_____                   _                  _____            _____       _ 
  |     |___ _____ ___ _ _| |_ ___ ___ ___   |  _  |___ ___   | __  |___ _| |
  |   --| . |     | . | | |  _| -_|  _|_ -|  |     |  _| -_|  | __ -| .'| . |
  |_____|___|_|_|_|  _|___|_| |___|_| |___|  |__|__|_| |___|  |_____|__,|___|
  a newsletter by |_| j. b. crawford               home archive subscribe rss

>>> 2023-07-29 Free Public WiFi (PDF)

Remember Free Public WiFi?

Once, many years ago, I stayed on the 62nd floor of the Westin Peachtree Plaza in Atlanta, Georgia. This was in the age when the price of a hotel room was directly correlated with the price of the WiFi service, and as a high school student I was not prepared to pay in excess of $15 a day for the internet. As I remember, a Motel 6 that was not blocks away but within line of sight ended up filling the role. But even up there, 62 floors from the ground, there was false promise: Free Public WiFi.

I am not the first person to write on this phenomenon, I think I originally came to understand it as a result of a 2010 segment of All Things Considered. For a period of a few years, almost everywhere you went, there was a WiFi network called "Free Public WiFi." While it was both free and public in the most literal sense, it did not offer internet access. It was totally useless, and fell somewhere between a joke, a scam, and an accident of history. Since I'm not the first to write about it, I have to be the most thorough, and so let's start out with a discussion of WiFi itself.

The mid-2000s were a coming of age era for WiFi. It had become ubiquitous in laptops, and the 2007 launch of the iPhone established WiFi as a feature of mobile devices (yes, various phones had offered WiFi support earlier, but none sold nearly as well). Yet there weren't always that many networks out there. Today, it seems that it has actually become less common for cafes to offer WiFi again, presumably as LTE has reached nearly all cafe customers and fewer people carry laptops. But in the 2010s, genuinely free, public WiFi had become far more available in US cities.

Some particularly ambitious cities launched wide-area WiFi programs, and for a brief time "Municipal WiFi" was a market sector. Portland, where I grew up, was one of these, with a wide-area WiFi network covering the house I grew up in for a couple of years. Like most the program didn't survive to see 2020. Ironically, efforts to address the "digital divide" have lead to a partial renaissance of municipal WiFi. Many cities now advertise free WiFi service at parks, libraries, and other public places. I was pleased to see that Mexico City has a relatively expansive municipal WiFi service, probably taking advantage of the municipal IP network they have built out for video surveillance and emergency phones.

The 2000s, though, were different. "Is there WiFi here?" was the sort of question you heard all the time in the background. WiFi was seen as a revenue source (less common today, although the hotel industry certainly still has its holdouts) and so facility-offered WiFi was often costly. A surprising number of US airports, for example, had either no WiFi or only a paid service even through the 2010s. I'm sure there are still some like this today, but paid WiFi seems on the way out [1], probably as a result of the strong competition it gets from LTE and 5G. The point, though, is that back in 2006 we were all hungry for WiFi all the time.

We also have to understand that the 802.11 protocol that underlies WiFi is surprisingly complex and offers various different modes. We deal with this less today, but in the 2000s it was part of computer user consciousness that WiFi came in two distinct flavors. 802.11 beacon packets, used to advertise WiFi networks to nearby devices, include a flag that indicates whether the network operates in infrastructure mode or ad-hoc mode.

A network in infrastructure mode, basically the normal case, requires all clients to communicate with the access point (AP). When two clients exchange traffic, the AP serves as an intermediary, receiving packets from one device and transmitting them to the other. This might at first seem inefficient, but this kind of centralization is very common in radio systems as it offers a simple solution to a complex problem. If a WiFi network consists of three devices, an AP and two clients (A and B), we know that clients A and B can communicate with the AP because they are maintaining an association. We don't know if A and B can communicate with each other. They may be on far opposite sides of the AP's range, there may be a thick concrete wall between A and B, one device may have very weak transmit power, etc. Sending all traffic through the AP solves this problem the same way a traditional radio repeater does, by serving as an intermediary that is (by definition for an AP) well-positioned in the network coverage area.

