Here is a short summary of many previous e-mail from contributors to OpenWireless.org regarding best practices for standing up and securing an OpenWireless.org SSID on an open access point.
I feel strongly that these "best practice" recommendations should be incorporated into an OpenWireless.org "Best Practices" web page that promotes reliable and readily available protection of OpenWireless SSID "providers" from the inadvertent or intentional abuses of OpenWireless SSID "Users" which may result in undesirable consequences from Six Strikes ISPs, Copyright Trolls or poorly informed Law Enforment agencies.
1) *Use a dedicated access point, on its own subnet, to stand up OpenWireless.org access*. This "Ensures WiFi Password Protected Equivalent isolation" between unencrypted OpenWireless Traffic and your other encrypted & password secure Traffic and thus minimizes your additional exposure by standing up an OpenWireless SSID. Using an old access point you already have or buying a modern one with VPN tunneling capability for <$15 will provide gracious providers of OpenWireless access with the best possible protection against malicious abusers of their hospitality with the least possible hassle from their ISP and Copyright Trolls.
2) *Limit your exposure to your ISPs Six Strikes IP monitoring, Extortion actions by Copyright Trolls or potentially unprovoked Law Enforcement action by **limiting ALL OpenWireless access via your IP address to VPN*. Initially this requires that you set your OpenWireless routers default setting to "Disable ALL Non VPN Tunneling". This simple action will conceal OpenWireless traffic on your IP address from your ISP and Copyright Trolls while also providing Safe broadband access to savvy OpenWireless users with their own VPN accounts. In the future OpenWireless router software should default to this configuration unless manually changed by the OpenWireless "provider" to support the use of a VPN account through witch all non VPN tunneling traffic is routed.
3) *Upgrade your Router or Router Software to support routing of all Non VPN Tunneling OpenWireless traffic to a No/Low cost VPN Lite or full VPN service that you setup and or pay for.* Future versions of the OpenWireless Router software should include this feature as well as automatically provide users with a list of No/Low cost VPN Lite and Full VPN providers they can select from that currently support the routers built in VPN software. Note that the VPN Lite Services are only protect the user IP address form their ISPs six strikes policies and Copyright Trolls. VPN Lite does not protect the security of OpenWireless users traffic. The only way an OpenWireless user can ensure their own security is by using their own VPN!
Please feel free to respond with your own comments and suggestions on how best OpenWireless can promote "best practices" which reliably protect OpenWireless "Providers" from the threats documented on the OpenWireless.org web site. I would especially like your feedback on the use of IP masking VPN Lite technologies that could be provided free or at very low cost to OpenWireless "Providers" wishing to protect their Broadband IP address.
Kind Regards, Tom --- This email has been checked for viruses by Avast antivirus software. http://www.avast.com
_______________________________________________ Tech mailing list [email protected] https://srv1.openwireless.org/mailman/listinfo/tech
