dslreports logo
Search similar:


uniqs
1503
alien8
join:2004-03-03
UK

alien8

Member

Windows 10 feature, Wi-Fi Sense

"A Windows 10 feature, Wi-Fi Sense, smells like a security risk: it shares WiFi passwords with the user's contacts. higglty piggeltey that makes good sense

Wi-Fi Sense has been on Windows Phone since 8.1

Those contacts include their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends"

»www.theregister.co.uk/20 ··· i_sense/

Pjr
Don't Panic
join:2005-12-11
UK

Pjr

Member

Words fail me.

DarkLogix
Texan and Proud
Premium Member
join:2008-10-23
Baytown, TX
kudos:4

DarkLogix to alien8

Premium Member

to alien8
Did someone at Microsoft suffer a head injury to allow this?

I could understand a share button so if a firend is at your home it could toss the key over securely and give the storage of the key an expiration, but just sharing it.

goalieskates
Premium Member
join:2004-09-12
land of big

goalieskates to alien8

Premium Member

to alien8
As they say in the South, this is just dumber than dammit.

No Win10 for me.

Chubbzie
join:2014-02-11
Greenville, NC
kudos:1
Hitron CDA3-35
(Software) OpenBSD + pf

Chubbzie to alien8

Member

to alien8
MS_optout; Read about this lovely feature a while back and it gave me a chuckle. MS will wind up with a goldmine of wireless info, businesses and homes alike. So has this been occurring in the current Win10 builds as well?

When will Google release something equivalent in nature to tie together the Googlesphere?

carpetshark3
Premium Member
join:2004-02-12
Idledale, CO

carpetshark3 to alien8

Premium Member

to alien8
»www.technologyreview.com ··· -tablet/

They have to get in on the cash cow.

Thaler
Premium Member
join:2004-02-02
Los Angeles, CA
kudos:3

Thaler to alien8

Premium Member

to alien8
said by alien8:

Wi-Fi Sense has been on Windows Phone since 8.1

That's irrelevant because nobody owns a Windows Phone. Microsoft could push out an OS update that turned every Windows Phone into a bomb and nobody would be around to care.
Thaler

Thaler to goalieskates

Premium Member

to goalieskates
said by goalieskates:

No Win10 for me.

Problem is, this feature impacts people who don't even use Windows 10. Let a friend onto your WiFi with a Windows 10 laptop? Congrats, all his Outlook, Facebook, and Skype mutual contacts just got entry onto your network.

amazingm
Premium Member
join:2001-07-16
USA

amazingm

Premium Member

You can "optout" your network: »www.windowsphone.com/en- ··· fi-sense
TheMG
Premium Member
join:2007-09-04
Canada
kudos:4
·NorthWest Tel
MikroTik RB450G
Cisco DPC3008
Cisco SPA112

TheMG

Premium Member

A feature like this should be on an opt-in basis, not opt-out!

Looks like Microsoft is trying to make Windows 10 fit in to the whole social networking, sharing, mobile scene.

Personally, I'd rather the OS not have such functions by default, and add them in if desired through add-on apps (these could even be official apps made by Microsoft).

Thaler
Premium Member
join:2004-02-02
Los Angeles, CA
kudos:3

Thaler to amazingm

Premium Member

to amazingm
said by amazingm:

You can "optout" your network: »www.windowsphone.com/en- ··· fi-sense

Now the fun begins when another service defaults to Opt-In, but needs a separate string in the SSID to Opt-Out. Maybe my future SSID will be

Henry_optout_notrack_leavemealone_goaway_amazonsuperprime
BlitzenZeus
Burnt Out Cynic
Premium Member
join:2000-01-13
kudos:6

1 edit

BlitzenZeus to amazingm

Premium Member

to amazingm
What a pathetic website, it's secure, but the feedback form is non-secure so it gets blocked by real browsers. Another brilliant move by Microsoft.

Edit: Correction, across the board it was blocked. Firefox, Chrome, IE, and Edge all blocked the feedback form.

IT Guy
Ow, My Balls
Premium Member
join:2004-07-29
Las Cruces, NM

IT Guy to alien8

Premium Member

to alien8
You can disable the option during the initial install process if you don't go the "Express Setup" route. It's pretty painless. Surely there is a way to disable it post-install as well.

Thaler
Premium Member
join:2004-02-02
Los Angeles, CA
kudos:3

Thaler

Premium Member

For your computers, certainly. Now, how does one guarantee that all friends/family/etc. that visit & use WiFi on your network don't have that feature off the recommended default?

