Remember Free Public WiFi?

Once, many years ago, I stayed on the 62nd floor of the Westin Peachtree Plaza
in Atlanta, Georgia. This was in the age when the price of a hotel room was
directly correlated with the price of the WiFi service, and as a high school
student I was not prepared to pay in excess of $15 a day for the internet. As I
remember, a Motel 6 that was not blocks away but within line of sight ended up
filling the role. But even up there, 62 floors from the ground, there was false
promise: Free Public WiFi.

I am not the first person to write on this phenomenon, I think I originally
came to understand it as a result of a 2010 segment of All Things Considered.
For a period of a few years, almost everywhere you went, there was a WiFi
network called “Free Public WiFi.” While it was both free and public in the
most literal sense, it did not offer internet access. It was totally useless,
and fell somewhere between a joke, a scam, and an accident of history. Since
I’m not the first to write about it, I have to be the most thorough, and so
let’s start out with a discussion of WiFi itself.

The mid-2000s were a coming of age era for WiFi. It had become ubiquitous in
laptops, and the 2007 launch of the iPhone established WiFi as a feature of
mobile devices (yes, various phones had offered WiFi support earlier, but none
sold nearly as well). Yet there weren’t always that many networks out there.
Today, it seems that it has actually become less common for cafes to offer WiFi
again, presumably as LTE has reached nearly all cafe customers and fewer people
carry laptops. But in the 2010s, genuinely free, public WiFi had become far
more available in US cities.

Some particularly ambitious cities launched wide-area WiFi programs, and for a
brief time “Municipal WiFi” was a market sector. Portland, where I grew up, was
one of these, with a wide-area WiFi network covering the house I grew up in for
a couple of years. Like most the program didn’t survive to see 2020.
Ironically, efforts to address the “digital divide” have lead to a partial
renaissance of municipal WiFi. Many cities now advertise free WiFi service at
parks, libraries, and other public places. I was pleased to see that Mexico
City has a relatively expansive municipal WiFi service, probably taking
advantage of the municipal IP network they have built out for video
surveillance and emergency phones.

The 2000s, though, were different. “Is there WiFi here?” was the sort of
question you heard all the time in the background. WiFi was seen as a revenue
source (less common today, although the hotel industry certainly still has its
holdouts) and so facility-offered WiFi was often costly. A surprising number of
US airports, for example, had either no WiFi or only a paid service even
through the 2010s. I’m sure there are still some like this today, but paid WiFi
seems on the way out [1], probably as a result of the strong competition it
gets from LTE and 5G. The point, though, is that back in 2006 we were all
hungry for WiFi all the time.

We also have to understand that the 802.11 protocol that underlies WiFi is
surprisingly complex and offers various different modes. We deal with this less
today, but in the 2000s it was part of computer user consciousness that WiFi
came in two distinct flavors. 802.11 beacon packets, used to advertise WiFi
networks to nearby devices, include a flag that indicates whether the network
operates in infrastructure mode or ad-hoc mode.

A network in infrastructure mode, basically the normal case, requires all
clients to communicate with the access point (AP). When two clients exchange
traffic, the AP serves as an intermediary, receiving packets from one device
and transmitting them to the other. This might at first seem inefficient, but
this kind of centralization is very common in radio systems as it offers a
simple solution to a complex problem. If a WiFi network consists of three
devices, an AP and two clients (A and B), we know that clients A and B can
communicate with the AP because they are maintaining an association. We don’t
know if A and B can communicate with each other. They may be on far opposite
sides of the AP’s range, there may be a thick concrete wall between A and B,
one device may have very weak transmit power, etc. Sending all traffic through
the AP solves this problem the same way a traditional radio repeater does, by
serving as an intermediary that is (by definition for an AP) well-positioned in
the network coverage area.

The other basic WiFi mode is the ad-hoc network. In an ad-hoc network, devices
communicate directly with each other. The main advantage of an ad-hoc network
is that no AP is required. This allowed me and a high school friend to
communicate via UnrealIRCd running on one of our laptops during our
particularly engaging US Government/Economics class (we called this
“Governomics”). The main disadvantage of ad-hoc networks is that the loss of a
central communications point makes setup and routing vastly more complicated.
Today, there is a much better established set of technologies for distributed
routing in mesh networks, and yet ad-hoc WiFi is still rare. In the 2000s it
was much worse; ad-hoc mode was basically unusable by anyone not ready to
perform manual IP address management (yes, link local addresses existed and we
even used them for our IRC client configurations, but most people evidently
found these more confusing than helpful).