The other basic WiFi mode is the ad-hoc network. In an ad-hoc network, devices communicate directly with each other. The main advantage of an ad-hoc network is that no AP is required. This allowed me and a high school friend to communicate via UnrealIRCd running on one of our laptops during our particularly engaging US Government/Economics class (we called this "Governomics"). The main disadvantage of ad-hoc networks is that the loss of a central communications point makes setup and routing vastly more complicated. Today, there is a much better established set of technologies for distributed routing in mesh networks, and yet ad-hoc WiFi is still rare. In the 2000s it was much worse; ad-hoc mode was basically unusable by anyone not ready to perform manual IP address management (yes, link local addresses existed and we even used them for our IRC client configurations, but most people evidently found these more confusing than helpful).

In general, ad-hoc networks are a bit of a forgotten backwater of consumer WiFi technology. At the same time, the promise of ad-hoc networks featured heavily in marketing around WiFi, compelling vendors to offer a clear route to creating and joining them. This has allowed some weird behaviors to hang around in WiFi implementations.

Another thing about WiFi networks in the 2000s, and I swear this is all building to a point, is that the software tools for connecting to them were not very good. On Windows, WiFi adapter vendors distributed their own software. Anyone with a Windows laptop in, say, 2005 probably remembers Dell QuickSet Wireless, Intel PROSet/Wireless (this actually how they style the name), and Broadcom WLAN Utility. The main thing that these vendor-supported wireless configuration utilities shared was an astounding lack of quality control, even by the standards of the time. They were all terrible: bizarre, intrusive, over-branded UX on top of a network configuration framework that had probably never worked reliably, even in the original developer's test environment.

Perhaps realizing that this hellscape of software from hardware companies was undoubtedly having a negative impact on consumer perception of Windows [2], Microsoft creaked into action. Well, this part is kind of confusing, in a classically Microsoft way. Windows XP had a built-in wireless configuration management utility from the start, called Wireless Zero Configuration. The most irritating thing about the vendor utilities was that they were unnecessary; most of the time you could just uninstall them and use Wireless Zero and everything would work fine.

Wireless Zero was the superior software too, perhaps because it had fewer features and was designed by someone with more of the perspective of a computer user than a wireless networking engineer. Maybe I'm looking on Wireless Zero with rose-colored glasses but my recollection is that several people I knew sincerely struggled to use WiFi. The fix was to remove whatever garbage their network adapter vendor had provided and show them Wireless Zero, where connecting to a network meant clicking on it in a list rather than going through a five-step wizard.

So why did the vendor utilities even exist? Mostly, I think, because of the incredible urge PC vendors have to "add value." Gravis, in the context of "quick start" operating systems, gives a good explanation of this phenomenon. The problem with being a PC vendor is that all of the products on the market offer a mostly identical experience. For vendors to get any competitive moat bigger than loud industrial design (remember when you badly wanted a Vaio for the looks?), they had to "add value" by bolting on something they had developed internally. These value-adds were, almost without exception, worthless garbage. And wireless configuration utilities were just another example, a way for Intel to put their brand in front of your face (seemingly the main concern of Intel R&D to this day) despite doing the same thing everyone else did.

There was a second reason, as well. While it was a good fit for typical consumer use, Wireless Zero was not as feature-complete as many of the vendor utilities were. Until the release of Vista and SP3, Wireless Zero was basically its own proprietary solution just like the vendor utilities. There was no standard API to interact with wireless configuration on XP/SP1/2, so if a vendor wanted to offer anything Zero couldn't do, they had to ship their whole own Product. Microsoft's introduction of a WiFi config API in Vista (and basically backporting it to SP3) was a big blow to proprietary wireless utilities, but it probably had less of an impact than the general decline of crapware in Vista and later.

This is not to say that they're gone. A surprising number of PCs still ship with some kind of inane OEM software suite that offers a half-baked wireless configuration utility (just a frontend on the Windows API) alongside the world's worst backup service, a free trial offer for a streaming service you haven't heard of but represents the death throes of a once great national cable network, and something that tells you if your PC is "healthy" based on something about the registry that has never and will never impact your life??? God how is the PC industry still like this [3].

I think I have adequately set the stage for our featured story. In the late 2000s, huge numbers of people were (a) desperately looking for a working WiFi network even though they were in a place like an airport that should clearly, by civilized standards, have a free one; (b) using Wireless Zero on XP/SP1/2; and (c) in possession of only a vague understanding of ad-hoc networks which were nonetheless actively encouraged by WiFi vendors and their software.

