I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”

I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.

¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.

  • Truck_kun@beehaw.org
    link
    fedilink
    English
    arrow-up
    34
    ·
    edit-2
    7 months ago

    My first reaction is yeah, you don’t just plug into random Ethernet.

    The wi-fi is likely a visitor network setup for guests to the library. That ethernet port could provide access to their private intranet, and be a security risk to the library. Worst case scenario, it could result in malware, ransomware, and/or millions of dollars in expenses to recover (on a library budget, that could mean permanently shutting down the library even).

    After reading your post, I would say, no harm intended, just don’t do it again.

    After reading your comments about intentionally being vague about ‘plugging in’ to lead the librarian to think you were asking to plug in a power cord, and not specifically meaning ethernet connection… yeah, you’re clearly in the wrong. Just be up front; if they say no, so be it. They may be able to direct you to a visitor ethernet plug-in, or maybe not. If this were an AITA thread, i’d say yes, YTA in this case.

    Asking in an security community… I would assume some level of technical awareness, and you are likely well aware of network segmentation, and that no IT department would be happy about a guest plugging their laptop into random rj-45 jacks around the building. Maybe it’s not well designed, and that actually has access to firewall administration?

    • coffeeClean@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      7 months ago

      After reading your post, I would say, no harm intended, just don’t do it again.

      You may be misunderstanding the thesis. This is not really about staying out of trouble. Or more precisely, as an activist up to my neck in trouble it’s about getting into the right trouble. The thesis is about this trend of marginalising people with either no phone and/or shitty wifi gear/software and a dozen or so demographics of people therein who do not so easily give up their rights. It’s about exclusivity of public services funded with public money. Civil disobedience is an important tool for justice outside of courts.

      The security matter is really about competency and cost. The main problem is likely in the requirements specification conveyed to the large tech firms that received the contract. From where I sit, it appears they were simply told “give people wifi”, probably by people who don’t know the difference between wifi and internet. In which case the tech supplier should have been diligent and competent enough to ask “do you want us to exclude segments of the public who have no wifi gear and those without phones?”

        • Truck_kun@beehaw.org
          link
          fedilink
          English
          arrow-up
          8
          ·
          7 months ago

          Also, it is a library… very real possibility they have actual computers you can use/borrow for people that cant use their wifi for whatever reason (such as not having a laptop/tablet/smartphone).