this post was submitted on 29 Apr 2024
77 points (100.0% liked)

cybersecurity

64 readers
1 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
shellsharks@infosec.pub
tweedge@infosec.pub
77
Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet (infosec.pub)
submitted 6 months ago* (last edited 6 months ago) by coffeeClean@infosec.pub to c/cybersecurity@infosec.pub
58 comments fedilink hide all child comments
 

I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”

I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.

¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.

top 50 comments
sorted by: hot top controversial new old
[–] Album@lemmy.ca 95 points 6 months ago* (last edited 6 months ago) (3 children)

The reality despite what you or i might do, is that 99% of people don't carry around an ethernet or hardwire in when there is available wifi.

The library might be public, but it's still a good idea to communicate your intent or obtain permission prior to using someone else's network in away they might deem to be unexpected.

"Do you have ethernet or wired internet?" is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.

[–] originalfrozenbanana@lemm.ee 65 points 6 months ago (3 children)

Or, and hear me out, approach everything with hostility \s

load more comments (3 replies)
[–] wahming@monyet.cc 16 points 6 months ago (3 children)

“Do you have ethernet or wired internet?” is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.

Would you trust the reply somebody like the librarian in the OP gave you? Seems like the sort of person who would refuse to admit to any lack of knowledge and just bluster.

[–] EssentialCoffee@midwest.social 28 points 6 months ago (2 children)

Do you trust every one-sided story to be entirely accurate of all details?

And what does trust have to do with it? Can we use Ethernet here? If the person says no, would you just walk around the building until you found a port and plugged in?

[–] wahming@monyet.cc 9 points 6 months ago* (last edited 6 months ago) (4 children)

Do you trust every one-sided story to be entirely accurate of all details?

No, but for the sake of discussion in this thread, that is the scenario we're all going by. We're not rendering a legal judgement here, we're discussing the situation as described.

In a public library, I would fully expect public-facing ethernet ports, especially in sitting / working areas, to be available for public use. I'm not sure why they would be there otherwise. And if they're no longer meant for public use, it would be on the library IT staff to have disabled those ports.

what does trust have to do with it?

Because I don't trust non-IT-savvy people to even properly understand the question. I've met way too many people with no technical clue who refuse to admit to any sort of lack of knowledge when it's extremely obvious.

[–] Album@lemmy.ca 16 points 6 months ago

If the LIBRARIAN doesn't understand this as a service the library offers - then they don't offer it - or if you think they're wrong you need to have an adult conversation that they do and that it should be ok. It's weird to just assume you can go around sticking your cat5e into other peoples ethernet ports like that.

load more comments (3 replies)
[–] coffeeClean@infosec.pub 2 points 6 months ago* (last edited 6 months ago) (3 children)

And what does trust have to do with it?

I think they mean trust in the librarian to genuinely know the policy and what should work. They tend not to in this case because ethernet has become obscure enough to be an uncommon question, if ever.

Another library had ethernet ports all down the wall next to desks. They were dead and no one used them. It was obvious that the librarian had no clue about whether the ports were even supposed to function. When I said they are dead and asked to turn them on or find out what’s wrong, they then figured that if the ports don’t work, it must be intentional. So the librarian’s understanding of the policy was derived from the fact that they were dysfunctional. Of course if they were intended to work but needed service, ethernet users are hosed because the librarian’s understanding of policy is guesswork. There is no proper support mechanism.

I asked a librarian at another library: I need to use Tor. Is it blocked? I need to know before I buy a membership. Librarian had no idea. They just wing it. They said test it. Basically, if it works, then it’s acceptable. The functionality becomes the source of policy under the presumption that everything is functioning as it should.

Since ethernet has been phased out, modern devices no longer include an ethernet NIC, and there are places to plug into A/C with no ethernet nearby, the librarians and the public are both conditioned to be unaware of ethernet. So the answer will only be either: no or test and see.

load more comments (3 replies)
[–] CyberSeeker@discuss.tchncs.de 11 points 6 months ago (1 children)

As far as people I’d trust to not just make shit up, I’d say Librarian, aka, professional fucking researcher is high on the list.

[–] wahming@monyet.cc 6 points 6 months ago

That pretty much depends on where in the world you are, FYI. Librarian == professional fucking researcher is not a thing in Asia.