In general, ad-hoc networks are a bit of a forgotten backwater of consumer WiFi
technology. At the same time, the promise of ad-hoc networks featured heavily
in marketing around WiFi, compelling vendors to offer a clear route to creating
and joining them. This has allowed some weird behaviors to hang around in WiFi
implementations.

Another thing about WiFi networks in the 2000s, and I swear this is all
building to a point, is that the software tools for connecting to them were not
very good. On Windows, WiFi adapter vendors distributed their own software.
Anyone with a Windows laptop in, say, 2005 probably remembers Dell QuickSet
Wireless, Intel PROSet/Wireless (this actually how they style the name), and
Broadcom WLAN Utility. The main thing that these vendor-supported wireless
configuration utilities shared was an astounding lack of quality control, even
by the standards of the time. They were all terrible: bizarre, intrusive,
over-branded UX on top of a network configuration framework that had probably
never worked reliably, even in the original developer’s test environment.

Perhaps realizing that this hellscape of software from hardware companies was
undoubtedly having a negative impact on consumer perception of Windows [2],
Microsoft creaked into action. Well, this part is kind of confusing, in a
classically Microsoft way. Windows XP had a built-in wireless configuration
management utility from the start, called Wireless Zero Configuration. The most
irritating thing about the vendor utilities was that they were unnecessary;
most of the time you could just uninstall them and use Wireless Zero and
everything would work fine.

Wireless Zero was the superior software too, perhaps because it had fewer
features and was designed by someone with more of the perspective of a computer
user than a wireless networking engineer. Maybe I’m looking on Wireless Zero
with rose-colored glasses but my recollection is that several people I knew
sincerely struggled to use WiFi. The fix was to remove whatever garbage their
network adapter vendor had provided and show them Wireless Zero, where
connecting to a network meant clicking on it in a list rather than going
through a five-step wizard.

So why did the vendor utilities even exist? Mostly, I think, because of the
incredible urge PC vendors have to “add value.”
Gravis, in the context of “quick
start” operating systems, gives a good explanation of this phenomenon. The
problem with being a PC vendor is that all of the products on the market offer
a mostly identical experience. For vendors to get any competitive moat bigger
than loud industrial design (remember when you badly wanted a Vaio for the
looks?), they had to “add value” by bolting on something they had developed
internally. These value-adds were, almost without exception, worthless
garbage. And wireless configuration utilities were just another example, a way
for Intel to put their brand in front of your face (seemingly the main concern
of Intel R&D to this day) despite doing the same thing everyone else did.

There was a second reason, as well. While it was a good fit for typical
consumer use, Wireless Zero was not as feature-complete as many of the vendor
utilities were. Until the release of Vista and SP3, Wireless Zero was basically
its own proprietary solution just like the vendor utilities. There was no
standard API to interact with wireless configuration on XP/SP1/2, so if a
vendor wanted to offer anything Zero couldn’t do, they had to ship their whole
own Product. Microsoft’s introduction of a WiFi config API in Vista (and
basically backporting it to SP3) was a big blow to proprietary wireless
utilities, but it probably had less of an impact than the general decline of
crapware in Vista and later.

This is not to say that they’re gone. A surprising number of PCs still ship
with some kind of inane OEM software suite that offers a half-baked wireless
configuration utility (just a frontend on the Windows API) alongside the
world’s worst backup service, a free trial offer for a streaming service you
haven’t heard of but represents the death throes of a once great national cable
network, and something that tells you if your PC is “healthy” based on
something about the registry that has never and will never impact your life???
God how is the PC industry still like this [3].

I think I have adequately set the stage for our featured story. In the late
2000s, huge numbers of people were (a) desperately looking for a working WiFi
network even though they were in a place like an airport that should clearly,
by civilized standards, have a free one; (b) using Wireless Zero on XP/SP1/2;
and (c) in possession of only a vague understanding of ad-hoc networks which
were nonetheless actively encouraged by WiFi vendors and their software.

