July 29, 2015

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.

msoptoutThis brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).

I first read about this over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.

“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads.

The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.

Update, July 30, 12:35 p.m. ET: Ed Bott over at ZDNet takes issue with the experience described in the stories referenced above, stating that while Wi-Fi Sense is turned on by default, users still have to explicitly choose to share a network. “When you first connect to a password-protected Wi-Fi network, you choose if you want to share access to that network with your contacts,” Bott writes. Nevertheless, many users are conditioned to click “yes” to these prompts, and shared networks will be shared to all Facebook, Outlook, and Skype contacts (users can’t pick individual contacts; the access is shared with all contacts on a social network). Updated the lead to clarify that users are prompted to share.

El Reg says it well here:

That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.

In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.

I should point out that Wi-Fi networks which use the centralized 802.1x Wi-Fi authentication — and these are generally tech-savvy large organizations — won’t have their Wi-Fi credentials shared by this new feature.

Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).

It’s interesting to contrast Microsoft’s approach here with that of Apple, who offer an opt-in service called iCloud Keychain; this service allows users who decide to use the service to sync WiFi access information, email passwords, and other stored credentials amongst their own personal constellation of Apple computers and iDevices via Apple’s iCloud service, but which does not share this information with other users. Apple’s iCloud Keychain service encrypts the credentials prior to sharing them, as does Microsoft’s Wi-Fi Sense service; the difference is that it’s opt-in and that it only shares the credentials with your own devices.

Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. But embedding this feature in an upgrade version of Windows makes it a serious concern for much of the planet.

Why? For starters, despite years of advice to the contrary, many people tend to re-use the same password for everything. Also, lots of people write down their passwords. And, as The Reg notes, if you personally share your Wi-Fi password with a friend — by telling it to them or perhaps accidentally leaving it on a sticky note on your fridge — and your friend enters the password into his phone, the friends of your friend now have access to the network.

Source: How-To Geek

Source: How-To Geek

An article in Ars Technica suggests the concern over this new feature is much ado about nothing. That story states: “First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you’ll be asked if you want to share it with your friends/social networks.”

To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. True, that contact doesn’t get to see my Wi-Fi password, but he can nonetheless connect to my network.

While you’re at it, consider keeping Google off your Wi-Fi network as well. It’s unclear whether the Wi-Fi Sense opt-out kludge will also let users opt-out of having their wireless network name indexed by Google, which requires the inclusion of the phrase “_nomap” in the Wi-Fi network name. The Register seems to think Windows 10 upgraders can avoid each by including both “_nomap” and “_optout” in the Wi-Fi network name, but this article at How-To Geek says users will need to choose the lesser of two evils.

Either way, Wi-Fi Sense combined with integrated Google mapping tells people where you live (and/or where your business is), meaning that they now know where to congregate to jump onto your Wi-Fi network without your permission.

My suggestions:

  1. Prior to upgrade to Windows 10, change your Wi-Fi network name/SSID to something that includes the terms “_nomap_optout”.
  2. After the upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
  3. If you haven’t already done so, consider additional steps to harden the security of your Wi-Fi network.

Further reading:

What Is Wi-Fi Sense and Why Does it Want Your Facebook Account? 

UH OH: Windows 10 Will Share Your Wi-Fi Key With Your Friends’ Friends

Why Windows 10 Shares Your Wi-Fi Password and How to Stop it

Wi-Fi Sense in Windows 10: Yes, It Shares Your Passkeys, No You Shouldn’t Be Scared


250 thoughts on “Windows 10 Shares Your Wi-Fi With Contacts

  1. John S

    I guess for me I don’t have the problem with WiFi Sense if you could authorize per user not a blanket authorization per connection. I would rather use a router’s guest network I think. It at least gives me a solid understanding of what I am sharing which is just a internet connection. I have very little opinion either way on Windows 10. Other then, I don’t find anything interesting with 10 to make me upgrade right away. I use Windows just because it runs the browser I use and the software I need. Windows itself then is just a conduit. The only reason I would upgrade my Windows is for a significant improvement in speed, or support for new software or some other need. Otherwise, I prefer not to be a lab rat for Microsoft’s new OS.

