I wonder if integrity will win out.
I am surprised this is still holding up.
Anyone who clicks on the link can read the title and decide its relevance to the hack. The primary people whose needs aren't accommodated by the change are those whose interest is triggered by "AirBnB."
Why would YC want to propagate negative content corresponding to their ventures?
As far as I'm aware, HN never promised to let us (the users) rule the roost this way. And they've never promised freedom from censorship.
To be clear, I don't mean any of this in a critical way. It simply is what it is.
Someone rents the room, and runs this script, disabling the cameras.
During the stay, the property is burglarized, and there is no surveillance footage of the crime because the renter disabled the cameras.
That seems like an incredibly messy legal situation. Would the renter even be able to exonerate themselves? They disabled the cameras, it almost feels like they inadvertently framed themselves for a crime they didn't commit.
On the other hand if the homeowner or the insurer wished to SUE someone for disabling the security system and thereby facilitating the loss of property, that someone would most likely be fucked. Civil liability doesn't require the accused to be the sole cause of the damage; one can be a contributory cause and still get roasted for huge damages. IANAL and this comment is not legal advice
(2) Civil liability does require, generally, causation--cause-in-fact and proximate cause. The cause-in-fact test is a simple "but-for" assessment: but-for our guy disabling the wireless, would the robbery have happened? In this case, yes, in the absence of our guy disabling the wireless, the bad guy would have still robbed the house. Disabling the wireless did not cause the robbery, the criminal was acting independent and without knowledge of the wireless camera's being disabled. Proximate cause is a more complicated legal standard, but since cause-in-fact is missing here, our guy isn't liable, and your second point is probably incorrect.
If you can convince the cops to do their job, then yes?
If my apartment was burgled when I was at work and my new roommate had the day off, the cops would -hopefully- do some investigation to determine if anyone else might have possibly entered the space, as well as checking and enquiring with pawn shops and grey-market street vendors for my stolen goods.
"It may be illegal to use this script in the US."
There's no "may" about it. It is illegal:
https://www.fcc.gov/document/warning-wi-fi-blocking-prohibit...
Two wrongs really don't make a right. Without physically locating the camera you have no idea what is being deauthed. It could be a camera monitoring a locked (unavailable to the guest) room or even a neighbors camera. Not everyone out there is a perv and there are entirely legitimate and expected uses for WiFi cameras which are not creepy.
It would be better to locate the camera and if in a location where privacy is expected, simply call the police because who knows how many other victims there may have been and who knows how creepy the person who put it there is.
"No hotel, convention center, or other commercial establishment or the network operator providing services at such establishments may intentionally block or disrupt personal Wi-Fi hot spots on such premises, including as part of an effort to force consumers to purchase access to the property owner's Wi-Fi network. Such action is illegal and violations could lead to the assessment of substantial monetary penalties."
Ethically speaking I'd say it's completely okay to monitor the former, whether that service is a plumber or a babysitter, and whether the monitoring is done with a camera or your own human eyes. Those service personnel shouldn't be expecting privacy while they provide services, anyway.
Ethically speaking I'd say it's wrong and a violation of privacy to monitor the latter, regardless of whether it is done with camera or eyes, without prior warning. This is because providing a place of residence implies providing some level of privacy. Forget cameras, you shouldn't generally enter a tenant's place of residence even with your human eyes, without letting them know in advance (e.g. at the very least by knocking).
Edit: Having now installed Fing and looked at what it does, it seems to basically just look at its assigned IP and netmask to determine the address space of the local network, and then perform an nmap-style ping scan to see what doesn't time out. When it gets a packet back, it uses the MAC address to identify the type of device, and a PTR lookup with the DHCP-provided DNS server to obtain a hostname. These are pretty cool capabilities to have on a handheld device, of course, but if you can't or won't install Fing, you can do pretty much everything it does with a 15-line Perl script on any device that can connect to the wireless network.
Kali Linux (can run from a bootable live image) has these two plus a whole lot more useful tools for doing this kind of thing.
https://www.reddit.com/r/networking/comments/3fyjbm/now_that...
Which points to (pdf):
http://www.xirrus.com/cdn/pdf/Xirrus-Wi-Fi-inspectorguide-1-...
On the Fing page it says: "Fing does not collect nor sends any detail about your environment, your accounts or your network to anybody. And that's guaranteed!"