[–] Album@lemmy.ca 5 points 6 months ago

It's kind of all that matters though. We don't need to trust her - we need her acceptance of the act for which she is the gatekeeper of. If we don't have it - trust over what she said is irrelevant since we don't even have the basic trust over the act.

[–] coffeeClean@infosec.pub 5 points 6 months ago* (last edited 6 months ago) (1 children)

When I entered I spoke to a different librarian about the locked PC room (due to a holiday or something). They said I could use wifi but need to give a phone number to a captive portal, which I already knew. My phone was not on me so I said: is it okay if I plug in over there by the catalog PCs? They said yes. Revealing what I mean by "plugging in”, well, i was vague for a reason. I know the population has become ethernet-hostile¹ so indeed asking for forgiveness is better than asking for permission in this situation.

¹ Another library in the area has ethernet ports but they are just decoys (dead ports). I asked the librarian what the problem is, why they are disabled, and whether we can turn them on. Librarian was helpless, and said “use wifi”, which didn’t work for me for different reasons than the other library. But the librarian basically said in so many words “not our problem.. you can just use wifi.” At another library, I was able to connect but Tor was blocked. I tried to get support from the librarian. They had no clue but were also unwilling to lead me to someone who could give support. The way it works around here is the info systems are outsourced to some unreachable tech giant, and the librarians are rendered helpless. If the SSID does not appear, the librarian can send an email to someone to say it’s down, and that’s about the full extent of their tech capability.

[–] EssentialCoffee@midwest.social 21 points 6 months ago (1 children)

Why didn't you tell this librarian that you'd asked another librarian and they said it was okay to plug in? Why was none of this included in the original post?

[–] coffeeClean@infosec.pub 2 points 6 months ago* (last edited 6 months ago)

The librarian who said it was okay to plugin (which they likely understood to mean plugin an A/C power cord) was young, not as senior as the edgy librarian. I’m not going to take down a kid and get them in trouble for not picking apart what it means when someone asks if they can “plug-in”.

People like Trump will throw his supporters under the bus when self-defense calls for it. I will not.

What would the point be? I didn’t need a defense. I got scolded and was walking out. Since I was calm, the librarian became calm. Police were not called and I was not detained. And if that had happened, I would have exercised my right to remain silent anyway.

[–] charonn0@startrek.website 53 points 6 months ago

Does the library provide ethernet jacks for patrons to use? If not then I can understand why a librarian would be surprised.

[–] Truck_kun 34 points 6 months ago* (last edited 6 months ago) (1 children)

My first reaction is yeah, you don't just plug into random Ethernet.

The wi-fi is likely a visitor network setup for guests to the library. That ethernet port could provide access to their private intranet, and be a security risk to the library. Worst case scenario, it could result in malware, ransomware, and/or millions of dollars in expenses to recover (on a library budget, that could mean permanently shutting down the library even).

After reading your post, I would say, no harm intended, just don't do it again.

After reading your comments about intentionally being vague about 'plugging in' to lead the librarian to think you were asking to plug in a power cord, and not specifically meaning ethernet connection.... yeah, you're clearly in the wrong. Just be up front; if they say no, so be it. They may be able to direct you to a visitor ethernet plug-in, or maybe not. If this were an AITA thread, i'd say yes, YTA in this case.

Asking in an security community.... I would assume some level of technical awareness, and you are likely well aware of network segmentation, and that no IT department would be happy about a guest plugging their laptop into random rj-45 jacks around the building. Maybe it's not well designed, and that actually has access to firewall administration?

[–] coffeeClean@infosec.pub 3 points 6 months ago* (last edited 6 months ago) (2 children)

After reading your post, I would say, no harm intended, just don’t do it again.

You may be misunderstanding the thesis. This is not really about staying out of trouble. Or more precisely, as an activist up to my neck in trouble it’s about getting into the right trouble. The thesis is about this trend of marginalising people with either no phone and/or shitty wifi gear/software and a dozen or so demographics of people therein who do not so easily give up their rights. It’s about exclusivity of public services funded with public money. Civil disobedience is an important tool for justice outside of courts.