Oh, there is a final ingredient: Wireless Zero had an interesting behavior
around ad-hoc networks. It’s the kind of thing that sounds like an incredibly
bad decision in retrospect, but I can see how Microsoft got there. Let’s say
that, for some reason and some how, a consumer uses ad-hoc WiFi. It was
ostensibly possible, not even really that hard, to use ad-hoc WiFi to provide
internet access in a home (from e.g. a USB DSL modem, still common at the
time). It’s just that the boxes you had to check were enough clicks deep in the
network control panel that I doubt many people ever got there.

One of the problems with ad-hoc WiFi, though, is that ad-hoc networks can be
annoying to join. You’ve got to enter the SSID and key, which is already bad
enough, but then you’re going to be asked if it’s WEP or WPA or WPA2 and then,
insult on injury, if the WPA2 is in TKIP or AES mode. For ad-hoc networks to be
usable something had to broadcast beacons, and without an AP, that had to be
the first computer in the network.

So, now that you have your working ad-hoc setup complete with beacons, you
might want to take your laptop, unplug it from the DSL modem, and take it
somewhere else. Maybe you go on a trip, use the WiFi at a hotel (probably $15 a
day depending on your WORLD OF HYATT status), then come back home and plug
things back in the way they were. You would expect your home internet setup to
pick up where you left off, but people didn’t have as many devices back then
and especially not as many always-on. Your laptop, de facto “host” of the
ad-hoc network, may be the only network participant up and running when you
want to connect a new device. So what does it need to do? Transmit beacons
again, even though the network configuration has changed a few times.

The problem is that it’s really hard for a system in an ad-hoc network to know
whether or not it should advertise it. Wireless Zero didn’t really provide any
way to surface this decision to the user, and the user probably wouldn’t have
understood what it meant anyway. So Microsoft took what probably seemed, in the
naivety of the day, to be a reasonable approach: once a Windows XP machine had
connected to an ad-hoc network, it “remembered” it the same way it did the
“favorite” networks, for automatic reconnection. Assuming that it might just be
the first device in the ad-hoc network to come up, if the machine had a
remembered ad-hoc network and wasn’t associated with anything else, it would
transmit beacons.

Put another way, this behavior sounds far more problematic: if a Windows XP
machine had an ad-hoc network favorited (which would be default if it had ever
connected to one), then when it wasn’t connected to any other WiFi network, it
would beacon the favorited ad-hoc network to make it easier for other hosts to
connect. Ad-hoc networks could get stuck in there, a ghost in Wireless Zero.

You can no doubt see where this goes. “Free Public WiFi” was just some ad-hoc
network that someone created once. We don’t know why; most people seem to go to
ill intent but I don’t think that’s necessary. Maybe some well-meaning cafe
owner had an old computer with a USB DSL modem they used for Business and
decided to offer cafe WiFi with the hardware they already owned. The easiest
way (and probably only way, given that driver support for infrastructure mode
AP behavior on computer WiFi adapters remains uneven today) would be to create
an ad-hoc network and check the right boxes to enable forwarding. But who knows,
maybe it was someone intercepting traffic for malicious purposes, maybe it was
someone playing a joke, all we really know is that it happened sometime before
2006 when I find the first public reference to the phenomenon.

Whoever it was, they were patient zero. The first Windows XP machine to connect
became infected, and when its owner took it somewhere else and didn’t connect
to a WiFi network, it helpfully beaconed Free Public WiFi. Someone else, seeing
such a promising network name, connected. Frustrated by the lack of Hotmail
access, they disconnected and moved on… but, unknowingly, they were now part
of The Ad-Hoc Network.

The phenomenon must have spread quickly. In 2007, a wire service column of
security tips (attributed to the Better Business Bureau, noted information
security experts) warns that “this network may be an ad-hoc network used by
hackers hunting for credit card information, Social Security numbers and
account passwords.” Maybe! Stranger things have happened! I would put good
money on “no” (the same article encourages using a VPN, an early link in a
chain that leads to the worst YouTube content today).

By 2008-2009, when I think I had reached a high level of owning a laptop and
using it in strange places, it was almost universal. “Free Public WiFi”
enchanted me as a teenager because it was everywhere. I could hardly open my
laptop without seeing it there in the Wireless Zero list. Like the Morris worm,
it exploited a behavior so widespread and so unprotected that I think it must
have burned through a substantial portion of the Windows XP laptop fleet.