IT Guy
Ow, My Balls
Premium Member
join:2004-07-29
Las Cruces, NM
·CenturyLink

1 edit

IT Guy

Premium Member

True

Edit: Although ArsTechnica offers this bit of information: »arstechnica.com/gadgets/ ··· -scared/

siljaline
I'm lovin' that double wide
Premium Member
join:2002-10-12
Montreal, QC
kudos:18
·Bell Fibe Internet

siljaline to alien8

Premium Member

to alien8
Ed Bott from @ ZDNet.com dispels some of the FUD.
quote:
Yesterday, tech sites went full Chicken Little over a Windows 10 feature that allows you to share your wireless connection without having to give away your Wi-Fi password. If only those alarmists had actually used the feature first...[...]
»www.zdnet.com/article/no ··· ty-risk/

»twitter.com/edbott/statu ··· 47076098

Bluefish
Premium Member
join:2010-02-23

Bluefish

Premium Member

Regardless of what Ed Bott has to say about this feature, it still makes me wary.

I have to reinstall the OS on my husband's laptop and was thinking about "upgrading" to Windows 10 but am not sure now.

I'm confused about having to add _optout to my multiple SSIDs and the actual Windows 10 settings for the Wifi Sense feature. Does one have to add _optout to the SSIDs AND disable the Wifi Sense feature in Windows 10 settings to fully disable this feature? And what if there are no Windows 10 computers on my network, do I still have to add _optout to my SSIDs? Sorry if these are silly/stupid questions, I am just really confused right now.

EGeezer
Premium Member
join:2002-08-04
Midwest
kudos:8
·Callcentric

EGeezer

Premium Member

If you don't have any Windows 10 or Windows phone systems accessing your network, you have no no Wifi Sense feature, so you shouldn't have to add _optout to your router's SSID.

I'd add another question;
Will turning off SSID broadcast cripple this 'feature'?

bluepoint
join:2001-03-24

bluepoint to Bluefish

Member

to Bluefish
said by Bluefish:

I have to reinstall the OS on my husband's laptop and was thinking about "upgrading" to Windows 10 but am not sure now.

You can opt-out of sharing your WIFI to your contacts when you do the upgrade. Choose customize setup then pay attention to the options it presents. One of them is sharing your wifi to contacts, I just don't remember the exact words but its there.

Bluefish
Premium Member
join:2010-02-23

Bluefish

Premium Member

Bluepoint, can you clarify for me when having to add _optout comes into play? Since we can optout during the upgrade process. Still a little confused.
bennor
Premium Member
join:2006-07-22
New Haven, CT

bennor

Premium Member

The "_optout" appended to the wireless SSID name supposedly triggers WiFi Sense to ignore using the WiFi Sense feature on that wireless connection. Here is how Microsoft puts it with respect to the Windows 8 Phone:

However, you might decide that you don't want Wi-Fi Sense to be able to do these things on your Wi-Fi network. To opt your network out of Wi-Fi Sense, you can change your network name to include the phrase _optout in it-for example, mynetwork_optout. (The network name is often called the SSID.)
OZO
Premium Member
join:2003-01-17
kudos:2

OZO

Premium Member

Really? Instead of turning off that new Windows feature in Windows OS itself now we have to mangle our SSID names in our routers?.. Who is that arrogant idiot, who has deigned that feature?

DigitalXeron
There is a lack of sanity
join:2003-12-17
Hamilton, ON

4 edits

DigitalXeron to alien8

Member

to alien8
I think what a lot of people are confusing here is the client/network separation. A lot of people are saying "Well, it's available through this screen, that screeen, etc, it's this by default" but aren't looking at this from a network management standpoint.

One thing you learn quickly, especially in enterprise networking is that adhering to standards is important and critical to maintain a sane, stable network. Standards to implement authentication/crypto (e.g. WPA2), standards to establish the physical radios and how they communicate (802.11), things like that. When you start getting vendors all doing their own thing that do not comply with any kind of standard, it makes it very hard to maintain a secure network that you have control of. Wifi Sense is not a standard contrary to what Microsoft is attempting to convey, it's a propretary technology being imposed upon networks with users as the proxy.

When you own and have a wifi network, you implement and manage the network in a secure manner. It is your right as the network owner who purchased that hardware, and pay the service provider to be in control of how your clients authenticate and to be in control over authentication tokens, even if you hand them out like candy. What is Microsoft's right to process authentication tokens that they are not privy to? I'm sure there are many network owners who never agreed to the Windows 10 EULA and thus have no contractual obligation to Microsoft on the matter to allow them to process the tokens.