The security matter is really about competency and cost. The main problem is likely in the requirements specification conveyed to the large tech firms that received the contract. From where I sit, it appears they were simply told “give people wifi”, probably by people who don’t know the difference between wifi and internet. In which case the tech supplier should have been diligent and competent enough to ask “do you want us to exclude segments of the public who have no wifi gear and those without phones?”

load more comments (2 replies)
[–] YurkshireLad@lemmy.ca 16 points 6 months ago (1 children)

I can’t rant against librarians. My friend has been a librarian for many years and she has put up with a hell of a lot of crap from people. So be kind, be patient and be honest with them.

Obviously not all librarians, like any job, are perfect.

load more comments (1 replies)
[–] amio@kbin.social 16 points 6 months ago (1 children)

It's their network that they are offering as a service, if they say no then no it is.

[–] coffeeClean@infosec.pub 2 points 6 months ago* (last edited 6 months ago) (4 children)

Private libraries are quite rare. I think only one employer I worked for had an on-site private library where the assets are not publicly owned. It’s rare. Most libraries are public.

My post is about public libraries, which were financed with public money. It’s worth noting the Universal Declaration of Human Rights:

Article 21
¶2) Everyone has the right of equal access to public service in his country.

That includes public libraries. It’s disgusting that you endorse discriminating against people without mobile phones and private subscriptions in the course of accessing public resources.

[–] amio@kbin.social 21 points 6 months ago* (last edited 6 months ago)

It’s disgusting that you endorse discriminating against people

If you're not trolling - poorly - then you obviously have massive issues. I would encourage you to seek out some help for those.

[–] GreatBlue@infosec.pub 18 points 6 months ago (1 children)

You have the right to access the internet through WiFi like everyone else. So where's the problem?

[–] coffeeClean@infosec.pub 3 points 6 months ago (2 children)

That “right” is exclusively available to people who:

  • have a mobile phone
  • who carry it with them
  • who have working wifi hardware

The Universal Declaration of Human Rights has no such limitation on Article 21.

[–] catloaf@lemm.ee 13 points 6 months ago (3 children)

Bruh it's library Internet access, not a human rights violation

load more comments (3 replies)
[–] Karyoplasma@discuss.tchncs.de 7 points 6 months ago (3 children)

The UDHR is not a treaty, so it does not create any direct legal bindings. The article you quote may have been excluded, overwritten or rephrased in your jurisdiction.

load more comments (3 replies)
[–] normonator@lemmy.ml 11 points 6 months ago (3 children)

You can use it but on their terms. Your privacy doesnt mean anything to them, they are protecting themselves. Captive portal is likely making you agree to not abuse the service.

Also you're choosing not to participate which is fair but they don't need to support that.

load more comments (3 replies)
[–] amio@kbin.social 7 points 6 months ago

Then go sue them over their lack of Your Particular Setup-compatible wifi, I guess.

[–] wahming@monyet.cc 14 points 6 months ago

Sounds like a her problem.

[–] lemmyreader@lemmy.ml 12 points 6 months ago (1 children)
  • Most folks will probably freak out when they see a terminal window ("DOS box") on a computer.
  • Most folks in my country have no idea that there is something else than WhatsApp as alternative to SMS.
  • Whenever I've tried explaining to people that stuff on their website violates privacy or when I try to explain why they are having email delivery problems almost always results in permanent silence or disbelief.

Technology appears to be a scare factor for a lot of people. But in this case the librarian maybe thought that Ethernet was only for their qualified IT department to use.

[–] MelodiousFunk@slrpnk.net 3 points 6 months ago

Most folks will probably freak out when they see a terminal window ("DOS box") on a computer.

Many many moons ago I was working at a small mom and pop operation that used ancient PCs to run their registers. The entirety of the front end ran on a 3.5" floppy. One night after closing, I exited to the CLI and opened edit. I typed in "HELP, STEVE BROKE ME" and went to the back to count my drawer. The shift manager had a proper shit fit.

"What are you editing?!? If you break this machine the boss is going to have your head, it'll cost thousands to have someone come out and fix it!"

I calmly exited back to CLI and ran the front end exe. ¯\_(ツ)_/¯

[–] MisshapenDeviate@lemmy.dbzer0.com 9 points 6 months ago (1 children)

If it was a publicly available Ethernet port, it was likely for public use. The fact that she thought it was malicious speaks to ignorance on her part, not yours.

[–] BolexForSoup@kbin.social 13 points 6 months ago (2 children)

Or you could just ask them to avoid confusion as it takes 5 seconds and they may have a way of doing things that you don't know about? It's respectful and it potentially saves you a lot of hassle if it doesn't work and you need to troubleshoot it.

