What if you saw someone using a pineapple in public, clearly using it illegally? Would you kung-fu them?

[cooper]

The article I read on it was a bit vague on just what exactly they were doing, but there's still quite a difference between accessing someone's AP without their consent and pretending to be a known AP to an otherwise (but not in this case) explicitly consenting individual.

[barry99705]

They didn't access anybody's access point though, at least not on purpose. They were running a kismet like application, the guy who wrote it is the same guy that wrote netstumbler. Any of us actually do the exact same thing running kismet, with the pcapdump log enabled. They logged data that was transmitted in the clear from unencrypted access points, as they drove by! You can probably imagine how little actual data was captured. You might get a packet or two with a web address in it. Maybe if they were stopped at a light, or a stop sign on a busy street they might have captured a bit more. The data was saved, which it wasn't supposed to do. Google turned themselves in. They were going to delete the data, but then the lawsuit started and then they couldn't because it was now considered "evidence".

Like Sitwon said. It's now what we think, because we know what the hell is going on. It's what a lawyer can talk a judge and a jury into.

[cooper]

New meme: Lies, damn lies and what a lawyer tells the court.

[Darren Kitchen]

Captive portal with indemnity clause. GG no RE

[curtwill]

I have other hardware that looks very similar to the pineapple MK4 anyway. It could be real embarassing for you if you grabbed me in public. So my advice would be to do nothing.

[barry99705]

I have other hardware that looks very similar to the pineapple MK4 anyway. It could be real embarassing for you if you grabbed me in public. So my advice would be to do nothing.

Heh, it would be severely painful for whoever grabs me in public! :D

[ZaraByte]

Lol i don't believe anyone who has saw me with it have any clue as to what it is or what im doing heck i have a nexus 7 that has an attachable wireless card that mounts onto the back of my nexus 7 case that i use to preform my wireless auditing with people look but don't seem to care. I've taken it to restaurants and setup and no one cares people more worried about their own problems then what im doing :B

[Ftb]

Just by going off my memories from classes, using SSL might imply a "reasonable expectation of privacy". So stripping SSL may be a violation, at least it would be a 4th Amendment violation if the government did this.

[cooper]

But here's the kicker: We're not actually stripping ssl. You asked for a non-ssl website and you got it. We just make it resemble an ssl website.

[Ftb]

But here's the kicker: We're not actually stripping ssl. You asked for a non-ssl website and you got it. We just make it resemble an ssl website.

Good point, but the end user would still think they had encryption and therefore privacy. I'd be interested to see how a court would look at that, not that I'm encouraging anyone to get caught :)

If technology can stay one step ahead of the laws, there is always a gray area. I think in general though, most passive roles the pineapple can play are legal.

[ZaraByte]

Uhhhh! When you connect to a Open WiFi it's fair game when the network is own by you so noob connects to your pineapple and using a 3G/4G modem and they wanna use your internet you pretty much own the network so you should be allowed to do what you wish on that network.

[NovaSam]

The Google situation is WILDLY different:

Google scanned for unencrypted wireless networks as broadcast by their APs, connected to them and performed some sort of scanning of that home network to determine what was there. They 'hacked' the AP and/or its hosted network.

The Pineapple pretends to be the unencrypted AP you occasionally connect to and then simply MITMs anything that connects to it. It's a honeypot AP that can be used to hack any client that connects to it, but until you hack the client I don't see the harm.

When questioned you could simply say that you're using the pineapple to provide (to yourself) legitimate wireless access at your current location using some remote wireless access point that you're authorised to use since the wifi in your own device is so piss-poor it can't get a decent signal from it. It shouldn't be your problem that other people in that same location can tag along on your connection. Hell, you're providing a SERVICE here!

Yes a service indeed, with a few extra features to boot..

[chriswhat]

Uhhhh! When you connect to a Open WiFi it's fair game when the network is own by you so noob connects to your pineapple and using a 3G/4G modem and they wanna use your internet you pretty much own the network so you should be allowed to do what you wish on that network.

This isn't necessarily accurate. Cyber law is becoming more comprehensive and well-defined, and it's something that we need to educate ourselves about.

Everyone wants to take their Pineapple to Starbucks and steal Facebook passwords. My advise is this - "Don't take your Pineapple to Starbucks and steal Facebook passwords."

Here are a couple of rudimentary questions that will be asked when determining legality:

Was there a reasonable expectation of privacy? Like that camera in the bathroom stall... you may own the toilet, but it doesn't entitle you to the show.

For what purpose was the WiFi hotspot being broadcasted? Hmm... are you a WiFi philanthropist?

Did the provider disclose any terms and conditions, a privacy policy, or use agreement? You were broadcasting an open network named "Starbucks WiFi" while sipping a latte at Starbucks... but Starbucks costumers should know better.

Of course, there are many situational variables that will be considered. If we're taking about your home network, things may be different... until you get the idea that you own the data traveling across your network... and use it to go shopping.

Here are a few additional issues that you should consider:

Civil litigation can occur regardless of whether or not a state or federal statute has been violated. It may not be against the law to hurt someone's feelings, but it doesn't mean that it won't cost you.

You could be held liable for criminal offenses that occur on your network. Don't put a "borrow me" sign on a loaded gun and assume that it'll be used responsibly. More importantly, don't expect sympathy when you report it stollen.

NOTE: I'm not an attorney so I cannot advise you on cyber law; however, I do provide common sense consultations at no cost.

[cooper]

Shortcut around all the legal mumbo tends to be:

Imagine yourself as the unaware person on the other side and this happened to you. If you were aware of what was happening, would you feel harmed, deprived or violated? If the answer to that question is yes, you're almost certainly breaking the law and can be held accountable for your actions, at which point the discussion is only about how much punishment you should get, rather than IF you should be punished. If you're not up for that, don't do it.

Also, new word for scrabble: Wifilantropist (an individual who provides free wifi to anybody who wants it)