Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.
This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).
I first read about this over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.
“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads.
The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.
Update, July 30, 12:35 p.m. ET: Ed Bott over at ZDNet takes issue with the experience described in the stories referenced above, stating that while Wi-Fi Sense is turned on by default, users still have to explicitly choose to share a network. “When you first connect to a password-protected Wi-Fi network, you choose if you want to share access to that network with your contacts,” Bott writes. Nevertheless, many users are conditioned to click “yes” to these prompts, and shared networks will be shared to all Facebook, Outlook, and Skype contacts (users can’t pick individual contacts; the access is shared with all contacts on a social network). Updated the lead to clarify that users are prompted to share.
El Reg says it well here:
That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.
In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.
I should point out that Wi-Fi networks which use the centralized 802.1x Wi-Fi authentication — and these are generally tech-savvy large organizations — won’t have their Wi-Fi credentials shared by this new feature.
Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).
It’s interesting to contrast Microsoft’s approach here with that of Apple, who offer an opt-in service called iCloud Keychain; this service allows users who decide to use the service to sync WiFi access information, email passwords, and other stored credentials amongst their own personal constellation of Apple computers and iDevices via Apple’s iCloud service, but which does not share this information with other users. Apple’s iCloud Keychain service encrypts the credentials prior to sharing them, as does Microsoft’s Wi-Fi Sense service; the difference is that it’s opt-in and that it only shares the credentials with your own devices.
Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. But embedding this feature in an upgrade version of Windows makes it a serious concern for much of the planet.
Why? For starters, despite years of advice to the contrary, many people tend to re-use the same password for everything. Also, lots of people write down their passwords. And, as The Reg notes, if you personally share your Wi-Fi password with a friend — by telling it to them or perhaps accidentally leaving it on a sticky note on your fridge — and your friend enters the password into his phone, the friends of your friend now have access to the network.
Source: How-To Geek
An article in Ars Technica suggests the concern over this new feature is much ado about nothing. That story states: “First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you’ll be asked if you want to share it with your friends/social networks.”
To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. True, that contact doesn’t get to see my Wi-Fi password, but he can nonetheless connect to my network.
While you’re at it, consider keeping Google off your Wi-Fi network as well. It’s unclear whether the Wi-Fi Sense opt-out kludge will also let users opt-out of having their wireless network name indexed by Google, which requires the inclusion of the phrase “_nomap” in the Wi-Fi network name. The Register seems to think Windows 10 upgraders can avoid each by including both “_nomap” and “_optout” in the Wi-Fi network name, but this article at How-To Geek says users will need to choose the lesser of two evils.
Either way, Wi-Fi Sense combined with integrated Google mapping tells people where you live (and/or where your business is), meaning that they now know where to congregate to jump onto your Wi-Fi network without your permission.
My suggestions:
- Prior to upgrade to Windows 10, change your Wi-Fi network name/SSID to something that includes the terms “_nomap_optout”.
- After the upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
- If you haven’t already done so, consider additional steps to harden the security of your Wi-Fi network.
Further reading:
What Is Wi-Fi Sense and Why Does it Want Your Facebook Account?
UH OH: Windows 10 Will Share Your Wi-Fi Key With Your Friends’ Friends
Why Windows 10 Shares Your Wi-Fi Password and How to Stop it
Wi-Fi Sense in Windows 10: Yes, It Shares Your Passkeys, No You Shouldn’t Be Scared
Brian,
Very timely advice and alert, thank you.
What do the vast majority of home users, who use Comcast/Xfinity, ATT etc. and cannot change their SSID (and sometimes not their password either)?
Ariel
This only seems to be asking for trouble.
Why would most of my acquaintances, who will never visit my home, ever need (or he deserving of) access to my private network?
And of the few that do visit me in person, even fewer are going to ask for access, and if they do, that’s what my guest network is for.
So if Windows 10 really is spamming my wifi password to everybody I know (seems a bit like the sasser? virus that emptied Outlook contact lists into wth wild), it is a really bad idea that seems destined to end in tears.
I hope the rest of Windows 10 isn’t this dumb.
As for me, I’m glad I went to Mac 5 years ago and missed all the MS gyrations; my old, now backup PC will remain on Win7.
{facepalm}
Great information…I already shared with some users on this security risk. Thanks Brian!
EVERYONE CALM DOWN. There is a way to disable this feature in windows 10. So if you have windows 10, it is your choice whether you want to allow your contacts to view your wifi information.
No, it’s not a choice. It’s enabled by default. IT pros will know how to disable this, because we pay attention to this kind of thing. Your parents won’t have any idea…
Software can be broken by other software. Putting full assurances into something that can be a malware chute or other avenue / pathway of data, this is another way for the dark side to become more prolific at hiding their goods.
One other thing – as it has happened many-a-times with software patches……Sometimes these “services” are re-enabled after a patch is applied.
Having an copy of an encrypted key on the microsoft servers is ludicrous – its going to allow them to have low level access to devices on your networks, if the feature is enabled at any time. Its as if it will be a network discovery tool to identify any devices within your network.
There are a HUGE number of people who will jump on the free bandwagon and simply fire and forget – they are too “overwhelmed” by the word free to care, and will simply hit next, next, next and never realize – or understand what this “feature” really does to them.
The readers in here are generally aware, most are smart enough to correct this issue at hand.