  2. MarcP

    If I understand this feature correctly, Microsoft will have a database of users’ wifi passwords. They will be encrypted, to whatever extent MSFT chooses. MSFT will have the encryption key.

    Is anyone concerned that this db will be quite a prize for any hacker?

    Based upon the 55-page EULA and Privacy Policy, Microsoft may use these passwords. I don’t see a restriction of looking at files accessible on the home network. Each user gives explicit permission to allow MSFT to read files and email stored in the MSFT cloud, for example. That permission to peek clause is not restricted on location. Putting the two sections together leads to a bad conclusion. MSFT also has permission to sell/rent/give this data to whomever it wants.

    Has anyone thought about which agencies would be interested in getting this information without 4th Amendment concerns? “Your honor, we didn’t need a warrant. We had permission to use that data from Microsoft, which had permission from the user. We simply drove up in front of the house and accessed it. It’s the defendant’s fault for not locking down their home network with encryption or strong security.”

    1. SeymourB

      As an added bonus, not only may Microsoft use those passwords, all our favorite TLAs are able to use them too. Want the FBI sniffing around your home network (looking for evidence of a crime, of course, certainly never just rooting around looking for naked pictures)?

      If not you’d better implement 802.1x controls, and quick. Just how much does Microsoft charge for their RADIUS server…

  3. Francine R.

    When it said Free upgrade I knew there had to be a catch especially with Microsoft. Think I will stick with Windows 7 till all the flaws are out on Windows 10…….

  4. Benjamin Lim

    _optout_ can be placed anywhere in the SSID. However, _no_map must be placed at the end of the SSID.

    So you could have the best of both worlds by appending _optout_nomap to the end of your SSID.

  5. Mike

    Why does google maps work better through WiFi? Because it does not need a password to use it.

    Do a simple google search for “_optout_nomap”

  6. Valamis

    Thank you for the information! Many of my friends work with computer daily and a lot on the road, so have to tell them this tip.

  7. David

    Why can’t we just change our SSID to “_optin” if we want to use it? Whey do *WE* have to change our SSID to prevent these features from working?

    Next thing you know, Microsoft will require us to change our hostnames to “_keepprivate” to avoid indexing files to the Internet.

    And your email address? It will have to be renamed “_noshare”.

    Gee, thanks Microsoft and Google.

  8. Gwen

    Does anyone know how Wi-Fi Sense obtain the password from my router? Does my router freely give this out to any application that wants it?

    1. Gwen

      So if I understand this correctly you type in the password for your wifi router into your computer so it can access the network. Windows stores that password encrypted, but that encrypted version is what Windows 10 will pass to others in your contact list. So they cannot see what the password is, but they can give it to their computer/device so it can hop on your wifi network. I can see that going wrong really quickly, especially in apartment buildings, condo buildings and townhouse communities. Windows is so helpful…yikes!

  9. Mike

    This is not about Windows 10. It’s not about Windows at all or even Microsoft. This is part of something that we all deal with and work with everyday. It’s about all clients. You cannot just say your going to avoid Windows 10 and be ok. You cannot say your going to use a Mac to get around this either.

    This is about WiFi.

    Changing the SSID is not going to fix this any more than adding your phone number to the “do-not-call” list will keep you from getting calls from telemarketers. Changing your SSID will only serve to make you stick out like a sore thumb to anyone looking at in-range WiFi.

    This item: “_optout_nomap” is not new and was not created in order to deal with Windows 10.