Yet on the Fingbox page it says: "By installing Fing on a desktop workstation and logging into your account, you can perform operations on remote networks through the Fingbox cloud."
Those 2 things sound in conflict.
Nmap. You want nmap.
192.168.1.1? That tells me what my router is connected to but that isn't necessarily what I want. 90% of output is just what it is doing. Oh you initialised, completed, initialised, completed, Unable to split netmask from target expression, script post-scanning, Read data files from: /usr/local/bin/../share/nmap.
I have no immediately identifiable use for this.
-edit- oops, didn't see the other comment to the parent comment.
This is not an AIRBNB issue, it's a privacy issue anywhere you go...
Now, you could "hide" your SSID to reduce the number of SSIDs that appear in a WiFi network browser in a congested area... but that's a thing that -IMO- doesn't get you much for the hassle.
For security, either use WPA2-Personal in AES/CCMP-only mode with a long, randomly-generated password, or WPA2-Enterprise [1] in the same mode.
[0] https://en.wikipedia.org/wiki/Network_cloaking#False_Sense_o...
[1] Maybe even with client authorization through certs! :D
Consider "The Thing:" https://en.wikipedia.org/wiki/The_Thing_(listening_device)
> Due to changes in FCC regulation in 2015,
It wasn't a change in regulation. There was an enforcement advisory that the FCC considered interfering with WiFi connections to be interference under 47 USC 333. That's not a new law or regulation, it's just the FCC publicizing that they have already and will take further action over new way to violate a law.
> it appears intentionally de-authing WiFi clients, even in your own home,
The radio spectrum is a public resource, even when it radiates through your home. I can't use a stingray just because the phones are being used in my house either. I can understand why some people might disagree with the public resource nature of RF. But it's neither clear if the author is trying to pick that bone for real, nor am I here to defend that classification. Just pointing it out.
> is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition.
Jamming is used colloquially to refer to all interference under 47 USC 333. But with a little googling I don't see the FCC using the term "jamming" for this style of WiFi interference. The law is written the way it is because spoofing deauth messages is just one of the many ways to cause interference without "jamming."
> It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.
I don't think I understand that it's "worth noting." There is a large difference between an access point managing it's clients, and a rogue actor spoofing messages to mislead those clients that the message came from the AP. The fact it's part of the spec is the only reason this tool works at all, and the concept of layer 2 interference isn't particularly hard to grasp, especially when that's the explicit purpose of the tool.
Also:
>The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.
There are a great many things in my life that someone could fuck up if they wanted to break the law that are much more important than my wifi based home security. Even with this tool, the greatest threats to wifi devices are still lousy wifi performance before interference, and lousy residential internet connections.
I don't need someone with a baseball bat loitering around the parking lots I use to pester me about my car. That doesn't "challenge me to reconsider the non-sane choice" of using a mode of transportation that is just so darn easy to damage with a baseball bat.
Call be dumb but I have no idea what my wireless NIC is called and that's the first arg to the script.
How do I find out the handle for my wireless network card (I didn't even know it had a name), but also does anyone know why the script can't self detect that? Don't most people only have one?
Ditto for the SSID, couldn't the script just figure out what SSID I'm connected to?
Asking as much for self education as anything else...
The script could automate the discovery of both information but that would make it larger and much more error prone.
Your comment is nice, it shows how Linux Desktop nowadays is so easy to use, one does not have to worry about technical details.
Note that newer debian versions seem to have moved ifconfig to sbin so it's not in a normal user's $PATH
So it only works if they are using one of those two off the shelf cameras.
It will be accessible on the local network via web browser (it starts a web server on the phone) or client app on another phone (e.g. tinyCam Monitor).
We got one as a gift, but hardly used it. Of course both my kids are little Darth Shnorkulas.
I just can't really think of a scenario where the monitor helps. I mean I've had those panicked moments where I'm like "Is my kid dead, and I've just been sitting here playing computer games?" But either get up and check, or just keep playing. They almost never die.
http://www.igeeksblog.com/iphone-apps-to-use-iphone-as-webca...
https://play.google.com/store/apps/details?id=com.pas.webcam...
You can then search for them and simply place some cloth on it? Might be more legal.
If the camera runs on a separate network to which you don't have access to, the script wouldn't work.
