Alex Payne writes online here.

See also the archive, books & talks.

An individual post follows.

Publicity

The company I’m working for this summer, Tangerine Unwired, got yet more publicity in the Washington Post today, tucked into a side-article for a feature on wireless (in)security. The feature article itself is pretty two years ago: wardriving, WEP doesn’t work, potential for “massive virus attacks over wireless in airports,” the sort of crap that reporters just seem to eat up. I’m tempted to write their editors and suggest a different perspective on wireless security: that, just like on a wired connection, if your packet-level traffic isn’t strongly encrypted (think SSL, not WEP), you might was well just give hardcopies of your data away. And while that’s a suitably sexy doom-n-gloom tech story, the reality is that most important data is already encrypted, and you just don’t know it (or, apparently, the Post reporters don’t).

I mean, I can sit my iBook down with a packet sniffer in any computer lab on any university campus and grab most of the mundane traffic: AIM conversations, IRC sessions, the unencrypted web pages people are browsing, etc. But what I can’t see is the important stuff, the stuff most web sites sensibly put behind an HTTPS connection: e-commerce sessions, secure webmail, people checking their bank balances, logins to many online content providers, etc. Like I said above: most important data, regardless of how you connect to the Internet, is already well-encrypted from your browser to the destination server with no extra hassle. Unless you’re really worried about that other guy with the laptop in Starbucks knowing you obsessively read The Drudge Report, why encrypt everything? There’s no good reason to expect security in the communications layer (WiFi, ethernet) when it’s more robustly and efficiently provided in the transportation layer (IPSec, SSL-based HTTPS). And isn’t the whole point of having wireless everywhere that you can just jump on a network and do your thing, no questions or passwords asked?

Frustrating. But, to retract an earlier statement, I am in fact doing wireless stuff for Tangerine. Wireless security stuff. Wireless security stuff I can’t talk about. Heh heh heh…

UPDATED: Boing Boing criticizes the article as well, and Wi-Fi Networking News takes it from there.