Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Apart from the theft angle it's also knowingly and maliciously circumventing access control systems. That's usually covered under anti-hacking laws


I'm floored that this is apparently how people are reasoning about the world now. Especially on HN.

There is no circumventing of any access control here. If a service is giving a public access point, on public spectrum, and they let you connect, and they allow you to use DNS, you should be able to use DNS however their access control systems allow you to use it.

Now if you find an exploit in their captive portal that allows you access to their service, then sure, that's illegal, because you're breaking into something.

You can't circumvent access controls if the access control list is wide open.


The intent is that you have to pay to use the WiFi. Even if you find a clever technical way to circumvent that that, the judge will see what you were trying to do: avoid paying for the service is offered. The court is not a computer and a judge will use their human brain to make a judgement of your intent.


Is it also theft if I run sshd on udp 53 and I happen to be able to connect?

How about if I run sshd on tcp 22 and it's not blocked?

Is it illegal if I just want to see if a dns change I made has propagated and I query an A record?

It seems obvious (to me) that a judge would say "It's not theft if you're giving it away. If you have a problem with how people are using your free service, add restrictions. Case dismissed."

I would hope that the court uses their human brain to make a judgment of my intent and the intent of the service provider. My intent is to have free DNS access to communicate with my server. The service provider intended to provide a public access point with free DNS and no restrictions on its use. The conclusion should be obvious.


Consider a toll booth without a barrier (commonly known as iPass lanes in some parts). The intention is that you have to pay when passing through. There's no technical measure in place to prevent you from not driving through without paying.


Indeed, sometime I'm also floored about the lack of openness here.

As I often say, self-proclaimed nerds who can't imagine life without a big brother taking care of things love to complain and complain and complain.

The ages of relying on oneself and technology seems gone. Cover-your-ass for 'nerds'

I'll be happy to sell these self proclaimed 'nerds' lessons about how to secure a captive portal with iptables, so that no DNS or HTTP/S or ICMP can go through until the login is entered and the TOS validated.


>>Indeed, sometime I'm also floored about the lack of openness here.

Quite the opposite -- there is complete openness in this thread about the technical aspects of the circumvention or use of the technique, plus open and timely reminders regarding the potential legal ramifications of executing this technique in certain jurisdictions.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: