SoylentNews is people
SoylentNews
from the we-are-really-security-conscious dept.
According to The Register Microsoft plans to enable their WIFI Sense feature on all versions of Windows 10 by default.
WIFI Sense has been lurking on Windows Phones since version 8.1.
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
Microsoft offers a totally ridiculous workaround: you can simply add _optout to the SSID to prevent it from working with WiFi Sense.
Microsoft's page on WIFI Sense hasn't yet made it clear that every Windows 10 computer using WIFI will have the feature on by default. But that page does also include this little gem:
Wi-Fi Sense uses your location to identify open networks near you that it knows about by crowdsourcing.
Where are the lawyers when you need them?
Original Submission
(Score: 5, Insightful) by lentilla on Wednesday July 01 2015, @10:29AM
I'm fairly sure that this runs afoul of several laws.
Why does business always seem to be in such a race to the bottom? It shouldn't have to be laws stopping this, it should have been the people at Microsoft thinking to themselves: "hey, awesome idea, but not the smartest thing to actually implement".
In theory, it sounds like a Good Idea. Everyone wants their computers to "just work". It's up to the experts to reign that enthusiasm back in because quite often "easy" equates to "unsafe". It's the same way that adults have to explain to teenagers that skateboarding down an highway to save a couple of minutes is not appropriate. Nobody [should] like being the "no" guy but sometimes it has to be done.
This feature would be better implemented with a setting to temporarily turn your computer into a WiFi hotspot and temporarily share a particular folder with a displayed password. (Or something along those lines.) The whole "share with contacts" business is fraught with problems and is entirely unnecessary. It's as if somebody came up with the idea to easily share data, and the executives asked "but how can we make it ClouldReady?" (Or whatever the buzzword is.) So they tacked on the unnecessary part.
I'm all for sharing data easily. But it must be safe, it must not leak metadata, and it must be cross-platform.
I also wish large technology companies would not make a habit of making inherently insecure products. Microsoft already isn't my favourite company and this "idea" just makes me trust them less. It's hard to have even an ounce of trust in consumer technology when one of the world's biggest technology producers has entire teams of executives, programmers, marketing and legal experts working for months on a product that never should have left the brain-storming session.