[–] Icalasari@fedia.io 8 points 6 months ago

Yeah. For all we know, there could be a sign in/out thing at the desk for if you use ethernet - She DID think OP was taking one of the library's cables after all, which implies the public has access, possibly through a sign in/out system

load more comments (1 replies)
[–] apotheotic 9 points 6 months ago (1 children)

You need to really, deeply consider what your stance is when you're painting libraries and librarians as the bad guys.

[–] coffeeClean@infosec.pub 2 points 6 months ago* (last edited 6 months ago) (1 children)

You’ll have to quote me on that because I do not recall calling them baddies. I have spotlighted an irresponsible policy and flawed implementation. It’s more likely a competency issue and unlikely a case of malice (as it’s unclear whether the administration is even aware that they are excluding people).

If they are knowingly and willfully discriminating against people without mobile phones, then it could be malice. But we don’t know that so they of course have the benefit of any doubt. They likely operate on the erroneous assumption that every single patron has a mobile phone and functional wifi.

[–] apotheotic 8 points 6 months ago (2 children)

You have, throughout your comments, repeatedly spoken down toward librarians and libraries. You might not be painting them as malicious, but you're certainly not painting them as "trying their best" or "worth having an adult conversation with instead of misrepresenting my situation intentionally".

load more comments (2 replies)
[–] Dukeofdummies@kbin.social 6 points 6 months ago

I'm not surprised. I know people who don't even know what an ethernet cable is. I've worked enough IT to realize that a tangled mess of 6 cables can be as horrifying as a Predator to people. It doesn't help that everything is slowly going to POE, POE+ and even ++ now so it's doubling as power as well. In analog video days I could look at the back of a random device and instantly figure out it's purpose. That's rapidly becoming a rarity. For a worrisome section of the population, plugging in an ethernet cable is the equivalent of building a table or performing a back flip.

And when it comes to hacking, good god nobody knows anything. I remember we had a dozen students in high school (around 2000ish?) get suspended for "hacking" and really it was just that a section of the student body found a network storage location without any password protection and were using it as a flash drive on school grounds. Literally they just suspended anybody who signed their name on the homework assignments stored there.

The real crime was that drive had lunch pins for all the accounts in plain text to run their system, without a password!

[–] jol@discuss.tchncs.de 6 points 6 months ago

10+ years ago you had to bring your own ethernet cable to the University library because the WiFi couldn't handle all the students at peak times. Wo der if it's still the case.

[–] Doom4535@lemmy.sdf.org 4 points 6 months ago* (last edited 6 months ago)

This sounds odd to me, unless you connected to an Ethernet port behind a desk or somehow forced open a network closet… They also might not like it if you disconnected one of the public computers to use its cable/port; otherwise if this was an open and public port, you used it as designed and the librarian probably has watched too many Hollywood hacking movies. I have to admit, I never thought of this as a way to bypass the captive portal (sorta just assumed everyone going through the public network would have to hit it, kinda of the equivalent to having everyone sign a liability waiver).

With that said, I can see some institutions not liking connections that aren’t part of the more traditional/commercial networking (but it doesn’t sound like the library took issue with your traffic, just the librarian didn’t like the PHY link you chose to use). For the SMS thing (I haven’t seen that used in a while, you might be able to use some sort of burner number app if they don’t filter them).

[–] xor@infosec.pub 2 points 6 months ago

it's clearly there to be used, a lot of places have ethernet jacks for that...
the librarian is just a luddite and you probably had a black hoodie and a terminal open so she assumed you were selling fentanyl to pedophile ransomware communists...

[–] hagar@lemmy.ml 2 points 6 months ago

have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware

You are on spot there, but sadly even legislators are far from understanding the reasons why this matters so much, let alone the general public.

Whatever security policy they have, it shouldn't require you installing a random executable to your system. And it was flawed enough that it didn't care to give your device access.

And by the way, it's so awesome you carry an ethernet cable around!!

[–] LoamImprovement 2 points 6 months ago (1 children)

I mean, I asked at a library if I could plug into the Ethernet because my laptop had an RJ45 port and I needed to download something sizable for work and the WiFi was dropping it. They let me hook up on one of the library computer ports and I left it the way I found it.

load more comments (1 replies)
load more comments
view more: next ›