Building a Boston WiFi network the open-source way

If your threat model includes US gov't elements as adversaries, you've been scrod for a while.

And local government is never knowledgeable enough to even understand the technology, much less how it can and will be abused, nor the societal implications of that abuse. There's also ambiguity, in that, in some ways, the surveillance capability can sometimes benefit society. Regardless, you can't do much of anything about it.

A more practical concern, which you can actually do something about, is to appreciate that your network traffic from an open 802.11 access point is not very private at all. Around Boston, I wouldn't be surprised if there are already individual operators of APs who are sniffing your network traffic, if only for amusement. And knowledgeable other patrons of your favorite cafe can also sniff your traffic, to read your email, borrow your eBay account, or whatever. You can't even necessarily trust "secure" SSL connections, for various reasons.

Adam: as an editor I'd have preferred this headline to read "why one guy thinks this is a bad idea"
You're endorsing it. I'm not sure you are enough of a technical weenie to understand the small deets, and issues of security always turn on the small deets.

So now there are two issues: the cred of the writer, and the veracity of the "facts" he presents.

For starters, he is a "freelance reporter." No other credentials, work experience, education given. So, he knows how to make sentences using letters and punctuation marks, then assemble them into larger groupings.

Then, note that Mark Baard is into really weird paranormal and conspiracy shit.
His blog's "friends" links include:
http://roguegovernment.com/
http://www.cuttingthroughthematrix.com/

Now, the technology.

Friends, there are some new reports out in the past week or two that underline what we techno weenies have been trying to tell you for quite a very long time:

When you send bits across the internet unencrypted, as most bits go these days, anyone who can listen to traffic on the path between you and the end point can also see those bits, turn them back into bytes, and find out all kinds of things about you.

They can get your access credentials for Facebook, Gmail (at least for the majority of you who have not set up your accounts to 'always" use HTTPS), Twitter, all your e-mail (including the password to open your POP mailbox), and on and on across many of the websites you use every day, thinking you are "safe" cuz it's just you and them... except it's not.

A legitimate concern Mark Baard might have written about, if he weren't trying to torpedo a very sincere effort by some decent people trying to do something good... is that whenever you use a wireless access point that is not 100% locked down by MAC address (mine is. those AP's you use all around town and over at Diesel and Starbucks, 1369 are not)... everyone in the room is receiving your bits. Their computers just ignore them. However, it's quite easy to tell a computer not to ignore them, and in a couple of seconds you can be following as your friend's girlfriend IM's her BFF about your buddy... or read the e-mails of that B-school doosh across the room... or whatever voyeuristic monitoring gets you off.

Mesh nodes need to be really fast and efficient. Yeah, they shuttle the bits in one antenna and out the other, but there is no capacity really left over for monitoring and in that regard, consumer equipment actually provides a bit of cover.... compared to really serious equipment used by really serious people who want to record and save everything you do on the Internet... to wit:

Everything we write online now, every e-mail, every IM, every web page visited, every search - is stored by the government already, in equipment that has been installed in all the major exchange points all around the Internet. This is verified and it's been going on for a long time. That's damned serious, expensive gear, by the way. So the monitoring he's all paranoid about is already happening.

As for Johnny Hacker stealing yer data, the rules are the same as before: If it's secret, encrypt it in transit, and then you can be pretty sure that your secrets are secrets, at least until they get to the other end of the connection... anything less and no guarantees are given, nor should they be expected. That is not how the Internet protocols work. Privacy is available to those who want it, no matter what the infrastructure happens to be. You may have to change services in some cases to get it. If you want absolute privacy, then no more AIM for you. No more unencrypted e-mail transfers (it's an option at most isps, btw). No more tweeting. See, gotta give stuff up if you want the kind of privacy that Mark Baard think will only be freshly-encroached if this monopoly-busting free-for-all technology is in use. BTW bored techies at ISPs are known to thumb through emails from time to time, too, ya know. Surprised? Don't be. Come on. They're only human and the midnight shift can get pret-ty boring at times down in the network operations center.