Oh, there is a final ingredient: Wireless Zero had an interesting behavior around ad-hoc networks. It's the kind of thing that sounds like an incredibly bad decision in retrospect, but I can see how Microsoft got there. Let's say that, for some reason and some how, a consumer uses ad-hoc WiFi. It was ostensibly possible, not even really that hard, to use ad-hoc WiFi to provide internet access in a home (from e.g. a USB DSL modem, still common at the time). It's just that the boxes you had to check were enough clicks deep in the network control panel that I doubt many people ever got there.

One of the problems with ad-hoc WiFi, though, is that ad-hoc networks can be annoying to join. You've got to enter the SSID and key, which is already bad enough, but then you're going to be asked if it's WEP or WPA or WPA2 and then, insult on injury, if the WPA2 is in TKIP or AES mode. For ad-hoc networks to be usable something had to broadcast beacons, and without an AP, that had to be the first computer in the network.

So, now that you have your working ad-hoc setup complete with beacons, you might want to take your laptop, unplug it from the DSL modem, and take it somewhere else. Maybe you go on a trip, use the WiFi at a hotel (probably $15 a day depending on your WORLD OF HYATT status), then come back home and plug things back in the way they were. You would expect your home internet setup to pick up where you left off, but people didn't have as many devices back then and especially not as many always-on. Your laptop, de facto "host" of the ad-hoc network, may be the only network participant up and running when you want to connect a new device. So what does it need to do? Transmit beacons again, even though the network configuration has changed a few times.

The problem is that it's really hard for a system in an ad-hoc network to know whether or not it should advertise it. Wireless Zero didn't really provide any way to surface this decision to the user, and the user probably wouldn't have understood what it meant anyway. So Microsoft took what probably seemed, in the naivety of the day, to be a reasonable approach: once a Windows XP machine had connected to an ad-hoc network, it "remembered" it the same way it did the "favorite" networks, for automatic reconnection. Assuming that it might just be the first device in the ad-hoc network to come up, if the machine had a remembered ad-hoc network and wasn't associated with anything else, it would transmit beacons.

Put another way, this behavior sounds far more problematic: if a Windows XP machine had an ad-hoc network favorited (which would be default if it had ever connected to one), then when it wasn't connected to any other WiFi network, it would beacon the favorited ad-hoc network to make it easier for other hosts to connect. Ad-hoc networks could get stuck in there, a ghost in Wireless Zero.

You can no doubt see where this goes. "Free Public WiFi" was just some ad-hoc network that someone created once. We don't know why; most people seem to go to ill intent but I don't think that's necessary. Maybe some well-meaning cafe owner had an old computer with a USB DSL modem they used for Business and decided to offer cafe WiFi with the hardware they already owned. The easiest way (and probably only way, given that driver support for infrastructure mode AP behavior on computer WiFi adapters remains uneven today) would be to create an ad-hoc network and check the right boxes to enable forwarding. But who knows, maybe it was someone intercepting traffic for malicious purposes, maybe it was someone playing a joke, all we really know is that it happened sometime before 2006 when I find the first public reference to the phenomenon.

Whoever it was, they were patient zero. The first Windows XP machine to connect became infected, and when its owner took it somewhere else and didn't connect to a WiFi network, it helpfully beaconed Free Public WiFi. Someone else, seeing such a promising network name, connected. Frustrated by the lack of Hotmail access, they disconnected and moved on... but, unknowingly, they were now part of The Ad-Hoc Network.

The phenomenon must have spread quickly. In 2007, a wire service column of security tips (attributed to the Better Business Bureau, noted information security experts) warns that "this network may be an ad-hoc network used by hackers hunting for credit card information, Social Security numbers and account passwords." Maybe! Stranger things have happened! I would put good money on "no" (the same article encourages using a VPN, an early link in a chain that leads to the worst YouTube content today).

By 2008-2009, when I think I had reached a high level of owning a laptop and using it in strange places, it was almost universal. "Free Public WiFi" enchanted me as a teenager because it was everywhere. I could hardly open my laptop without seeing it there in the Wireless Zero list. Like the Morris worm, it exploited a behavior so widespread and so unprotected that I think it must have burned through a substantial portion of the Windows XP laptop fleet.