For all intents and purposes from the perspective of a network owner (not user), Wifi Sense is a form of thinly veiled keylogging of authentication tokens for wifi networks. A confused user who thinks "sharing is good" will opt to share networks they do not own, there's no controlling that when it becomes a central feature of the OS. As a network owner, it is my responsibility to treat Wifi Sense as an attack on my network and to treat Microsoft as the attacker and act accordingly.

Part of that "acting accordingly" is to treat WPA2 Personal/PSK as weak and to implement RADIUS, even on personal networks. Microsoft has drastically damaged WPA2's effectiveness by attacking it in such a manner.

This along with the p2p Windows updates tells me that Microsoft is trying to cut network owners/administrators out of the picture and itself is trying to strong-arm its views on how third party networks are to run. Microsoft no longer recognizes the authority of network owners over infrastructure that the owners paid for.

Microsoft has violated one of the core tenets of the Internet that makes it a decentralized network of networks: "Your Network, Your Rules". Microsoft thinks "Your network, run under our rules".
Frodo
join:2006-05-05
kudos:1
·magicJack

Frodo to alien8

Member

to alien8
Here's the Wi-Fi Sense for Windows 10 FAQs.
»windows.microsoft.com/en ··· ense-faq

I like this question.
quote:
There are a few networks around me. How does WiFi Sense determine which one to connect to?

There are times when a few WiFi networks will be in range. When this happens, WiFi Sense will try to choose the best one to connect to based on several different factors. It considers if other people using WiFi Sense have connected to it, if it's a network that you've connected to on your own, whether it's password-protected or open (password-protected networks are given preference over open networks), if it's provided by your mobile operator, and if it's been shared by a contact. Along with those things, it considers the signal strength and quality of the network to try to give you the best WiFi connection at that time.

I think the way to do Wi-Fi is to share the password through the zero-knowledge messaging system, Wickr.

dib22
join:2002-01-27
Kansas City, MO

dib22 to alien8

Member

to alien8
My concern now is does google parse the _nomap (»support.google.com/nexus ··· 32?hl=en) when it comes to a _? does it have to be at the end? does microsoft parse at the _ or the end? can I name the ap whatever_nomap_optout or should I name it whatever_optout_nomap...

Pjr
Don't Panic
join:2005-12-11
UK

Pjr to alien8

Member

to alien8
If a Win10 user wants to connect to my network they are going to have trouble. Depending on how I feel at the time I will either refuse to give it or give the wrong password. If I have to get a Win10 device online the password will be changed later.

It's my network and I have spent time and effort securing it to the best of my ability and if MS want to play silly buggers they can but it doesn't mean I have to roll over and accept it.
bennor
Premium Member
join:2006-07-22
New Haven, CT

bennor

Premium Member

said by Pjr:

If a Win10 user wants to connect to my network they are going to have trouble. Depending on how I feel at the time I will either refuse to give it or give the wrong password. If I have to get a Win10 device online the password will be changed later.

Yeah preventing Win 10 access is one way to deal with it.

The problem with WiFi Sense isn't one giving out the password to someone they trust, its the other person giving the password to untold numbers of other persons while that one person is connected to your network. With WiFi Sense one can do so easily by ticking one check box, and from that point anyone on THEIR contact lists who happens by your network prior to you changing the password will have potential access thanks to WiFi Sense.

Obviously there are other ways for someone you give the network password to, to spread that password. And there are obvious ways to try and mitigate this potential security issue, but thanks to Microsoft who created this potential security issue it exists and its one more potential security issue some will have to deal with to control access to their network(s).
dave
MVM
join:2000-05-04
not in ohio
kudos:10

dave to Pjr

MVM

to Pjr
Right. Generally speaking I don't mind giving my WiFi password to guests, because I trust them to not deliberately tell anyone else. But I'm not sure I trust them to have set up their Windows system to not hand it over to a few hundred of their closest friends.

Before I let guest Win10 systems on, I suppose I'm going to have to create a separate VLAN/subnet/whatever for them.

Or I could just remember that the signal is not too strong at the bottom of my driveway

Pjr
Don't Panic
join:2005-12-11
UK

Pjr

Member

I'm over-reacting? Oh well, it's not the first time I've been called a control-freak and paranoid for wanting to protect my stuff.

Thaler
Premium Member
join:2004-02-02
Los Angeles, CA
kudos:3

Thaler to siljaline

Premium Member

to siljaline
said by siljaline:

Ed Bott from @ ZDNet.com dispels some of the FUD.

Good read, but then I'm at the mercy of my friends connecting to the network not doing something silly like enabling that option. Typically the risk factor of letting guests onto your networks never included this new potential problem.