Windows 10 Can Share Your Wi-Fi Password With Facebook

[John Connor]

The new Microsoft Windows 10 operating system has a feature called “Wi-Fi Sense” that lets you share your network access with your Outlook and Skype contacts. It can also share your info with Facebook contacts, and some Windows 10 users have been thrown for a loop when a pop-up window displays that reads “Wi-Fi Sense needs permission to use your Facebook account.”

http://facecrooks.com/Internet-Safe...Share-Your-Wi-Fi-Password-With-Facebook.html/

I'm hearing Windows 10 is bad if not worse than 8. Won't be upgrading.

 

[Elixer]

https://www.microsoft.com/en-us/privacystatement/default.aspx

Privacy? Yeah, that isn't in the lexicon at MS.

 

[Spacehead]

I've heard it's(Wi-Fi Sense sharing) off be default. If not it can be turned off.
MS stores all this in the cloud.

Really bad thing i heard though is if any of your friends have your Wi-Fi address & they have Wi-Fi Sense sharing on then yours will be shared too.
Can anyone confirm this?

I've only been hearing about this thru Steve & Leo on TWIT & Security Now & they've had some conflicting reports about this.

 

[Stg-Flame]

There was some interesting information regarding windows 10 on imgur today (yes I know it's an image sharing site but the sources are listed at the bottom).

Since I'm on mobile, it's easier for me to just link the gallery then the individual links - http://m.imgur.com/gallery/I8u2G

 

[John Connor]

There was some interesting information regarding windows 10 on imgur today (yes I know it's an image sharing site but the sources are listed at the bottom).

Since I'm on mobile, it's easier for me to just link the gallery then the individual links - http://m.imgur.com/gallery/I8u2G

OMFG! And the comments? They are blissfully unaware of the huge d!ck up their A##.

 

[sourceninja]

All SSID's I have are already changed to name_optout.

 

[lxskllr]

The apologists say "the settings are clearly marked, amd can be turned off", but that's a lot of crap to be bombarded with at first install, and may not be seen if one takes the (usually)sane choice of express install. An O/S should be a collection of tools people can use if desired, and nothing aside from core functionality should be provided at first install. The one exception in the case of Win10, would be sharing bandwidth for updates, since you'll likely be updating *during* install(does Windows do that? GNU/Linux usually does). Otherwise, people can find the tools, and use them later after careful consideration.

 

[Dude111]

I'm hearing Windows 10 is bad if not worse than 8. Won't be upgrading.

Windows 10 is the biggest piece of spying garbage microsoft has ever put out which is why they gave it FREE... They want as many on it as possible!!

 

[John Connor]

How's Windows 98 working for you?

 

[Red Squirrel]

Sometimes I wonder why I switched to Linux, often things are harder, finding a program to do XYZ can be harder, having to worry if a piece of hardware will work, or a certain process will work etc... But it all pays off, because this is exactly one of the big reasons I switched to Linux. Privacy. Now that said these days you can't trust everything 100%, so if I REALLY wanted to be sure I'd look at the source code for everything on my PC, but I trust that there are other people who are better than me at coding who have done this already, that's the beauty of open source.

 

[Red Squirrel]

All SSID's I have are already changed to name_optout.

One should not have to do this though. Some people like to have cool SSID names, having to put _optout or some other crap just to opt out of something that should not even be opt in is ridiculous.

I guess the main solution to this "feature" is to not share your password with friends and have a separate guest SSID on another vlan. Good idea to not use a password that you use for anything else either. Lot of people wont even consider that. "I don't care if someone goes on my network!" Meanwhile their Wifi password is the same as their banking password, and it's now all over Facebook because a friend forgot to untick the box.

 

[John Connor]

My Comcast modem has built in WIFI. Although I use a router connected to the modem in bridging mode. But if someone wanted WIFI in my house and had Windows 10, I'd say use the Comcast WIFI. LOL You have to pay for it unless you have Comcast though.

 

[artemicion]

Microsoft should have made Wifi Sense work with SSID's that have "_optin" and not force people (who maybe want nothing to do with Microsoft) to add "_optout" to their SSIDs.

Whether a WIFI Key can be shared in this manner should be a decision controlled solely by the owner of the network, not by every individual who happens to possess the Wifi Key.

 

[Red Squirrel]

Microsoft should have made Wifi Sense work with SSID's that have "_optin" and not force people (who maybe want nothing to do with Microsoft) to add "_optout" to their SSIDs.

Whether a WIFI Key can be shared in this manner should be a decision controlled solely by the owner of the network, not by every individual who happens to possess the Wifi Key.

This. Or a section somewhere on Microsoft's site where you can submit your SSID/location or other info (mac address?) of your AP to opt it into the system. This feature as a whole is not super bad for places like coffee shops and hotels, or any other places that has a truly public wifi setup, but it really needs to be opt in.

But even as a user, I don't want my device auto connecting to random APs, what if someone setups a honeypot AP that starts hacking your device as soon as you connect? This feature is allround bad nto only for AP owners but for users too.

 

[KeithP]

I supposed I shouldn't be surprised, but it seems a lot of people don't understand what Wi-Fi Sense actually does..

http://www.techrepublic.com/article/balance-security-and-convenience-with-windows-10s-wi-fi-sense/

Wi-Fi Sense does not share your Wi-Fi network passphrase or your network admin password for your Wi-Fi router. When you decide to share a network, you're asked to provide a separate shared password that will be encrypted and then passed between devices by Wi-Fi Sense servers. The person and device you're sharing your network access with do not see any password at all.

