Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Shares Your Wi-Fi Password With Contacts

Posted by samzenpus on from the do-not-share dept.

gsslay writes: The Register reports that Windows 10 will include, defaulted on, "Wi-Fi Sense" which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends. This involves Microsoft storing the wifi passwords entered into your laptop which can then be used by any other person suitably connected to you. If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

10 of 487 comments (clear)

  1. No by Anonymous Coward · · Score: 5, Informative

    ahhhh no, for networks you have SELECTED to share it can do it. Wifi sense being on doesn't suddenly expose all your wifi passwords. extremely inflammatory summary. still seems a stupid risky feature, just not as dumb as those writing the Slashdot summaries.

    1. Re:No by MightyMartian · · Score: 4, Informative

      Inflammatory Mode On: Why in the fuck would even want to opt-in to such a service? If it's private WiFi, it's likely to be at my home or my workplace, and in either case I absolutely do not ever want to share that over fucking Fuckbook, Twatter or whatever stupid lame-ass soshial neshworking crap site becomes the next biggest and greatest.

      Rational Mode On: Now let's imagine that my organization has a private WiFi hotspot available for employees and a few others. I do not ever want to have those keys shared outside that group, nor should I have to change MY network with an "_optout" on the end of an SSID. I would consider that a breach of security. Sure, I'll probably be able to disable Windows devices that are domain members via GPO, but if they're not actually devices belonging to the organization, or "Pro" versions of Windows where it even knows what the hell Active Directory is, then MY network is being compromised by this service.

      This is just a plain bad idea, whether you're being reasonable or inflammatory.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:No by ewhac · · Score: 5, Informative

      ahhhh no, for networks you have SELECTED to share it can do it. [ ... ]

      ERROR: MISLEADING.

      Wi-Fi Sense's default settings are to share everything, all the time. Indeed, Microsoft's rules for shipping Windows Phone 8.1 requires OEMs to turn this "killer feature" fully on. Expecting users to have the presence of mind to turn this off is willfully disingenuous.

      --
      Editor, A1-AAA AmeriCaptions
  2. Not Exactly.... by nate_in_ME · · Score: 5, Informative

    I've been running pretty much every build of Win10 since the preview first came out, and this isn't accurate at all....Yes, the Wi-Fi sense option is there, but when you connect to a new network, there's a "share with my contacts" checkbox that you have to turn ON for this network to be shared. The Wi-Fi Sense "master switch" may be on by default, but you have to specifically allow each individual network to be shared.

  3. Re:if that's true, by Anonymous Coward · · Score: 5, Informative

    The Slashdot summary is pure FUD. In the article itself you can see an image of the settings, with a large checkbox to enable/disable sharing with Outlook, Skype and Facebook independently and it also has a large slider above those where you can disable it entirely.

  4. Re:if that's true, by MightyMartian · · Score: 4, Informative

    I don't care about whether you can prevent sharing with your friends on FB it whatever, what I care about is me not having to alter my network settings so that if I give you access to my WiFi network, you sharing MY network information with the pwoe you're "friends" with.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  5. Re:if that's true, by Anonymous Coward · · Score: 5, Informative

    Your password is stored and hashed on Microsoft's servers. The hash is sent to your contacts. When they try to connect, their computer sends the hash to yours, which then checks that hash against the one on Microsoft's servers. If they match, then access is granted.

  6. Re:if that's true, by bondsbw · · Score: 4, Informative

    The way I read it, they probably don't.

    The FAQ seems to imply that it is only applicable to open routers:

    What does Wi-Fi Sense do?

    Wi-Fi Sense connects you to Wi-Fi networks around you to help you save cellular data. It can do these things for you to get you Internet access:

    Automatically connect you to open Wi-Fi networks it knows about by crowdsourcing networks that other Windows Phone users have connected to. These are typically open Wi-Fi hotspots you see when you're out and about.

    Still very questionable, but perhaps not nearly as pervasive. I'd think it would mostly apply to hotels, restaurants, and other places of business.

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
  7. Re:if that's true, by Rutulian · · Score: 4, Informative

    I was curious about this too. But the AC below gave a nice hint, so I went looking for a better explanation. Here is the blurb from the Wiki,

    Also referred to as WPA-PSK (Pre-shared key) mode, this is designed for home and small office networks and doesn't require an authentication server.[9] Each wireless network device encrypts the network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters.[10] If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1.[11] WPA-Personal mode is available with both WPA and WPA2.

    So it seems the PSK can be passed around without revealing the passphrase. But if I also remember correctly, the PSK is supposed to rotate (or maybe that's WPA2).

  8. Re:if that's true, by Namarrgon · · Score: 4, Informative

    Here's the thing: You can leave your box unchecked - but if ANY of your friends have access to your wifi, and *their* box is checked, then all their Facebook friends will also get access to your wifi.

    And the only way you can prevent this is to append "_optout" to your SSID.

    --
    Why would anyone engrave "Elbereth"?