I seldom use public wifi. But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

Is this common? I.e., how do people do banking or other
"secure" transactions? Or, do they just use them to
"check pricing" at other stores?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 03/05/2025 22:34, Don Y wrote:

I seldom use public wifi.  But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

Is this common?  I.e., how do people do banking or other
"secure" transactions?  Or, do they just use them to
"check pricing" at other stores?

The one in my public library is properly secure. In fact it is so secure
that some of the libraries own computers won't talk to it at the moment
after a recent upgrade to the Wifi router.

I have a portable sat on my desk that I need to reset the forgotten/not
known admin password for right now. Unable to install the latest network drivers because they don't know what the admin password was set to by
someone about 5 years ago. Yes their PCs are quite elderly and run into
the ground but plenty good enough for web browsing. For some reason the
"L" key consistently seems to wear out fastest to blank - any ideas why?

Followed by S, C, H, N, D & O but they still remain legible (sort of).

Only the very top left half trace of the vertical for the L remains.

--
Martin Brown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Sat, 3 May 2025 14:34:19 -0700, Don Y <blockedofcourse@foo.invalid>
wrote:

I seldom use public wifi. But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

Is this common? I.e., how do people do banking or other
"secure" transactions? Or, do they just use them to
"check pricing" at other stores?

Personally I would never use a public AP for anything involving bank
accounts or online purchases. NEVER!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5/4/2025 2:00 AM, Martin Brown wrote:

On 03/05/2025 22:34, Don Y wrote:

I seldom use public wifi.  But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

Is this common?  I.e., how do people do banking or other
"secure" transactions?  Or, do they just use them to
"check pricing" at other stores?

The one in my public library is properly secure. In fact it is so secure that some of the libraries own computers won't talk to it at the moment after a recent upgrade to the Wifi router.

Oops! Are the "library's own computers" connected wirelessly to their
network provider?

Here, the workstations IN the library -- and the computers used by the librarians -- have wired connections. The wireless AP is only for
the convenience of people who want to bring their own laptop into
the coverage area *or* (more commonly) their cell phone (to avoid
"data plan" charges as well as homeless people who don't have a
"home" in which to have wired service.

Bringing your own bit of kit in allows you to avoid any snoop-ware
that may be installed on the "public access" machines on the library's
wired network (there are no options to connect to the wired network
other than using a prewired machine).

And, the whole point of HTTPS is to safeguard against MitM attacks
and spoofing. (else, your ISP could just as easily be snooping
your traffic; I suspect some of the bigger/national ISPs here
regularly watch for torrent traffic, warez sites, etc.)

[The library implements some sort of black/white-listing service
but I suspect it is contracted out as they don't have the skills
or "internet awareness" to know what might be "inappropriate use"]

The question posed is whether or not "every" such AP (coffee shops,
department stores, doctor offices, etc.) has such a MitM proxy
in place, censoring transactions. And, if not, WHY not? (this
seems a social vulnerability)

I have a portable sat on my desk that I need to reset the forgotten/not known admin password for right now. Unable to install the latest network drivers because they don't know what the admin password was set to by someone about 5

I put sticky labels on each of my devices with the UID of the
"priviledged user" along with the password. I figure if someone
has broken into my home, a password is not going to deter them
from taking what they want (I don't encrypt disk drives)

[FBI visited the local library branch some time ago and carted
off a workstation. Apparently, someone had sent a threatening
note using it (so they obviously track traffic and connection
history). Biggest privacy risk, IMHO, is using their printer
as it caches documents on an internal disk...]

years ago. Yes their PCs are quite elderly and run into the ground but plenty good enough for web browsing. For some reason the "L" key consistently seems to
wear out fastest to blank - any ideas why?

Followed by S, C, H, N, D & O but they still remain legible (sort of).

I don't "touch type" but my fingers tend to know where the
keys are, regardless of label (though there seems to be
a noted differential in nerve impulse propagation that
leads to "teh" instead of "the", etc.)

I periodically clean the keyboards, removing the keycaps and
soaking them in soapy water. Then, after drying, test my memory
of the keyboard layout by putting them back in place, unaided.

Only the very top left half trace of the vertical for the L remains.

My mice tend to see more wear than the keyboard. Of course,
fewer "keys" involved there.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 04/05/2025 13:31, Don Y wrote:

On 5/4/2025 2:00 AM, Martin Brown wrote:

On 03/05/2025 22:34, Don Y wrote:

I seldom use public wifi.  But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

Is this common?  I.e., how do people do banking or other
"secure" transactions?  Or, do they just use them to
"check pricing" at other stores?

