Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 10 Shares Your Wi-Fi Password With Contacts

Posted by samzenpus on from the do-not-share dept.

gsslay writes: The Register reports that Windows 10 will include, defaulted on, "Wi-Fi Sense" which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends. This involves Microsoft storing the wifi passwords entered into your laptop which can then be used by any other person suitably connected to you. If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

22 of 487 comments (clear)

  1. if that's true, by unami · · Score: 5, Insightful

    no guests with windows laptops on my wifi - i'm not going to change my ssid, microsoft style. ugh. i guess this issue will resolve itself after a short shitstorm.

    1. Re:if that's true, by dinfinity · · Score: 4, Insightful

      It seems that there is room for convenient router functionality that asks you this: 'A device with MAC address x requests access to your network: GuestLAN. Allow?'

      Handing out passwords to untrusted parties instead of tokens is archaic anyway.

    2. Re:if that's true, by sd4f · · Score: 3, Insightful

      Yea i don't get this idea, it absolutely crazy. While I'm sure security experts are going to say why this is a bad idea from the start, at least make it an easy opt out, not some crazy way to not do it.

    3. Re:if that's true, by Anonymous Coward · · Score: 3, Insightful

      Opt-in would be better.

    4. Re: if that's true, by TerryMathews · · Score: 4, Insightful

      Most people can't be bothered to look at what their computer is doing before clicking an UAC window, you really expect them to properly opt-out of SSID passkey sharing properly?

      --
      -- Terry
    5. Re:if that's true, by hawguy · · Score: 5, Insightful

      The Slashdot summary is pure FUD. In the article itself you can see an image of the settings, with a large checkbox to enable/disable sharing with Outlook, Skype and Facebook independently and it also has a large slider above those where you can disable it entirely.

      Did you read the box?

      Save on mobile data usage with Wifi Sense. Join in and get connected to WiFi. By using WiFi Sense, you agree that it can use your location.

      Who doesn't want to save on mobile data usage!? How many people will opt-out? Where does it say that by opting in that they are sharing their Wifi passphrase with everyone they share to? It may be obvious to you, but not to 99% of the people that will run Windows 10.

    6. Re:if that's true, by maorb · · Score: 4, Insightful

      The problem is you can't enforce that you're friend didn't enable WiFi Sense without looking over his shoulder. He might end up accidentally distributing YOUR passphrase when he shouldn't be.

      The only way to be sure that this doesn't happen is to add an ugly _optout line at the end of your SSID. Frankly Mr. Joe Person down the street shouldn't have to know about Microsoft's new feature to be confident that his passphrase isn't being passed around without his permission.

    7. Re:if that's true, by Zontar+The+Mindless · · Score: 3, Insightful

      I don't live in a basement. But I am concerned about being held liable for what others do with my connection.

      --
      Il n'y a pas de Planet B.
    8. Re:if that's true, by wimconradie · · Score: 3, Insightful

      Your password is stored and hashed on Microsoft's servers. The hash is sent to your contacts. When they try to connect, their computer sends the hash to yours, which then checks that hash against the one on Microsoft's servers. If they match, then access is granted.

      So if I am trying to connect how would I be able to send any hash to any computer while I'm not connected?

  2. who tha fu.. by Anonymous Coward · · Score: 0, Insightful

    ..ck came up with THAT idea...?

    I hope this isn't a representation of Windows 10 as a whole.

  3. Uh, no by reboot246 · · Score: 4, Insightful

    no fucking way. Somebody needs to be fired at Microsoft.

    We all know how to handle this "feature", but most people won't have a clue.

    This is right up there with their leaving file extensions hidden by default.

    1. Re:Uh, no by gstoddart · · Score: 3, Insightful

      They're doing more than advertising it.

      In Windows 8.1 they pushed out an update which put an icon in the task tray which said "upgrade to Windows 10, now or later?"

      They're not pushing it as optional. They're installing stuff which is going to do it to you, and isn't giving you a way to decline. You end up needing to uninstall an update (KB 3035538).

      I'm sure they'll do it again.

      Microsoft seems to have decided they own the computers, and the networks they're attached to. Which is completely bullshit.

