SoylentNews is people
SoylentNews
from the we-are-really-security-conscious dept.
According to The Register Microsoft plans to enable their WIFI Sense feature on all versions of Windows 10 by default.
WIFI Sense has been lurking on Windows Phones since version 8.1.
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
Microsoft offers a totally ridiculous workaround: you can simply add _optout to the SSID to prevent it from working with WiFi Sense.
Microsoft's page on WIFI Sense hasn't yet made it clear that every Windows 10 computer using WIFI will have the feature on by default. But that page does also include this little gem:
Wi-Fi Sense uses your location to identify open networks near you that it knows about by crowdsourcing.
Where are the lawyers when you need them?
Original Submission
(Score: 4, Informative) by skullz on Wednesday July 01 2015, @03:58PM
From the WP FAQ: http://www.windowsphone.com/en-in/how-to/wp8/connectivity/wi-fi-sense-faq [windowsphone.com] "Do I have to share all networks?", 3rd from the bottom:
"No, you determine which password-protected networks you want to share. If you don't want to share a particular network, just untick the Share network with my contacts checkbox when you first connect to that network."
So you can selectively disable sharing for networks or turn the thing off entirely. After that it just becomes a matter of trusting the OS vendor. How much do you trust Google with your info? How much do you trust Apple?
On my WP sharing is disabled by default when I add a new network. I have to manually go in there and turn it on per network. The docs mention that WiFi keys are encrypted when shared but I can't find out what this actually means. Are they sent over to your Facebook contacts encrypted and then decrypted before signing in? Are they sent to the access point hashed? No idea. But for residential networks this would be handy when your family comes over and can't seem to reliably type in that several dozen char hex string.
(Score: 4, Insightful) by urza9814 on Wednesday July 01 2015, @05:55PM
Also note that it's enabled by default. Most users won't have a clue what it means, but since it's on by default, they'll assume it should be kept on.
I mean christ, we wouldn't accept that for *sending an email* -- imagine a company saying "Well, you haven't come to our website and registered to opt-out, therefore we can send you as much email as we want!" No reputable company would do that. It's completely insane. We would never accept that for just sending someone a message, so what kind imbecile thought it was acceptable for *sharing security credentials*??
Of course...this could just be Microsoft's way of saying all wifi should be open and that an IP address is not an identity....there could be a silver lining there...