EFF Launches Open Router Firmware

Open Wireless Movement logo

The Electronic Frontier Foundation have released an alpha of their own Open Wireless Router Firmware as part of the Open Wireless Movement. This project aims to make it easier to share your wireless network with others, while maintaining security and prioritization of traffic.

We’ve seen a lot of hacks based on alternative router firmware, such as this standalone web radio. The EFF have based their router firmware off of CeroWRT, one of the many open source firmware options out there. At this time, the firmware package only targets the Netgear WNDR3800.

Many routers out there have guest modes, but they are quite limited and often have serious vulnerabilities. If you’re interested in sharing your wireless network, this firmware will help out by letting you share a specified amount of bandwidth. It also aims to have a secure web interface, and secure auto-update using Tor.

The EFF has announced this “pre-alpha hacker release” as a call for hackers who want to join in the fun. Development is happening over on Github, where you’ll find all of the source and issues.

20 thoughts on “EFF Launches Open Router Firmware

  1. Nice. I was convinced years ago to leave my wireless network open for guests and neighbors. Now, I leave a spare 802.11b router hanging off my network specifically named “Free Public WiFi” to help out – with QoS on my pfSense box to keep the bandwidth down to something reasonable. According to DHCP logs, the traffic is very low, mostly iPhones and such. Probably helps others get around data caps, so yay for that.

  2. To bad Germany is fully excluded from this development. Here we have something called “Störerhaftung” (liability for disturbance), so anyone who allows others to use their WiFi is also fully accountable for everything that happens on his Access/IP. It’s a definition by law. We would need to change laws to be able to get this going =/

    1. Also check out the Freifunk project – http://freifunk.net/ They use a centralised VPN that the node connects to, and all traffic is routed over this node so your IP as an individual is never used on the internet.

      It is dependent on which freifunk group you belong to, ours does save address registrations and node IDs, so if someone does something nasty on my router they do have a log that the bad client was connected via my router.

  3. So will the EFF represent you when you’re hauled into court for being a Exit Node on Tor that ran Malware/Child Porn thru it? Or after your neighbor torrented the full current season of True Blood or Game of Thrones thru it? Or after a random wardriver made death threats to his ex-girlfriend thru it?

    Running a open WAP from your house is just plain stupid (at least in the States).

    1. Best just to play it safe, don’t make waves, let the waters grow stagnant and rancid around you. Or you could simply pay attention to what kind of traffic is passing through your router from time to time. Patriot = good neighbor.

      1. Admittedly, a couple people with unsecured wireless networks have had their doors kicked down by police looking for child porn, but they eventually figured out that they had made a huge mistake. It’s possible someone might eventually be wrongly convicted in the US, but the law is pretty clear that you are not responsible for internet traffic that happens to go through your equipment. I’m pretty sure those are laws that ISP’s pushed through to cover their asses, but thankfully they cover us as well.
        I am a huge supporter of the Open Wireless Movement, and would encourage everyone to set up a guest network to give away your unused bandwidth. Looking at people who aren’t “computer people” or don’t “do” the internet is a little like talking to someone who is mentally handicapped. Instant access to information completely changed us, and I think denying someone internet is like denying someone eyesight or hearing. If I had to choose between one of my senses and internet access, it would be a really hard call. No-one deserves that sort of deprivation.

        1. >If I had to choose between one of my senses and internet access, it would be a really hard call. No-one deserves that sort of deprivation.

          That’s called internet addiction and it can be cured.

        2. One of the smartest people I know isn’t computer literate… he’s in his 60’s. I’ve learnt a lot from him and he has never come across as “mentally handicapped”. We don’t really speak about computers, in the same way we don’t hit it up on botany either, because neither of us are botanists, or are interested in that subject.

          Your entire second paragraph suggests that you have little to no experience with interacting with the mentally challenged or with living without any of your senses.

    2. This is my main concern. Even if you kept detailed logs and/or captured personal identification data from the user cops aren’t going to nicely call you up or knock on your door to have a chat. You’ll be arrested, processed, and harassed for several hours before you’ll even have a chance to prove it wasn’t you. Even if you do prove you weren’t the one that accessed illegal material, some state laws can be very strict and you might just get charged with accessory to *whatever* for knowingly leaving your network open. If you leave a gun and a sign outside your house that says “community firearm” or something do you think you’ll be free and clear if someone goes and uses it for a crime?

  4. never mind the police. Explain to me why as an american I want to spend $100+ per month for barely enough bandwidth to watch youtube videos in hd, and then be like “what would be really great is if all my neighbors used my connection too.”

    1. because, unless all other americans are greedy and short-sighted as you are, then you could access the internet almost from anywhere for free?

      and this is only the selfish version of the answer to your question.

    2. Winner winner chicken dinner. I tried sharing our wifi with an elderly neighbor that then thought it would be funny to download everything they saw and to just leave skype open and running all the time. I finally went over there one day and yep malware was eating most of the traffic on her end. I just told them the internet was too expensive so we cut it off and changed the wifi name/pwd. And that was an 83 year old Venezuelan woman. I cannot imagine what would happen if our other neighbor’s teen kids got on there :( Besides, there are plenty of options out there. I think you would be hard pressed to find a better wifi connection for your defunct android phone ala torrent box than TJ Maxx. Those fools leave it wide open and are conveniently in the same shopping center as my groceries and hardware :)

  5. What about the fact that in a lot of countries you are actually charged by your ISP based on traffic volume. In some cases excess download charges are extremely exorbitant (in one case I know of in Australia, AU$10 per gigiabyte)

  6. I’m still ticked off that WPA2 WiFi encryption without a pre-shared key isn’t a thing on pretty much all hardware.
    So, I’m stuck with either having unencrypted wireless, and no setup, or having to get the key onto every device manually every time I set one up.

    1. What type of hardware do you have? Its got to be ancient. Load a CFW on that box right now, go check out DD-WRT and OpenWRT, guaranteed it’ll be there. If not go pick up an AP from TP-Link and at least replaced your wireless. Any person could sniff your traffic and see everything your doing.

  7. I like the idea, though it has some limits. If you don’t have data capacity it is fine to allow some others to use your wifi. But I would impose some strict limits like decreasing the BW as the same user transfers more data. That way someone who occasionally drops by will have nice speed but it would be rather useless for someone trying to abuse it.

    In EU some operators are doing something similar: 1. They put access points in public places where their users can log in and 2. if you get a router from them there is a secondary wifi where any client can connect.
    This fixes some problems, as traffic is counted for the person logged in not for the person that offers that Wifi and the person doing the transfer is known.
    On the other hand I really support EUs desire to make internet access as an utility which means it will be provided to all people and there should be free public internet.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.