Windows 10 Wi-Fi Sense is a bad idea

scottalanmiller

@anonymous said:

So to recap. Wifi Sense isn't the end of the world, but it should be used carefully.

I think an import component of the recap is yes, it's not the end of the world, there are tons of little "this is too complex and end users will be confused about security" things out there, although I feel that this one leans to the "overly complex and completely unnecessary and missed a great opportunity to really help security" side but there is the takeaway that I feel we need for IT pros, rather than looking at the feature purely in a general context...

For IT Pros we need to be aware of just how easily someone using Windows 10 on our networks could be accidentally sharing or tricked into sharing WiFi access. This means considering moving to EAP, using GPOs to lock this feature down, turning this off for customers or scanning for the feature and blocking access on corporate networks when it is enabled, etc.

For Security Vendors like WebRoot, it represents and opportunity flag as a vulnerability and either warn end users or warn IT that the risk exists.

scottalanmiller

According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.

JaredBusch

@scottalanmiller said:

According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.

Yes, that was mentioned in earlier posts by both myself and @anonymous

scottalanmiller

Oh sorry, don't know how I missed that

gjacobse

This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.

JaredBusch

@g.jacobse said:

This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.

No, I disagree with that. As I mentioned before, I use the iOS version of this.

I do not like that this is shared through social networks with no control more than on or off.
I do not trust all the players to ensure the data is well encrypted.
I do not trust that the sharing will never spread to friends of friends

Alex Sage

@JaredBusch said:

I do not trust all the players to ensure the data is well encrypted.

You don't trust Microsoft? Then why I are using Windows as all?

scottalanmiller

@anonymous said:

You don't trust Facebook? Then choose not to use it.

Has nothing to do with trusting them. Because they are not aware that their end users are being used in this way. That's a misunderstanding of the concept of trust. Not only that, but this isn't about trusting Facebook but about trusting both your own selection and verification process and of the account management of all of the people using it who don't agree or are not aware of what you expect of them.

scottalanmiller

It's like this...

I might trust you to lock up my house if I ask you to. That's proper trust.

But I don't "trust" that you will come to my house and lock it up if I forget to lock it right now, you don't even know that I need it to be locked or that I went to the store. That has nothing to do with not trusting you, it's just a scenario that you have no idea needs attention.

scottalanmiller

Just like if you asked me to get you milk from the store, you'd probably trust me that I would do it.

But you certainly aren't expecting me to show up with some needed groceries right now, I don't know that you need groceries or which ones you might need.

Alex Sage

http://windows.microsoft.com/en-gb/windows-10/wi-fi-sense-faq

scottalanmiller

According to the FAQ:

WiFi Sense will automatically connect you to suggested open WiFi hotspots if you have Connect to suggested open hotspots turned on in Settings > Network & Internet > WiFi > Manage WiFi settings. This is turned on already if you did either of these:

Selected Use Express settings when you first set up your PC with Windows 10

This is the setting that will make it super easy to get other people to connect to your hotspot without them knowing. Easy to hijack DNS and present alternative web pages in this way.

scottalanmiller

Not that you can't do that today, but it is much more complicated and far less likely that a user does not know that they are connecting to something. This makes it so that users who think that they are on 4G will suddenly get WiFi and without knowing, unless really paying attention or understanding, have the potential to be hijacked.

Dashrender

@JaredBusch said:

@anonymous said:

It's encrypted.

Doesn't matter.

You are my FB firned and gain access to my network.

Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.

His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.

I'm not sure that's true. Just because you're friend has access because he's friends with you, I hope that doesn't mean that all of his friends now have access to it as well... they shouldn't, if it's built correctly.

scottalanmiller

@Dashrender said:

@JaredBusch said:

@anonymous said:

It's encrypted.

Doesn't matter.

You are my FB firned and gain access to my network.

Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.

His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.

I'm not sure that's true. Just because you're friend has access because he's friends with you, I hope that doesn't mean that all of his friends now have access to it as well... they shouldn't, if it's built correctly.

That's an important question, when does it stop sharing? And if it does share that way, then basically everyone gets every password. If it doesn't, then you have a lot of manual management to still do, possibly more because the natural sharing that we used to do isn't there since our associates don't get the passwords from us.

Dashrender

I love the idea of this, but Scott and Jared are right - this is not a good implementation of this. They really need to have granular control of who you give access to.

I'm also not sure that I want to associate FB with my machine - I normally don't have the contacts from FB flood my phone either - I only want the app and the chat app - and I really want location services to be off too.

JaredBusch

@scottalanmiller said:

That's an important question, when does it stop sharing?

This issue is not clear yet. It shouldnot be able to share infinitely because one article states that it will only share to a direct friend. But another article state that you can share any network you have acess too.

So this implies that once my network is shared with you, it will not automatically share past you. But you can go into your wireless networks and share it to your friends.

@scottalanmiller said:

And if it does share that way, then basically everyone gets every password.

The password is never released in clear text. So that is not out until the encryption is broken. That is not a part of this I am worried about.

scottalanmiller

@JaredBusch said:

But another article state that you can share any network you have acess too.

So this implies that once my network is shared with you, it will not automatically share past you. But you can go into your wireless networks and share it to your friends.

Right, if everyone shares everything that they have access to, it would quickly have a network effect of going to just about everywhere. Seven orders of Kevin Bacon and all of that.

Which articles are right is the big question.