"Free Public WiFi" would reach an end. In Service Pack 3, as part of the introduction of the new WLAN framework, Microsoft fixed the beacon behavior. This was before the era of forced updates, though, and XP was particularly notorious for slow uptake of service packs. "Free Public WiFi" was apparently still widespread in 2010 when NPR's mention inspired a wave of news coverage. Anecdotally, I think I remember seeing it into 2012. One wonders: is it still around today?

Unfortunately, I always have a hard time with large-scale research on WiFi networks. WiGLE makes a tantalizing offer of an open data set to answer this kind of question but the query interface is much too limited and the API has a prohibitively low quota. Maxing out my API limits every day I think it'd take over a month to extract all the "Free Public WiFi" records so that I could filter them the way I want to. Perhaps I should make a sales inquiry for a commercial account for my enterprise blogging needs, but it's just never felt to me like WiGLE is actually a good resource for the security community. They're kind of like hoarders, they have an incredible wealth of data but they don't want to give any of it up.

I pulled the few thousand records I'm allowed to get today from WiGLE and then changed tracks to WifiDB, which is much less known than WiGLE but actually makes the data available. Unfortunately WifiDB has a much lower user count, and so the data is clearly impacted by collection bias (namely the impressive work of one specific contributor in Phoenix, AZ).

Still, I can find instances of ad-hoc "Free Public WiFi" spanning 2006 to as late as 2018! It's hard to know what's going on there. I would seriously consider beaconing "Free Public WiFi" today as a joke, but it may be that in 2018 there was still some XP SP2 laptop in the Phoenix area desperately hoping for internet access.

WifiDB data, limited though it is, suggests that The Ad-Hoc Network peaked in 2010. Why not a crude visualization?

2006    1   |
2007    0   
2008    39  |||||
2009    82  |||||||||
2010    93  ||||||||||
2011    20  |||
2012    2   |
2013    0
2014    1   |
2015    5   ||
2016    3   |
2017    2   |
2018    1   |

That 2006 detection is the first, which lines up with NPR's reporting, but could easily also be an artifact of WifiDB's collection. And 2018! The long tail on this is impressive, but not all that surprising. XP had a real reputation for its staying power. There are surely still people out there that hold that XP was the last truly good Windows release---and honestly I might be one of them. Every end-of-life announcement for XP triggered a wave of complaints in the industry rags. In 2018, some niche versions of XP (e.g. POSReady) were still under security support!

Most recent observations of "Free Public WiFi" are actually infrastructure-mode networks. It's an amusing outcome that "Free Public WiFi" has been legitimized over time. In Bloomington, Indiana I think it's actually the public WiFi at a government building. Some office buildings and gas stations make appearances. "Free Public WiFi" is probably more likely to work today than not... but no guarantee that it won't steal your credit card. Pay heed to the Better Business Bureau and take caution. Consider using a VPN... how about a word from our sponsor?

Postscript: I have been uploading some YouTube videos! None of them are good, but check it out. I'm about to record another one, about burglar alarms.

[1] Paid WiFi still seems alive and well at truck stops. Circumstances on a recent cross-country trip lead to me paying an outrageous sum, something like $20, for one day of access to a nationwide truck stop WiFi service that was somewhere between "completely broken" and "barely usable to send an email" at the three successive TAs I tried at. My original goal of downloading a several-GiB file was eventually achieved by eating at a restaurant proximate to a Motel 6. Motel 6 may be the nation's leading municipal WiFi operator.

[2] Can we think of another set of powerful hardware vendors consistently dragging down the (already questionably seaworthy) Windows ecosystem by shipping just absolute trash software that's mandatory for full use of their hardware? Companies that are considered major centers of computer innovation yet distribute a "driver" as an installer for an installer that takes over a minute just to install the installer? Someone with the gall to call their somehow even less stable release branch "ADRENALINE EDITION"?

[3] I used to have a ThinkPad with an extra button that did nothing because Lenovo decided not to support the utility that made it do things on Vista or later. This laptop was sold well after the release of Vista and I think shipped with 7. That situation existed on certain ThinkPad models for two generations. Things like this drive you to the edge of the Apple Store I swear, and Lenovo isn't as bad as some.