this post was submitted on 27 Aug 2024
41 points (97.7% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54577 readers
202 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Not sure if I used the correct terms but what is the difference in security and privacy between downloading from a public wifi (or a closed wifi; with password) and mobile hotspot (sharing 4G/5G data from your phone to your computer)? Which one is recommended or does it not matter?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 2 months ago* (last edited 2 months ago) (7 children)

no worries.

the net effect of client separation is that your device sees no other layer 2 devices on the wlan besides the gateway. this would typically be enforced at the frame level by the APs and is separate from any radio privacy cryptography.

a properly configured wireless setup would assume every client is compromised and would also disallow local client-client via source routing or proxy ARP or any other escape options. 100% secure? probably not, but its a non trivial barrier that would have to be circumvented.

as with e.g. broken WEP years ago, there are still options to mess with clients at ~Layer 1 but I dont believe its currently as trivial as it used to be.

[–] [email protected] 5 points 2 months ago (5 children)

Do you have any documentation on how this work ? Is there a name to this special protocol? Is it a recent addition to the wifi standard ?

Again a wifi AP doesn't send data to a specific client. So how does an AP can enforce that one client can't read a frame for someone else that is properly authenticated? How would an AP prevent someone spoofing mac addresses from receiving that data ?

I'm really confused by this feature I never heard of even when I was playing with aircrack and so on. Yes sometimes your mac address can get filtered but even that is not really difficult to avoid.

Sorry I have so many questions but I honestly did quite some "tinkering" with wifi years ago and none of this sounds familiar.

[–] [email protected] 3 points 2 months ago* (last edited 2 months ago) (3 children)

To add to the other reply, client isolation is about controlling whether an ap, switch, or router willingly sends traffic between clients. Because of that, it doesn't kick in if you listen to packets over the air before they've been received by an AP. For that kind of security you need a wifi specific security measure - which I think "enhanced open" is what you'd be interested in. It allows you to have an open passwordless wifi but it generates temporary encryption keys for each connected client, then the rest is as if it was using WPA, so that you don't need to enter a password but your traffic gets encrypted and protected from anyone else listening in on the WiFi.

If you combine both then you should have a network where each device is isolated both over the air and from a routing perspective so that each device only sees an Internet connection and no other devices.

[–] [email protected] 2 points 2 months ago

Thanks ! That's exactly how I think it could be implemented but that confirms that this is certainly not something you can find commonly where I live.

That confirms the fact that if you use the same wifi and everyone has entered the same encryption key then there is no real client isolation...

It's cool that wifi keeps evolving. It comes a long way from the WEP beginnings.

load more comments (2 replies)
load more comments (3 replies)
load more comments (4 replies)