying around within reach of a child. Sadly, most ISPs have very thin (to nonexistent) policies around governing the security of the devices they install in your home, and worse, they often rely on third-party labor to do the installs, further increasing the chances that your router was installed quickly and possibly carelessly. On top of this, how many of you after having waited multiple hours for an internet install to happen, watched the installer rush out the door before learning anything about how your new equipment works, who to call for support, or how to change the password on the newly installed router?
Do yourself a favor: familiarize yourself with your internet router, WiFi access point, or any other piece of network equipment in use in your home, figure out how to log into the device(s), and then change the password to something that is hard to guess, and written down in a safe a secure place. Don’t make it easy for the hackers by continuing to ignore the backdoor into your home network!