The New York Times files an amusing story about neighbors and travelers using open home Wi-Fi networks: The article is dead in terms of people's attitudes. Most people don't want other people on their networks, but those that leave their networks open also don't want to hassle with securing them. Buffalo has been offering one-button security through their AOSS system for a while, and Atheros and Broadcom each have simple, robust methods of adding Wi-Fi encryption without inventing one's own long passwords and manually entering them. The Wi-Fi Alliance told me in January that they expect to have a unified proposal later this year.
The article notes that users accessing people's networks could snoop or carry out malicious activities. Worse, however, is that a local network is usually given less scrutiny by firewalls and thus a user who piggybacks onto your network and whose machine is infected with viruses and worms could unintentionally compromise your systems. That's a bigger risk, in my view.
The Brodeurs, featured in the opening of the article, note at the end that after adding encryption to their network, neighbors who wanted access offered to pay. They demurred. It's a reasonable decision. Even if you run strong firewalls or use something like Buffalo's privacy separator feature (which keeps each user's data on separate virtual segments), other users can still sniff your traffic as it passes through the air, and can still burn up your bandwidth.
While Speakeasy offers network sharing and features for them to bill your neighbors, there's a missing piece: a piece of hardware that would provide built-in WPA Enterprise (for unique encryption keys for each user), network separation, and bandwidth throttling per user with revocable credentials or passwords. Elements of this exist in a number of gateways, but there's no way I know of to buy a commodity, inexpensive gateway that would combine all this.
Glenn - of course I'd like to point out that Radiuz provides some of the functionality you mention above right now - WPA Enterprise, revocable access rights, etc. And more features are on the way. I hope people who are interested in sharing access without giving up security will check out www.radiuz.net!
Actually there's no reason why you shouldn't have a different key for each device on your network, even with WPA-Personal. In reality the actual dynamic encryption key used for each device is different - it's just that as they are all ultimately derived from the same PSK, and so any user can in theory work out any other user's dynamic key.
But there's nothing in WPA-Personal that says that every device has to use the same PSK. It's purely an implementation decision - most manufacturers assume that anyone who wants to get into the hassle of per-user credentials probably also a significant number of APs, and so will prefer Enterprise.
If you have access to the AP source code (e.g. the Linksys open source AP) you could change it yourself.
Note that with both WPA-Personal and WPA-Enterprise, the broadcast transmissions all use the same key, so for a full solution you'd also want some sort of virtual AP setup as well.
Our company, with another small Scottish companmy has developed a solution that allows users to conncet to a secure access poiunt in about 30 seconds. The whole process is acheved via secure shared secret on an out of bound USB key.
Despite talking to many of the industry majors, those who actually will listen we have had seen no real interst, as an ISP representitive told us: "consumers don't care about security, what's the wort that can happen?"
Hi Glenn
For a Canadian solution, people can also try our free WIFI internet access blocker for Win2K and XP to keep interlopers out. If you want even more control our Captive Portal Services are free while we are in Beta tests. See http://www.myWIFIzone.com/news.asp