Has ethernet become illegitimate? A librarian flipped out after spotting me using ethernet
I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).
I was packing my laptop and a librarian spotted me unplugging my ethernet cable and approached me with big wide open eyes and pannicked angry voice (as if to be addressing a child that did something naughty), and said “you can’t do that!”
I have a lot of reasons for favoring ethernet, like not carrying a mobile phone that can facilitate the SMS verify that the library’s captive portal imposes, not to mention I’m not eager to share my mobile number willy nilly. The reason I actually gave her was that that I run a free software based system and the wifi drivers or firmware are proprietary so my wifi card doesn’t work¹. She was also worried that I was stealing an ethernet cable and I had to explain that I carry an ethernet cable with me, which she struggled to believe for a moment. When I said it didn’t work, she was like “good, I’m not surprised”, or something like that.
¹ In reality, I have whatever proprietary garbage my wifi NIC needs, but have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware. But there’s little hope for getting through to a librarian in the situation at hand, whereby I might as well have been caught disassembling their PCs.
The reality despite what you or i might do, is that 99% of people don't carry around an ethernet or hardwire in when there is available wifi.
The library might be public, but it's still a good idea to communicate your intent or obtain permission prior to using someone else's network in away they might deem to be unexpected.
"Do you have ethernet or wired internet?" is actually a common library question and the response from whoever works the front desk will likely tell you everything you need to know.
I plugged into ethernet (as wifi w/captive portal does not work for me). I think clearnet worked but I have no interest in that. Egress Tor traffic was blocked and so was VPN. I’m not interested in editing all my scripts and configs to use clearnet, so the library’s internet is useless to me (unless I bother to try a tor bridge).
Yeah... Trying to bypass their security by using ethernet instead of Wi-Fi to use your own stuff that's being blocked is tantamount to abusing the library's services. Someone should let the IT staff know so they can properly block those services on ethernet as well.
Well, you were trying to bypass one of their security measures. They require SMS verification so that they can track you in case you break their rules. Presumably this is why they also block other means of anonymizing yourself.
Good luck with that here. No port you can access will give you a IP If its hot at all. We don't allow patron machines to use Ethernet since it bypasses the QOS setting for the public WiFi. We also don't have any requirements to connect to our WiFi.
The reason for not allowing this is simple. We had several people come in and abuse usage of wired connections. Specifically people with consoles that thought it was okay to come in and kill our Patron vlan to download that fifty gig update for their console.
My first reaction is yeah, you don't just plug into random Ethernet.
The wi-fi is likely a visitor network setup for guests to the library. That ethernet port could provide access to their private intranet, and be a security risk to the library. Worst case scenario, it could result in malware, ransomware, and/or millions of dollars in expenses to recover (on a library budget, that could mean permanently shutting down the library even).
After reading your post, I would say, no harm intended, just don't do it again.
After reading your comments about intentionally being vague about 'plugging in' to lead the librarian to think you were asking to plug in a power cord, and not specifically meaning ethernet connection.... yeah, you're clearly in the wrong. Just be up front; if they say no, so be it. They may be able to direct you to a visitor ethernet plug-in, or maybe not.
If this were an AITA thread, i'd say yes, YTA in this case.
Asking in an security community.... I would assume some level of technical awareness, and you are likely well aware of network segmentation, and that no IT department would be happy about a guest plugging their laptop into random rj-45 jacks around the building. Maybe it's not well designed, and that actually has access to firewall administration?
Most folks will probably freak out when they see a terminal window ("DOS box") on a computer.
Most folks in my country have no idea that there is something else than WhatsApp as alternative to SMS.
Whenever I've tried explaining to people that stuff on their website violates privacy or when I try to explain why they are having email delivery problems almost always results in permanent silence or disbelief.
Technology appears to be a scare factor for a lot of people. But in this case the librarian maybe thought that Ethernet was only for their qualified IT department to use.
I can’t rant against librarians. My friend has been a librarian for many years and she has put up with a hell of a lot of crap from people. So be kind, be patient and be honest with them.
Obviously not all librarians, like any job, are perfect.
If it was a publicly available Ethernet port, it was likely for public use. The fact that she thought it was malicious speaks to ignorance on her part, not yours.
10+ years ago you had to bring your own ethernet cable to the University library because the WiFi couldn't handle all the students at peak times. Wo der if it's still the case.
It's uncommon for 'public use' ethernet ports to exist, unless they are clearly labeled. The ethernet ports might grant access to the internal network, which, is easy to accidentally do. A non-profit library with a limited budget might overlook all the extra protections on open ports (enable/disable ports as needed, use 802.11x port-based authentication, internal SSL, etc), that would be necessary to secure it. Or, even better; that RJ45 port might be wired up to an old PBX, and you may have fried their telephone system, or your own hardware.
This sounds odd to me, unless you connected to an Ethernet port behind a desk or somehow forced open a network closet… They also might not like it if you disconnected one of the public computers to use its cable/port; otherwise if this was an open and public port, you used it as designed and the librarian probably has watched too many Hollywood hacking movies. I have to admit, I never thought of this as a way to bypass the captive portal (sorta just assumed everyone going through the public network would have to hit it, kinda of the equivalent to having everyone sign a liability waiver).
With that said, I can see some institutions not liking connections that aren’t part of the more traditional/commercial networking (but it doesn’t sound like the library took issue with your traffic, just the librarian didn’t like the PHY link you chose to use). For the SMS thing (I haven’t seen that used in a while, you might be able to use some sort of burner number app if they don’t filter them).
I'm not surprised. I know people who don't even know what an ethernet cable is. I've worked enough IT to realize that a tangled mess of 6 cables can be as horrifying as a Predator to people. It doesn't help that everything is slowly going to POE, POE+ and even ++ now so it's doubling as power as well. In analog video days I could look at the back of a random device and instantly figure out it's purpose. That's rapidly becoming a rarity. For a worrisome section of the population, plugging in an ethernet cable is the equivalent of building a table or performing a back flip.
And when it comes to hacking, good god nobody knows anything. I remember we had a dozen students in high school (around 2000ish?) get suspended for "hacking" and really it was just that a section of the student body found a network storage location without any password protection and were using it as a flash drive on school grounds. Literally they just suspended anybody who signed their name on the homework assignments stored there.
The real crime was that drive had lunch pins for all the accounts in plain text to run their system, without a password!
have a principled objection to a service financed by public money forcing people to install and execute proprietary non-free software on their own hardware
You are on spot there, but sadly even legislators are far from understanding the reasons why this matters so much, let alone the general public.
Whatever security policy they have, it shouldn't require you installing a random executable to your system. And it was flawed enough that it didn't care to give your device access.
And by the way, it's so awesome you carry an ethernet cable around!!
I mean, I asked at a library if I could plug into the Ethernet because my laptop had an RJ45 port and I needed to download something sizable for work and the WiFi was dropping it. They let me hook up on one of the library computer ports and I left it the way I found it.
It's not the librarians issue to worry about. It's the IT team supporting your library. If there wasn't a sign that said "not for customer use", then it's fine.
it's clearly there to be used, a lot of places have ethernet jacks for that...
the librarian is just a luddite and you probably had a black hoodie and a
terminal open so she assumed you were selling fentanyl to pedophile ransomware communists...