Windows 10 Wi-Fi Sense is a bad idea
-
I never used WiFi on my Insider Preview VM so I have no idea. My daughter's laptop has not popped that up yet. It is Windows 10 Home and here is what settings are available.
-
Turning off the "Connect to netoworks shared by my contacts" setting seems to disable all sharing.
-
Wow, even Facebook is on by default?
-
@scottalanmiller said:
Wow, even Facebook is on by default?
You still have to grant it FB permission, but yeah.
-
How come this is a bad idea? Personal I think it is awesome. Has been in Windows Phone for a while.
-
@anonymous said:
How come this is a bad idea? Personal I think it is awesome. Has been in Windows Phone for a while.
Go read the linked article and come back to me on how this is a good idea..
-
@anonymous said:
How come this is a bad idea? Personal I think it is awesome. Has been in Windows Phone for a while.
Surprise sharing of security information with social media contacts is data leakage. It would be a great way to social engineer someone or just confuse people about their security boundaries.
-
They don't know what your password is.... They just auto connect when they are in range.
-
@anonymous said:
They don't know what your password is.... They just auto connect when they are in range.
Their machine knows what your password is. More or less the same thing. Are you saying that their machine can be trusted to keep secrets from its owners?
-
This is actually a great way to hack other people. You could set up a way to capture their data with a man in the middle attack and use this as a way to get them to connect to a wifi they were not aware that they were going to connect to. It's not safe for either party, really.
-
@scottalanmiller said:
Their machine knows what your password is. More or less the same thing. Are you saying that their machine can be trusted to keep secrets from its owners?
It's encrypted.
-
This post is deleted! -
Even simpler than that. It gives people access to my wireless network without my explicit permission.
I have ZERO method to control this sharing other than renaming my entire wireless network with some stupid _optout on the SSID.
-
@JaredBusch said:
Even simpler than that. It gives people access to my wireless network without my explicit permission.
I have ZERO method to control this sharing other than renaming my entire wireless network with some stupid _optout on the SSID.
So you don't trust your friend? Or you don't trust yourself to keep up in your contact list?
-
@anonymous said:
It's encrypted.
Maybe, but access is already granted. We'll have to see how this encryption holds up. Sharing data with someone means that your security has been compromised. When people talk about data center breaches, often it is encrypted data that they get. They just get unlimited time to crack it. Cracking data you own is generally pretty trivial. Not seconds or minutes, but very, very doable.
But that's the lesser concern. That a human knows your password is only so big of a deal. What matters is that a human can leverage that password at will.
-
@anonymous said:
It's encrypted.
Doesn't matter.
You are my FB firned and gain access to my network.
Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.
His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.
-
@anonymous said:
So you don't trust your friend? Or you don't trust yourself to keep up in your contact list?
You have a very different definition of friend than I do. "Person with access to an account that is a 'friend' with mine on a communications system" is not what I call a friend. My contact list includes business associates, people who want to chat with me, etc. The security of my Facebook or Skype list, all of which is just public info, is now a weak link in the security of any wifi to which I have access, not necessarily my own.
This has nothing to do with friends, this has to do with an arbitrary usage of one data set for a purpose for which it is not and never was intended. It's a massive security vulnerability, it's that simple. Even the idea that the association via FB or Skype somehow means friends is a fundamental flaw - the connection on Skype in no way suggests that I know that person, like that person or am friends with them.
The leap between "random list A" and "people you want to grant access to your network" is huge.
-
@anonymous said:
Or you don't trust yourself to keep up in your contact list?
Do you trust 100% of the people on your contact list? I certainly do not. I have people on various contact lists in order to maintain contact. That does not insinuate a friend. Just because a tool like FB calls them a friend, it does not mean they are.
-
@JaredBusch said:
@anonymous said:
It's encrypted.
Doesn't matter.
You are my FB firned and gain access to my network.
Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.
His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.
There is no way for the person to see your password, so how are they going to give it to someone else?
-
@JaredBusch said:
@anonymous said:
Or you don't trust yourself to keep up in your contact list?
Do you trust 100% of the people on your contact list? I certainly do not. I have people on various contact lists in order to maintain contact. That does not insinuate a friend. Just because a tool like FB calls them a friend, it does not mean they are.
My Skype account is not even my own!! It's a company account that I do not control.