    The “_nomap” part of it atleast is easy enough to understand when you consider the way that all those Google vehicles drive around and create all those wonderful maps for us. Those cars also pickup on whatever WiFi signal they come across. The idea is to had _nomap to the SSID so that the software in the cars onboard computer (linked into google) will disregard that particular WiFi. Although that might be the stated idea, there isn’t anything that would stop the notation of the location of this except for a promise from Google (if you trust in that). This is something that goes back for many years.

    The only real way to handle this (for those that are really all that bothered by it) is to completely remove WiFi from your internet connection. There will never be anything else that will actually mitigate this. Getting upset with Microsoft will not get you anywhere. Microsoft is NOT the issue here. No patch or update is going to take care of this. If you cannot remove the WiFi, then atleast set it up so that it’s not broadcasting the name. Any worth-having router will allow you to enable WiFi without broadcasting the SSID.

    1. SeymourB

      Not broadcasting the SSID is pretty much worthless though, since the person joining the network knows the SSID, and the SSID & PW are sent to Microsoft for safe keeping.

      Furthermore any device joined to the network will, in a matter of seconds, turn that empty SSID into a known SSID.

      1. SeymourB

        I should probably mention that the latter bit means that any client joined to a private SSID network will, by the act of being connected to that private SSID, broadcast the networks’ SSID to any client within range that wants to listen for it. The more packets that are being sent, the more quickly the SSID will appear.

        As a result the SSID is only blank if nobody is connected to it. However, even if nobody is connected to it, Microsoft is recording the physical location of the WiFi hotspot, the network name, and the password. With the location, name, & password, all someone needs to do is drive to that location, enter the name, enter the password, and they’re on your network.

        Once you’re joined 802.1x controls then come into play, but who wants to bet Microsoft records those connection details too?

        This entire system may very well have been written by our TLA overlords, since it’s of dubious use for their stated purposes.

        1. Mike

          I understand what your saying. Personally, I think it would be better to remove WiFi completely from the network. Particularly where business/financial transactions occur. It can be done, but not with smart phones and Ipads.

          As for home networks, the question really is about what is more important. Most people are not going to opt for anything close to security.

          It is interesting though that the Xbox and Playstation both do have ethernet ports. So do most smart tv’sand most blue ray players that connect to the web. These things really shouldn’t be on WiFi anyway because of their demand for a faster speed and need for lower latency. They get put on WiFi mainly out of laziness or ignorance.

  10. Abiodun Sobowale

    I really do not understand why MS would want to include this kind of function in a major roll-out that IT will have no control over or am i missing something here?

    Why would anybody want to share their WIFI password with Microsoft?

    Not all social media friends are “friends”, and i am very concerned if someone were to share my wi-fi access with all my “friends”. This is effectively creating a very big backdoor to many network/PC especially for home users.

    Regards

  11. Linda

    Instead Of share the wealth, It is share3 the wifi and everything else on your pc. Yikes

  12. Cassie

    I knew there were a lot of issues with windows security, but I didn’t know this was something that happened as well. YIKES!

  13. Lanze

    Every device on the network has a MAC ID. Just restrict access to your WIFI by MAC ID and your set. Then the router will not give an IP to devices that are not allowed on your network.

  14. IA ENG

    Here is the so called partial agreement that MS writes in reference to win 10……….Hummmmm

    They already track stuff through the search.windows.com web they weave….. But I guess they have to put it in writing, even thought the bloatware is free for most.

    “Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to:

    1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies;

    2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone;

    3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or

    4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.”

  15. John G

    A friend told me Google requires “_nomap” to be at the end of the SSID. I haven’t confirmed this, but he recommends

    “_optout_nomap” instead of “_nomap_optout”

  16. Atinder

    Well, Windows 10 has came with many Auto-On features, which users are not aware of like sharing Wifi Contacts and using Users Bandwidth to provide updates to other users. I am not saying these are bad features, but still they should have given users an idea about these and let’ us choose whether we want to active these features or not.

