Windows 10 Wi-Fi Sense is a bad idea
-
My guest network is completely open. I don't want to have to give out the password to guests.
I login from time to time, and take a look at who is using the guest network, and if I saw a bunch of people using it, I might have to lock it down.
I know I am lucky to live in a small town.
-
My wife's parents are similar. They live in the middle of a village but their wifi doesn't even extend to their yard. Yes someone leaning on the side of the house would get a signal, but they would also get the free village wifi much better. The only people that might have regular access are the next door neighbours on the one side and if they needed access my in-laws would have directly given them the password. They might have it for all that I know. The only other building nearby is a police station - they are probably to be trusted (and they are too far away to see the SSID.)
Just two cases but the first two. Almost anyone that I know first hand at home (that I use their wifi) has some crazy hard to use wifi password yet doesn't have good enough wifi for it to extend past their front porch for use.
-
@anonymous said:
My guest network is completely open. I don't want to have to give out the password to guests.
I login from time to time, and take a look at who is using the guest network, and if I saw a bunch of people using it, I might have to lock it down.
I know I am lucky to live in a small town.
Not really any different than my house nearly NYC or my one in Dallas. My wifi only goes so far and anyone that is in that range is either incredibly obvious because they are standing in my yard or is a person that I would have invited over for drinks and given my password to anyway. So the point is moot with them.
Big city, small town, out in the country. All have cases where wifi just doesn't need to be secured. And in all there are places where it does need to be. Even an apartment building out in the middle of a field (I actually know of one like this near @Minion-Queen ) would be an issue because the people have thin walls and live on top of each other.
-
My access point could feed my whole apartment
-
Mine could definitely take care of all of my neighbours in any location that I live in.
Right now, in Panama, even though I am miles from anything, I have like a dozen or easily more wifi networks visible because I'm in a tower. (Yes, a tower in the middle of nowhere, it is so weird here.)
-
And out of completely nowhere, we have the busiest thread of the day, in the middle of the night.
-
So to recap. Wifi Sense isn't the end of the world, but it should be used carefully.
-
@anonymous said:
So to recap. Wifi Sense isn't the end of the world, but it should be used carefully.
I think an import component of the recap is yes, it's not the end of the world, there are tons of little "this is too complex and end users will be confused about security" things out there, although I feel that this one leans to the "overly complex and completely unnecessary and missed a great opportunity to really help security" side but there is the takeaway that I feel we need for IT pros, rather than looking at the feature purely in a general context...
For IT Pros we need to be aware of just how easily someone using Windows 10 on our networks could be accidentally sharing or tricked into sharing WiFi access. This means considering moving to EAP, using GPOs to lock this feature down, turning this off for customers or scanning for the feature and blocking access on corporate networks when it is enabled, etc.
For Security Vendors like WebRoot, it represents and opportunity flag as a vulnerability and either warn end users or warn IT that the risk exists.
-
According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.
-
@scottalanmiller said:
According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.
Yes, that was mentioned in earlier posts by both myself and @anonymous
-
Oh sorry, don't know how I missed that
-
This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.
-
@g.jacobse said:
This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.
No, I disagree with that. As I mentioned before, I use the iOS version of this.
I do not like that this is shared through social networks with no control more than on or off.
I do not trust all the players to ensure the data is well encrypted.
I do not trust that the sharing will never spread to friends of friends -
@JaredBusch said:
I do not trust all the players to ensure the data is well encrypted.
You don't trust Microsoft? Then why I are using Windows as all?
-
@anonymous said:
You don't trust Facebook? Then choose not to use it.
Has nothing to do with trusting them. Because they are not aware that their end users are being used in this way. That's a misunderstanding of the concept of trust. Not only that, but this isn't about trusting Facebook but about trusting both your own selection and verification process and of the account management of all of the people using it who don't agree or are not aware of what you expect of them.
-
It's like this...
I might trust you to lock up my house if I ask you to. That's proper trust.
But I don't "trust" that you will come to my house and lock it up if I forget to lock it right now, you don't even know that I need it to be locked or that I went to the store. That has nothing to do with not trusting you, it's just a scenario that you have no idea needs attention.
-
Just like if you asked me to get you milk from the store, you'd probably trust me that I would do it.
But you certainly aren't expecting me to show up with some needed groceries right now, I don't know that you need groceries or which ones you might need.
-
-
According to the FAQ:
WiFi Sense will automatically connect you to suggested open WiFi hotspots if you have Connect to suggested open hotspots turned on in Settings > Network & Internet > WiFi > Manage WiFi settings. This is turned on already if you did either of these:
Selected Use Express settings when you first set up your PC with Windows 10
This is the setting that will make it super easy to get other people to connect to your hotspot without them knowing. Easy to hijack DNS and present alternative web pages in this way.
-
Not that you can't do that today, but it is much more complicated and far less likely that a user does not know that they are connecting to something. This makes it so that users who think that they are on 4G will suddenly get WiFi and without knowing, unless really paying attention or understanding, have the potential to be hijacked.