The one in my public library is properly secure. In fact it is so
secure that some of the libraries own computers won't talk to it at
the moment after a recent upgrade to the Wifi router.

Oops!  Are the "library's own computers" connected wirelessly to their network provider?

Here, the workstations IN the library -- and the computers used by the librarians -- have wired connections.  The wireless AP is only for
the convenience of people who want to bring their own laptop into
the coverage area *or* (more commonly) their cell phone (to avoid
"data plan" charges as well as homeless people who don't have a
"home" in which to have wired service.

The immovable ones are wired in, but the portables that are brought out
and used when it is busy or for schools computing classes are not. They
rely on the Wifi - but are chained to the desk for other reasons.

Bringing your own bit of kit in allows you to avoid any snoop-ware
that may be installed on the "public access" machines on the library's
wired network (there are no options to connect to the wired network
other than using a prewired machine).

The network access password is displayed.

And, the whole point of HTTPS is to safeguard against MitM attacks
and spoofing.  (else, your ISP could just as easily be snooping
your traffic; I suspect some of the bigger/national ISPs here
regularly watch for torrent traffic, warez sites, etc.)

[The library implements some sort of black/white-listing service
but I suspect it is contracted out as they don't have the skills
or "internet awareness" to know what might be "inappropriate use"]

The question posed is whether or not "every" such AP (coffee shops, department stores, doctor offices, etc.) has such a MitM proxy
in place, censoring transactions.  And, if not, WHY not?  (this
seems a social vulnerability)

IDK for sure but I suspect libraries connect to the internet through
some national government gateway that blocks most really dodgy sites.
Their in house computer expertise is essentially nil.

I have a portable sat on my desk that I need to reset the
forgotten/not known admin password for right now. Unable to install
the latest network drivers because they don't know what the admin
password was set to by someone about 5

I put sticky labels on each of my devices with the UID of the
"priviledged user" along with the password.  I figure if someone
has broken into my home, a password is not going to deter them
from taking what they want (I don't encrypt disk drives)

[FBI visited the local library branch some time ago and carted
off a workstation.  Apparently, someone had sent a threatening
note using it (so they obviously track traffic and connection
history).  Biggest privacy risk, IMHO, is using their printer
as it caches documents on an internal disk...]

Most printers also leave a hidden signature on every document they print
(in very faint yellow dots). Illuminate in pure blue light to see them.

years ago. Yes their PCs are quite elderly and run into the ground but
plenty good enough for web browsing. For some reason the "L" key
consistently seems to wear out fastest to blank - any ideas why?

Followed by S, C, H, N, D & O but they still remain legible (sort of).

I don't "touch type" but my fingers tend to know where the
keys are, regardless of label (though there seems to be
a noted differential in nerve impulse propagation that
leads to "teh" instead of "the", etc.)

I periodically clean the keyboards, removing the keycaps and
soaking them in soapy water.  Then, after drying, test my memory
of the keyboard layout by putting them back in place, unaided.

Only the very top left half trace of the vertical for the L remains.

My mice tend to see more wear than the keyboard.  Of course,
fewer "keys" involved there.

The mouse buttons gradually develop a high polish. At least with modern
optical ones you no longer have to remove the rubber ball the defur it!

--
Martin Brown

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Here, the workstations IN the library -- and the computers used by the
librarians -- have wired connections.  The wireless AP is only for
the convenience of people who want to bring their own laptop into
the coverage area *or* (more commonly) their cell phone (to avoid
"data plan" charges as well as homeless people who don't have a
"home" in which to have wired service.

The immovable ones are wired in, but the portables that are brought out and used when it is busy or for schools computing classes are not. They rely on the
Wifi - but are chained to the desk for other reasons.

I don't think there are any "other" devices (perhaps the color printer?)
that aren't wired to dedicated drops. But, our branch is reasonably
small (~10,000 sq ft -- most of that meeting rooms, etc.) so what's
"out" is likely all there is room for.

Bringing your own bit of kit in allows you to avoid any snoop-ware
that may be installed on the "public access" machines on the library's
wired network (there are no options to connect to the wired network
other than using a prewired machine).

The network access password is displayed.

Yes. Ours is posted on the OUTSIDE of the building as people often
sit out front -- esp after hours -- to use the wifi. It is not
uncommon to see a car in the parking lot long after dark; you
KNOW what they are doing.

Hence my question re: secure transactions (hard to imagine they
have driven over *just* to use the catalog!)

I should visit some of the other places that offer wifi and
see if they are similarly proxied. For the same sorts
of reasons the library is!

I suspect the free wifi offer is to encourage phone use (beacons
to track customer traffic as well as see what other stores they
consult!)

