Windows 10 Wi-Fi Sense is a bad idea
-
It's basically like saying "most people are such bad drives and won't use seatbelt anyway so the fact that we didn't include working brakes really doesn't matter.... for those users."
-
The thing is, they could have easily made this technology work with a "share my password" technology that lets you do it, one time, with a tiny bit of effort and be really secure and leverage the good parts of this and avoid the bad ones. But they didn't do it that way.
-
CNN Money
Should you stop using it?
You're probably safe using Wi-Fi Sense.
All these nightmare scenarios are possible ... but farfetched. Even the worst-case scenario -- a stalker using Wi-Fi Sense to steal your naked photos -- would require that person to sit outside your house with a Windows 10 PC while he hacks into your network.
But if you do want to protect those naked photos and you shared your network via Wi-Fi Sense you can stop that. Windows 10 lets you do that in settings (it takes a few days to register). You can also opt your network out of Wi-Fi Sense entirely by adding the phrase "_optout" to the end of your Wi-Fi network's name.http://money.cnn.com/2015/07/30/technology/windows10-wifi-sense/
-
So actually this technology is a lot more invasive than might be realized at first. Here is a few things that need to be considered...
It does not share a wifi password "when you are in range." That's not what any of these things say. It shares ALL of your passwords with ALL of your contacts, always. It's a big many to many sharing of information.
Those contacts all have access to everything that you share. You can change the passwords of your devices to cut them off (in theory) but you can't cut them off individually, only be changing the password AND stopping all sharing to keep them from getting the update.
This is actually a bit riskier, in fact a ton riskier, than I had understood from the initial description. All of your data goes up to Microsoft and MS pushed it down to all of your contacts. They can then take themselves offline and stop you from telling MS or their devices that you don't want them to have access.
-
One has to ask, once you get to this point of sharing passwords and once you take the Ars Technica tact of saying "well, it isn't like you were secure anyway", why are we securing access points at all? Why not solve all of this and just not put a password on the devices?
I mean, people still need to be pretty close to use it. You only let people into your house that are friends. You would give out your password to anyone in your house anyway.
All of the logic that we would use to make this sound reasonable would also, by only a tiny step towards ease of use, make giving up on wifi passwords altogether, right?
-
And I'm not trying to be silly there, I really mean for people who think this is a great idea because they really were going to give out that password anyway and really do feel that they trust anyone that is in their house anyway... why not have the AP be open?
If you live in a dense city where tons of people can see your wifi, I doubt having WiFi Sharing is going to fly. If you don't live in a place where twenty people can see your wifi at once, why lock it down at all? Are we really fearing someone hiding in our bushes to check the weather forecast?
-
Or to put it another way....
If we need to be truly secure, this doesn't cut it, at all, not without some serious effort and trusting of third party systems that are not designed or intended to be used this way and with trusting every person on those systems to understand the security you have entrusted to them.
If we aren't concerned about security, and I'm totally of this camp that nearly everyone gets oddly anal about security for no reason, then why bother with the passwords and all of this?
-
Take my dad as an example. He has a password on his wifi. But why? There is nothing on his network to secure and he owns a farm. You'd have to be in his garage or under the eaves to even maybe get a signal. Pretty much at that point you could literally cut into his ethernet cables and get access that way. There is a level of wifi protection that we often just assume needs to be there but we don't have with Ethernet. At some point it just doesn't make sense at all.
-
My guest network is completely open. I don't want to have to give out the password to guests.
I login from time to time, and take a look at who is using the guest network, and if I saw a bunch of people using it, I might have to lock it down.
I know I am lucky to live in a small town.
-
My wife's parents are similar. They live in the middle of a village but their wifi doesn't even extend to their yard. Yes someone leaning on the side of the house would get a signal, but they would also get the free village wifi much better. The only people that might have regular access are the next door neighbours on the one side and if they needed access my in-laws would have directly given them the password. They might have it for all that I know. The only other building nearby is a police station - they are probably to be trusted (and they are too far away to see the SSID.)
Just two cases but the first two. Almost anyone that I know first hand at home (that I use their wifi) has some crazy hard to use wifi password yet doesn't have good enough wifi for it to extend past their front porch for use.
-
@anonymous said:
My guest network is completely open. I don't want to have to give out the password to guests.
I login from time to time, and take a look at who is using the guest network, and if I saw a bunch of people using it, I might have to lock it down.
I know I am lucky to live in a small town.
Not really any different than my house nearly NYC or my one in Dallas. My wifi only goes so far and anyone that is in that range is either incredibly obvious because they are standing in my yard or is a person that I would have invited over for drinks and given my password to anyway. So the point is moot with them.
Big city, small town, out in the country. All have cases where wifi just doesn't need to be secured. And in all there are places where it does need to be. Even an apartment building out in the middle of a field (I actually know of one like this near @Minion-Queen ) would be an issue because the people have thin walls and live on top of each other.
-
My access point could feed my whole apartment
-
Mine could definitely take care of all of my neighbours in any location that I live in.
Right now, in Panama, even though I am miles from anything, I have like a dozen or easily more wifi networks visible because I'm in a tower. (Yes, a tower in the middle of nowhere, it is so weird here.)
-
And out of completely nowhere, we have the busiest thread of the day, in the middle of the night.
-
So to recap. Wifi Sense isn't the end of the world, but it should be used carefully.
-
@anonymous said:
So to recap. Wifi Sense isn't the end of the world, but it should be used carefully.
I think an import component of the recap is yes, it's not the end of the world, there are tons of little "this is too complex and end users will be confused about security" things out there, although I feel that this one leans to the "overly complex and completely unnecessary and missed a great opportunity to really help security" side but there is the takeaway that I feel we need for IT pros, rather than looking at the feature purely in a general context...
For IT Pros we need to be aware of just how easily someone using Windows 10 on our networks could be accidentally sharing or tricked into sharing WiFi access. This means considering moving to EAP, using GPOs to lock this feature down, turning this off for customers or scanning for the feature and blocking access on corporate networks when it is enabled, etc.
For Security Vendors like WebRoot, it represents and opportunity flag as a vulnerability and either warn end users or warn IT that the risk exists.
-
According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.
-
@scottalanmiller said:
According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.
Yes, that was mentioned in earlier posts by both myself and @anonymous
-
Oh sorry, don't know how I missed that
-
This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.