For Windows 10 users operating in an enterprise environment with centralized Wi-Fi authentication, the Wi-Fi Sense system will be turned off and sharing will not be an option.

Also, you don't get access to all network resources, only the internet. For the record, I don't think it should have been enabled by default. Anyway, if anyone is interested, read up on it: http://windows.microsoft.com/en-gb/windows-10/wi-fi-sense-faq

Now, the hysteria may continue.

-KeithP

 

[Red Squirrel]

At least till someone cracks that encryption and can manage to get the original password back. I give it a year max before someone in China figures it out, in fact I will be generous and give it 2 years till someone hacks the wifisense servers, decrypts the info and leaks all wifi passwords along with longitude/latitude data. This whole thing is just a huge security nightmare waiting to happen.

 

[matricks]

I supposed I shouldn't be surprised, but it seems a lot of people don't understand what Wi-Fi Sense actually does..

I'd like to know what Wi-Fi Sense actually does. And I don't want the marketing teams interpretation of it. Facts:

Any type of wireless network common in consumer networking can be shared through Wi-Fi Sense, it is not limited to "Wi-Fi Sense aware" networks. For example, an access point supporting exactly one authentication method, let's say WPA2-PSK, could be shared by a Windows 10 client that knows the pre-shared key. Since this access point supports WPA2-PSK and only WPA2-PSK, any client that wants to connect to it must know the pre-shared key, because that's the only way the access point will grant access to a client. User A connects to this network and shares it to User B via Wi-Fi Sense. As already noted, User B can't use the network unless he (his computer) has the pre-shared key in its unencrypted form.

I know how Wi-Fi Sense works from the user standpoint, and I know Windows isn't going to throw the key in the users face. But at some point, the pre-shared key masterfully encrypted by Microsoft has to be decrypted in order to access the shared network. There is no way around this. Retrieving the key might not be trivial, but for Wi-Fi Sense to work as advertised it is guaranteed to be possible.

Ironically, due to Wi-Fi Sense being opt-out and not opt-in on the network side, "Wi-Fi Sense aware" networks are actually the only ones guaranteed not to be shared.

There is somewhat of an upside to Wi-Fi Sense, though. Windows will firewall itself (to some extent, at least) when on a Wi-Fi Sense network, so any Wi-Fi Sense guests will be automatically isolated from the local "home" computers. A benefit to both home and guest computers. Average users are unlikely to do this on their own.

While I agree that there is some unwarranted hysteria about Windows 10, this is one of two areas where I feel Microsoft has really done the wrong thing with Windows 10 (the other one is default Telemetry level, they should let everyone disable it, but if not, at least have the decency to set Basic as default). Wi-Fi Sense should have been entirely opt-in on all sides (Windows client and wireless network). It has obvious advantages visible to average users (make it super easy for your friends to get online, no need to spell password repeatedly, yay!), so I think adoption would have been decent anyway.

 

[WelshBloke]

I supposed I shouldn't be surprised, but it seems a lot of people don't understand what Wi-Fi Sense actually does..

http://www.techrepublic.com/article/balance-security-and-convenience-with-windows-10s-wi-fi-sense/


Also, you don't get access to all network resources, only the internet. For the record, I don't think it should have been enabled by default. Anyway, if anyone is interested, read up on it: http://windows.microsoft.com/en-gb/windows-10/wi-fi-sense-faq

Now, the hysteria may continue.

-KeithP

So people that you don't specifically allow won't be able to download whatever the hell they like on your connection?

I think that people do understand what it does, they just don't like what it does.

 

[corkyg]

The reason for the free upgrade to 10 starts to make sense. BTW, can it share on Facebook if the source PC has no Facebook account?

 

[John Connor]

Now I'm hearing the EULA has crap in there that says Windows can stop pirated games and hardware?

 

[WelshBloke]

BTW, can it share on Facebook if the source PC has no Facebook account?

No. Well I suppose someone that you share your wifi with could then share it via Facebook, so maybe.

Now I'm hearing the EULA has crap in there that says Windows can stop pirated games and hardware?

I think that's to do with games bought through the app store. And you shouldn't be running pirated games anyway.

 

[ForumMaster]

Currently on Windows 7. Will be switching to a linux variant. Most likely Fedora...

 

[PrincessFrosty]

There is a huge slew of problems with windows 10 transmitting data like telemetry back to Microsoft, suddenly their business model to make it free for almost everyone is making more sense in the context of them using your search data through Cortana and other things as a method of targeting advertising at you.

There is already quite a lot of information on what is contained in the data sent back to Microsoft and there's an awful lot of speculation as well which is causing a little more paranoia than is warranted.

My advice is if you want to swap to Win10 that there's guides on how to disable a lot of this stuff, but to be more certain it's best to simply install a firewall and block all outbound traffic except for apps and services that you explicitly trust, I've already installed Tinywall which is a wrapper for windows firewall and helps block all traffic by default and gives you an easy to use interface to white list services and apps.

So far windows 10 is probably a step too far in breaches of privacy, they may have gotten away with smaller breaches of privacy in general but I can't help but feel this will come back to haunt them, I think by the time the next DEFCON rolls around we'll see people giving presentations on how to intercept peoples private searches and indexes of their media libraries and stuff like that.

 

[corkyg]

No. Well I suppose someone that you share your wifi with could then share it via Facebook, so maybe.

I think that's to do with games bought through the app store. And you shouldn't be running pirated games anyway.

That is good. I do not share my Wi-Fi with anyone - in fact, I rarely use it. I have always considered Wi-Fi as high risk and insecure.

 

[ringtail]

I wonder if we can defeat some of the Windows 10 unwanted "sharing" by using entries in a Host file?