“Free Public WiFi” would reach an end. In Service Pack 3, as part of the
introduction of the new WLAN framework, Microsoft fixed the beacon behavior.
This was before the era of forced updates, though, and XP was particularly
notorious for slow uptake of service packs. “Free Public WiFi” was apparently
still widespread in 2010 when NPR’s mention inspired a wave of news coverage.
Anecdotally, I think I remember seeing it into 2012. One wonders: is it still
around today?

Unfortunately, I always have a hard time with large-scale research on WiFi
networks. WiGLE makes a tantalizing offer of an open data set to answer this
kind of question but the query interface is much too limited and the API has a
prohibitively low quota. Maxing out my API limits every day I think it’d take
over a month to extract all the “Free Public WiFi” records so that I could
filter them the way I want to. Perhaps I should make a sales inquiry for a
commercial account for my enterprise blogging needs, but it’s just never felt
to me like WiGLE is actually a good resource for the security community.
They’re kind of like hoarders, they have an incredible wealth of data but they
don’t want to give any of it up.

I pulled the few thousand records I’m allowed to get today from WiGLE and then
changed tracks to WifiDB, which is much less known than WiGLE but actually
makes the data available. Unfortunately WifiDB has a much lower user count, and
so the data is clearly impacted by collection bias (namely the impressive work
of one specific contributor in Phoenix, AZ).

Still, I can find instances of ad-hoc “Free Public WiFi” spanning 2006 to as
late as 2018! It’s hard to know what’s going on there. I would seriously
consider beaconing “Free Public WiFi” today as a joke, but it may be that in
2018 there was still some XP SP2 laptop in the Phoenix area desperately hoping
for internet access.

WifiDB data, limited though it is, suggests that The Ad-Hoc Network peaked in
2010. Why not a crude visualization?

2006    1   |
2007    0   
2008    39  |||||
2009    82  |||||||||
2010    93  ||||||||||
2011    20  |||
2012    2   |
2013    0
2014    1   |
2015    5   ||
2016    3   |
2017    2   |
2018    1   |

That 2006 detection is the first, which lines up with NPR’s reporting, but
could easily also be an artifact of WifiDB’s collection. And 2018! The long
tail on this is impressive, but not all that surprising. XP had a real
reputation for its staying power. There are surely still people out there that
hold that XP was the last truly good Windows release—and honestly I might be
one of them. Every end-of-life announcement for XP triggered a wave of
complaints in the industry rags. In 2018, some niche versions of XP (e.g.
POSReady) were still under security support!

Most recent observations of “Free Public WiFi” are actually infrastructure-mode
networks. It’s an amusing outcome that “Free Public WiFi” has been legitimized
over time. In Bloomington, Indiana I think it’s actually the public WiFi at a
government building. Some office buildings and gas stations make appearances.
“Free Public WiFi” is probably more likely to work today than not… but no
guarantee that it won’t steal your credit card. Pay heed to the Better Business
Bureau and take caution. Consider using a VPN… how about a word from our
sponsor?

Postscript: I have been uploading some YouTube videos! None of them are good,
but check it out.
I’m about to record another one, about burglar alarms.

[1] Paid WiFi still seems alive and well at truck stops. Circumstances on a
recent cross-country trip lead to me paying an outrageous sum, something like
$20, for one day of access to a nationwide truck stop WiFi service that was
somewhere between “completely broken” and “barely usable to send an email” at
the three successive TAs I tried at. My original goal of downloading a
several-GiB file was eventually achieved by eating at a restaurant proximate to
a Motel 6. Motel 6 may be the nation’s leading municipal WiFi operator.

[2] Can we think of another set of powerful hardware vendors consistently
dragging down the (already questionably seaworthy) Windows ecosystem by
shipping just absolute trash software that’s mandatory for full use of their
hardware? Companies that are considered major centers of computer innovation
yet distribute a “driver” as an installer for an installer that takes over a
minute just to install the installer? Someone with the gall to call their
somehow even less stable release branch “ADRENALINE EDITION”?

[3] I used to have a ThinkPad with an extra button that did nothing because
Lenovo decided not to support the utility that made it do things on Vista or
later. This laptop was sold well after the release of Vista and I think shipped
with 7. That situation existed on certain ThinkPad models for two
generations.
Things like this drive you to the edge of the Apple Store I
swear, and Lenovo isn’t as bad as some.

Read More