I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).

I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”

I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.

¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.

  • Album@lemmy.ca
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    6 months ago

    The reality despite what you or i might do, is that 99% of people don’t carry around an ethernet or hardwire in when there is available wifi.

    The library might be public, but it’s still a good idea to communicate your intent or obtain permission prior to using someone else’s network in away they might deem to be unexpected.

    “Do you have ethernet or wired internet?” is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.

    • wahming@monyet.cc
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      “Do you have ethernet or wired internet?” is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.

      Would you trust the reply somebody like the librarian in the OP gave you? Seems like the sort of person who would refuse to admit to any lack of knowledge and just bluster.

      • EssentialCoffee@midwest.social
        link
        fedilink
        English
        arrow-up
        0
        ·
        6 months ago

        Do you trust every one-sided story to be entirely accurate of all details?

        And what does trust have to do with it? Can we use Ethernet here? If the person says no, would you just walk around the building until you found a port and plugged in?

        • wahming@monyet.cc
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          6 months ago

          Do you trust every one-sided story to be entirely accurate of all details?

          No, but for the sake of discussion in this thread, that is the scenario we’re all going by. We’re not rendering a legal judgement here, we’re discussing the situation as described.

          In a public library, I would fully expect public-facing ethernet ports, especially in sitting / working areas, to be available for public use. I’m not sure why they would be there otherwise. And if they’re no longer meant for public use, it would be on the library IT staff to have disabled those ports.

          what does trust have to do with it?

          Because I don’t trust non-IT-savvy people to even properly understand the question. I’ve met way too many people with no technical clue who refuse to admit to any sort of lack of knowledge when it’s extremely obvious.

            • wahming@monyet.cc
              link
              fedilink
              English
              arrow-up
              0
              ·
              6 months ago

              We could discuss all sorts of hypotheticals, including where there’s a secret supervillain base under the library and they’re about to assassinate OP for jacking into their network. It’s pointless because we’re not discussing an event we have any way of obtaining any other information about other than what OP has provided.

        • coffeeClean@infosec.pubOP
          link
          fedilink
          English
          arrow-up
          0
          ·
          edit-2
          6 months ago

          And what does trust have to do with it?

          I think they mean trust in the librarian to genuinely know the policy and what should work. They tend not to in this case because ethernet has become obscure enough to be an uncommon question, if ever.

          Another library had ethernet ports all down the wall next to desks. They were dead and no one used them. It was obvious that the librarian had no clue about whether the ports were even supposed to function. When I said they are dead and asked to turn them on or find out what’s wrong, they then figured that if the ports don’t work, it must be intentional. So the librarian’s understanding of the policy was derived from the fact that they were dysfunctional. Of course if they were intended to work but needed service, ethernet users are hosed because the librarian’s understanding of policy is guesswork. There is no proper support mechanism.

          I asked a librarian at another library: I need to use Tor. Is it blocked? I need to know before I buy a membership. Librarian had no idea. They just wing it. They said test it. Basically, if it works, then it’s acceptable. The functionality becomes the source of policy under the presumption that everything is functioning as it should.

          Since ethernet has been phased out, modern devices no longer include an ethernet NIC, and there are places to plug into A/C with no ethernet nearby, the librarians and the public are both conditioned to be unaware of ethernet. So the answer will only be either: no or test and see.

  • Truck_kun@beehaw.org
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    6 months ago

    My first reaction is yeah, you don’t just plug into random Ethernet.

    The wi-fi is likely a visitor network setup for guests to the library. That ethernet port could provide access to their private intranet, and be a security risk to the library. Worst case scenario, it could result in malware, ransomware, and/or millions of dollars in expenses to recover (on a library budget, that could mean permanently shutting down the library even).

    After reading your post, I would say, no harm intended, just don’t do it again.

    After reading your comments about intentionally being vague about ‘plugging in’ to lead the librarian to think you were asking to plug in a power cord, and not specifically meaning ethernet connection… yeah, you’re clearly in the wrong. Just be up front; if they say no, so be it. They may be able to direct you to a visitor ethernet plug-in, or maybe not. If this were an AITA thread, i’d say yes, YTA in this case.

    Asking in an security community… I would assume some level of technical awareness, and you are likely well aware of network segmentation, and that no IT department would be happy about a guest plugging their laptop into random rj-45 jacks around the building. Maybe it’s not well designed, and that actually has access to firewall administration?

    • coffeeClean@infosec.pubOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      6 months ago

      After reading your post, I would say, no harm intended, just don’t do it again.

      You may be misunderstanding the thesis. This is not really about staying out of trouble. Or more precisely, as an activist up to my neck in trouble it’s about getting into the right trouble. The thesis is about this trend of marginalising people with either no phone and/or shitty wifi gear/software and a dozen or so demographics of people therein who do not so easily give up their rights. It’s about exclusivity of public services funded with public money. Civil disobedience is an important tool for justice outside of courts.

      The security matter is really about competency and cost. The main problem is likely in the requirements specification conveyed to the large tech firms that received the contract. From where I sit, it appears they were simply told “give people wifi”, probably by people who don’t know the difference between wifi and internet. In which case the tech supplier should have been diligent and competent enough to ask “do you want us to exclude segments of the public who have no wifi gear and those without phones?”