      And, don't forget, once they have all those juicy passwords they can pass 'em off to law enforcement.

      Microsoft have always been assholes, but this takes the cake.

      Basically Windows Phone and Windows 10 are gaping security holes, and Outlook.com is now acting as malware.

      --
      Lost at C:>. Found at C.
  4. Re:No by danomac · · Score: 4, Insightful

    However, just because I gave Person A access to my wifi, that doesn't mean I give everyone Person A knows access to my wifi. This could end up in legal hot water territory.

    I guess that I just won't be giving any guests access to my network anymore. They can pony up and get their own mobile data plan for their devices.

  5. No worries by msobkow · · Score: 1, Insightful

    No worries here. I always disable the WiFi on my routers. I prefer hardwired connections that don't give the router fits trying to perform encryption with their underpowered chips.

    --
    I do not fail; I succeed at finding out what does not work.
  6. I have another way by Trailer+Trash · · Score: 3, Insightful

    Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

    Or, just don't use windows 10. I think I may have found the answer there.

    --
    Do you have ESP?
  7. Re:No by amicusNYCL · · Score: 5, Insightful

    Serious question - who here is not running a guest wifi access point?

    I'm going to guess the vast majority of people running wifi at home. My office has a guest network, my house does not.

    --
    "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  8. Re:Bad Summary, Only new part is the sharing optio by ArmoredDragon · · Score: 4, Insightful

    And if you give your wifi credentials to a guest who needs access to your network, they can opt you in without your permission or even your knowledge.

    The only way then to prevent unknown people from having your wifi password is to forbid Windows 10 mobile users from accessing your network.

  9. Re:Not Exactly.... by MightyMartian · · Score: 5, Insightful

    That isn't the issue. The issue is YOU being able to share MY WiFi key because I was dumb enough to let a Windows 10 user on my WiFi network. This is akin to me giving you the keys to my house so you can housesit, and you getting a hundred copies cut and distributing them to a bunch of people you know.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  10. I have a better solution. by Lumpy · · Score: 1, Insightful

    Dont use the craptastic poorly designed outlook for email.

    --
    Do not look at laser with remaining good eye.
  11. Re:third solution the MS doesn't want to mention by ewhac · · Score: 3, Insightful

    ERROR: INCOMPLETE SOLUTION

    There is no provision in this "killer feature" that establishes whether the person doing the sharing is the network administrator, i.e. the person who grants authorization to use their network. So if you share your WAP credentials with a friend, and that friend uses Windows 10 with Wi-Fi Sense enabled, than that friend has just compromised your WAP.

    --
    Editor, A1-AAA AmeriCaptions
  12. Holy fuck ... by gstoddart · · Score: 3, Insightful

    So Microsoft has taken it upon themselves to share the network credentials with anybody it sees fit?

    Fuck you, Microsoft. How about you help us make networks more secure and not less?

    Not only will I stick with my Windows 8.1 install, but no Windows 10 device will ever get my network credentials.

    This has to be one of the stupidest things I've heard of. And, of course, since Microsoft will centrally store your passwords, law enforcement can subpoena them.

    Microsoft are too fucking incompetent at security to be trusted with this. And then to have the nerve to suggest we have to change our network names to opt out of their shit?

    Fuck you, Microsoft. Fuck you very much.

    --
    Lost at C:>. Found at C.
  13. Re: No by firewrought · · Score: 4, Insightful

    How often do your friends immediately email the Wi-Fi password you just gave them to their entire contact list? The correct answer (unless you have really shitty friends) is never. Now all of your friends will do this by default, unless they are technically literate enough to disable the option. (And even if your friends are literate enough, your roommate/boyfriend/girlfriend/spouse's friends won't be.) It's very aggravating that Microsoft has chosen to so promiscuously share the secrets its users have entrusted to the OS. A Wi-Fi password that might have previously been shared with a handful of friends is now automatically spread to a network of hundreds, and exposed to possible interception by enterprise, underground, and state-sponsored hackers. One really has to question the legality of this feature, unless the wording is very clear and the user opts-in every time.

    --
    -1, Too Many Layers Of Abstraction