SoylentNews is people
SoylentNews
from the we-are-really-security-conscious dept.
According to The Register Microsoft plans to enable their WIFI Sense feature on all versions of Windows 10 by default.
WIFI Sense has been lurking on Windows Phones since version 8.1.
A Windows 10 feature, Wi-Fi Sense, smells like a significant security risk: it shares access to password-protected Wi-Fi networks with the user's contacts. So giving a wireless password to one person grants access to everyone who knows them. That includes their Outlook.com (nee Hotmail) contacts, Skype contacts and, with an opt-in, their Facebook friends.
With every laptop running Windows 10 in the business radiating access, the security risk is significant. A second issue is that by giving Wi-Fi Sense access to your Facebook contacts, you are giving Microsoft a list of your Facebook friends, as well as your wireless passwords.
Microsoft offers a totally ridiculous workaround: you can simply add _optout to the SSID to prevent it from working with WiFi Sense.
Microsoft's page on WIFI Sense hasn't yet made it clear that every Windows 10 computer using WIFI will have the feature on by default. But that page does also include this little gem:
Wi-Fi Sense uses your location to identify open networks near you that it knows about by crowdsourcing.
Where are the lawyers when you need them?
Original Submission
(Score: 2) by Leebert on Wednesday July 01 2015, @06:58PM
I'm trying to understand how one could legitimately claim that Microsoft committed a crime by including this feature. For one thing, Microsoft did not access anything. They provided you software that has a feature that shares data you provide it in a way that is by all superficial appearances insecure and is certainly not expected software behavior by most people. No argument there. But I'm having a hard time seeing a CRIME.
Suppose I developed an app that controlled garage doors, and that app automatically allowed anyone in your contact list to open your garage door. Did I as the app author commit trespass or breaking and entering or other such crime? Nope. They might have done something stupid, maybe even dickish. But not criminal. At least, not as far as I can tell. Especially since consent is probably buried in a license agreement somewhere. Hence my original question: What law are they violating by doing this? Because I can't see it being the Computer Fraud and Abuse Act.
Maybe I'm wrong, but please convince me with actual facts and not a cutesy quote.
(Score: 1, Informative) by Anonymous Coward on Wednesday July 01 2015, @07:29PM
I'm trying to understand how one could legitimately claim that Microsoft committed a crime by including this feature.
It's not including the feature that's the violation; it's providing your WiFi key to someone without your authorization that will be the violation.
(Score: 2) by RedGreen on Wednesday July 01 2015, @07:37PM
As the AC points out providing your wifi key to world + dog is if you or I do it the crime, MS on the other hand with the litany of crimes they have committed and bought their way out of in the past probably will get nothing but at most slap on wrist for doing it.
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 2) by frojack on Wednesday July 01 2015, @08:56PM
Nevermind PROVIDING....
What about just TAKING your WIFI Password?
Even if they have no intent to use it (they are after all several thousand miles away from most users), mere possession might constitute a crime.
Note: the federal statute quoted up-thread may not apply unless the computer was a "protected computer", and when you study the statute deeply enough to find out what constitutes a "protected computer" it usually has to be a federal computer, or banking system computer, etc.
No, you are mistaken. I've always had this sig.