  17. The Southern Gentleman

    Let me start off with saying I have copies of ever version of windows from when you had to install DOS first then use the 8 3 1/4 diskettes. Now on one of my SSD’s I have installed on my system I can log onto when I want to learn about the Win 7 and 8. No I didn’t set it up as a dual log on system but go to bio’s and change the log on.

    That being said my only solution to every ones trouble is send MS a letter saying they are going to go back to XP or just remove their OS and load lynx or one of the other system. I said this cause it seems that the more systems that MS produce and place on the market there is nothing but troubles big time.

    Believe it or not if everyone refused to load Micro Soft’s OS’s they would have to listen to the customers and what they want.

    So what does MS get out of giving millions of copies of Win 10 away to the tens of millions people? I mean when they sold their OS for $100.00 what do they get in place of all that money they didn’t get for selling all those copies? They have to be getting something for that trade off. I mean who gives away 100’s of millions of dollars? Do you know of a company that has ever done that????

    If you load it be prepared to suffer the problems if you don’t read all there is about the Win 10. My advice don’t…

    Southern

  18. AlphaCentauri

    Do the people who thought up this feature have any kids?

    It’s immaterial whether *I* configure my computer not to share. I have to worry about my kids’ friends’ laptops when they’re doing school projects together.

    It’s one thing to require them to hand me their laptops to enter the wifi password. It’s another thing to worry about whether they are running Win10 and whether they have enabled sharing for their social networks or may enable it in the future.

    Students’ Facebook friends lists typically contain all kids in their class, even ones they don’t socialize with, because it’s considered a snub to exclude someone. And Outlook email contacts are even less likely to be limited to close friends. It’s insane to decide those networks are a good way to decide who gets access to your wifi.

    But as people have said, much more secure systems are compromised daily. Even the minimal security designed in this system is doomed to fail. The hubris, it hurts.

  19. Vicky

    Does anyone know if this “limited” connection given to your “friends” has access to your router admin?

    I find that nobody in my acquaintence has ever gone into the router and changed there default admin and password. The fact that you may have logged your friend into your network with shareing checked or that they may have accidentlaly hit Share after the login scares me.

    In that case anyone on Linux, Mac, Android, IOS needs to log into their admin account and change their SSID and admin password. A good thing to do, but this share business just has me on edge.

  20. Zach

    Well, Comcast has a back door, that allows them full access to any cable modem, unless you manually login and change the default privileges and password. I found this out, when I had to set up my parents cable modem about two months ago. Rep on the phone realized I was not just brushing off the privacy issue when he said he lost the remote connection to the router and I told him that it was because he had no right to be in the router. Router works fine, his job was done.

    As for the WiFi issue and Microsoft and Google… When google maps app on an iPhone and it asks you to turn on WiFi to “increase accuracy”, how do you think it does that exactly? It does it by the knowledge of already knowing where existing networks are. Microsoft, is simply trying to one up Google, and get all the network passwords, in a viral way, by offering Windows 10. Everyone rushing to get it, install it, never thinking that the company get something out of it.

    Best thing to do, hard wire where possible, _dont bother me (if they actually listen), and above all TURN OFF password sharing! Then CHANGE all your passwords. As for teens, either restrict access by having a separate basically non-secure network, and keep your own private – especially from minors.

    Microsoft is dirty. Simple as that. Google isn’t any better, but at least (in general) they tell you about a “great new feature”, and what privacy it will cost you. Microsoft, only has ever cared about Microsoft.

  21. Ken

    I’ve upgraded my laptop to Win10 but wifi scene is new for me. I’ve shared my wifi to some friends without security sense or incorrect operation.
    The result is that I’ve accidentally shared my company’s wifi also. How can I hold back the wifi scene and disable my friend’s devices to access my company’s wifi?
    Now because of wifi scene, I’ve violated the company’s IT regulations. I can’t tell the IT staff to reset the SSID. What can I do? Only not tell anybody that somebody, who isn’t company staff, can use company’s wifi for free as well as without company’s permission.

    Any suggestions for the case?

Comments are closed.