The question posed is whether or not "every" such AP (coffee shops,
department stores, doctor offices, etc.) has such a MitM proxy
in place, censoring transactions.  And, if not, WHY not?  (this
seems a social vulnerability)

IDK for sure but I suspect libraries connect to the internet through some national government gateway that blocks most really dodgy sites. Their in house
computer expertise is essentially nil.

The filtering is obviously out-sourced. The license agreement sports
a Cisco logo. It would be impractical for them to have that sort
of expertise on staff (given that they have even outsourced the
*catalog* -- how hard is THAT to maintain??)

I have a portable sat on my desk that I need to reset the forgotten/not
known admin password for right now. Unable to install the latest network >>> drivers because they don't know what the admin password was set to by
someone about 5

I put sticky labels on each of my devices with the UID of the
"priviledged user" along with the password.  I figure if someone
has broken into my home, a password is not going to deter them
from taking what they want (I don't encrypt disk drives)

[FBI visited the local library branch some time ago and carted
off a workstation.  Apparently, someone had sent a threatening
note using it (so they obviously track traffic and connection
history).  Biggest privacy risk, IMHO, is using their printer
as it caches documents on an internal disk...]

Most printers also leave a hidden signature on every document they print (in very faint yellow dots). Illuminate in pure blue light to see them.

Yes. They also seem unable to print negotiable financial instruments.

I periodically clean the keyboards, removing the keycaps and
soaking them in soapy water.  Then, after drying, test my memory
of the keyboard layout by putting them back in place, unaided.

Only the very top left half trace of the vertical for the L remains.

My mice tend to see more wear than the keyboard.  Of course,
fewer "keys" involved there.

The mouse buttons gradually develop a high polish. At least with modern optical
ones you no longer have to remove the rubber ball the defur it!

Yeah, it was really easy to get an idea as to how clean your (physical)
desktop was, back then! If you found yourself cleaning the mouse every
few days, you likely needed to vacuum the crumbs and assorted sh*t
off your desk!

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

"Don Y" <blockedofcourse@foo.invalid> wrote in message news:vv624s$e8eb$1@dont-email.me...

I seldom use public wifi. But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

It may be that the agent doesn't interfere with accesses for all traffic, just https.
I'd try a remote desktop connection to my computer at home and use that if it works (I've yet to find a location where it didn't).
I might need to whitelist the library's public IP range in my own firewall, which I'd do if I used that library often.

Is this common? I.e., how do people do banking or other
"secure" transactions? Or, do they just use them to
"check pricing" at other stores?

Any library I've been to recently has a captive portal followed by an Internet service no different from what I get at home.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 5/4/2025 2:40 PM, Edward Rawde wrote:

"Don Y" <blockedofcourse@foo.invalid> wrote in message news:vv624s$e8eb$1@dont-email.me...

I seldom use public wifi. But, had the occasion to TRY to do so
at a local library branch.

Dismayed to find no HTTPS support; they apparently have an
"agent" interposed between all network accesses.

It may be that the agent doesn't interfere with accesses for all traffic, just https.

Likely HTTP and HTTPS. This is how most folks will likely use the AP. Injecting itself in HTTPS seems stupid -- the sort of thing a designer
would realize as foolish (just *BLOCK* HTTPS rather than trying to act
as an active proxy)

The actual connection to The Internet is conditioned on acceptance of
an EULA. So, they expect any clients to have HTTP support in order
to serve that agreement to them.

I'd try a remote desktop connection to my computer at home and use that
if it works (I've yet to find a location where it didn't).

I was limited to whatever apps were on the phone. As I rarely *use*
a cell phone (for anything other than AS a phone), there is nothing there besides the HTTP client.

I can, perhaps, install/configure an email client or TELNET/SSH client
and see how those fare. But, I doubt most users are relying on WiFio
for those services.

I might need to whitelist the library's public IP range in my own
firewall, which I'd do if I used that library often.

My server "blocks all" and relies on a particular "knock sequence"
to allow ANY client access (the sequence being the access key so
it isn't tied to a range of IPs)

I don't let *anything* talk to me workstations.

Is this common? I.e., how do people do banking or other
"secure" transactions? Or, do they just use them to
"check pricing" at other stores?

Any library I've been to recently has a captive portal followed by
an Internet service no different from what I get at home.

I have only this limited experience with THIS branch library
(though I would suspect the other branches in the system
behave similarly; the protection mechanisms applied at
a higher organizational level).

I may try an HTTPS connection to someplace like Digikey; there
should be no reason to "blacklist" that site! Or, pick a
bank at random and see if the HTTPS connection is deflected.
Or, one of the local hospital "patient portals" (HIPAA requiring
that sort of protection)

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)