Anytime a software giant gives something away for free you have to look at the BIG picture around you. I see the historical cell phone data going away pretty soon, so what a better way to track data that being able to map networks and POTENTIALLY sniff traffic ?
Sure this could help as well, in the form of squashing the malware that remains hidden in the dark corners of the internet, but truly -there are many questions that come to mind why this software is free. I personally think its going to be the next NSA surveillance tool. But that’s my opinion, and not based on any solid evidence other than a brainstorming session at a water cooler.
Completely agree with your sentiment, Brian, I wonder how long it will be before people start getting devices and accounts compromised because of this.
This is utterly shameful of Microsoft. How they thought this would be a good idea is beyond me.
Requiring people to alter their SSIDs, many of whom will not have the technical skill or just confidence to do so, is an appalling solution to an even more appalling idea.
Shame on you, Microsoft.
Doesn’t matter, I’m sure in the ToS Microsoft has absolved themselves from any responsibility.
True. Sad thing is that most of those folks probably still have factory authentications of Admin/password on their routers and so are at risk from burg the WAN and the LAN sides now.
This is short of retarded. With this stuff calling home to Microsoft in reference to them having the key(s), something phishy is going on here. Since NSA loses cell phone historical data pretty soon, I wonder if there is another avenue available to track people’s habits….. Hummmmmm.
No, Microsoft has gone full retard on this. How did they not program their opt-out into Windows? Why on earth do I have to change the SSID for my networks and then all of the devices that connect to that network in order to NOT have microsoft do something…
I am glad we are hearing about things like this,, thank you brian for letting us know,, I am still getting use to windows 8
Changing the ssid? That seems utterly absurd. Does that mean if my ssid is called “drdougs network_optout” then Windows will first have to take record of my ssid, only to see that ok, it has the opt out in there, and thus will remove it from being shared? But it still has to catalog it first I bet, so it will probably be on a ms server regardless.
[Double facepalm]
Yes, this is horrible, this idea.
My suggestion: Don’t use Outlook, Skype, or Facebook. (And I try not to use Windows.)
My router provides my wi-fi and a visitor wi-fi – different names and different passwords.
And I even put my Internet of Things things on the visitor network.
Yet Wi-Fi Sense would provide my visitors with MY wi-fi credentials rather then my VISITOR credentials.
No thanks.
So I have to go in and change my SSID and have my family reconnect all their devices to the new network SSID? Well, F U too Microsoft.
Hey, this news goes public several months ago. A little bit late, eh?
Also, this is incorrect:
> that includes the terms “_nomap_optout”
You must use:
WHATEVERYOUSAY_optout_nomap
1, must end with _nomap to avoid google spyware
2, must include _optout (doesn’t need to end with optout)
What about legal consequences. Most home users will take the express settings and not know of the Wi-Fi Sense. A bad character friends them and gains access to their Wi-Fi to commits crimes on the Internet. The unsuspecting user gets blamed for the crimes. Where does this leave the user in the legal system? If they did not know their Wi-Fi was shared by a Microsoft configuration default how would that scenario play out in the courts? It seems to me that corporations don’t care about our security or privacy at all. After all how many of those Internet friends come over to the house to visit much less use Wi-Fi?
Plausible Deniability: “Your Honor, I had Microsoft’s Wi-Fi Sense turned on. I have no idea which social media contacts got access to my network.”
This reflects the mindset of Microsoft, computer as plaything. Everything for the tweener so they can waste their time while turning the computer over to whoever can break through flimsy security.
Not really wanting to change the SSID though it is simple enough. What is less simple is having to change the two tablets and laptop, since it is a non-broadcast ID. I will probably just turn off this idiotic feature once installed.
It will no doubt be changed after someone commits suicide after some malicious high school student sends out death threats through his acquaintances wireless networks.
I wonder if this code which reveals local wireless passwords will reveal the shared one to a friend’s system as well, allowing them to discover your real password at their leisure?
[string](netsh wlan show profiles name=([string](netsh wlan show interface | sls “\sSSID”) | sls “\:.+”| %{$_.Matches} | %{$ssid = $_.Value -replace “\:\s+”; $ssid}) key=clear | sls “Key Content”) | sls “\:.+”| %{$_.Matches} | %{$pass= $_.Value -replace “\:\s”}; Write-Host “SSID:`t”$ssid”`nPass:`t”$pass;
While nothing is perfect, I feel more secure with Apple. I wish my firm’s administrator would permit us to use Macs.
According to the article, you can simply turn Wi-Fi sense off. So while I agree it shouldn’t be on by default, it’s hardly the disaster everyone seems to think it is.
Disaster or not depends on who gets hurt by it.
The point is that it shouldn’t be on by default. I think it’d be risky to even ask the typical user if they wanted it on at all!
Microsoft has no business wanting to store, encrypted or not, anyone’s “password” for their home wifi. It’s just not “warranted”, but if they have it, the gov’t can certainly issue a “warrant” and ask for it.
Remember, the folks who do the encrypting probably can unencrypt it too.
Yes and also Brian forgets *he* needs to give access first. So unlike he writes his contact doesn’t get acces to his WiFi password until *he* decides to share it.
Now in Windows Phone, users can actually select which users, and it looks like in Windows 10 they cannot. If this is true – but note a lot of false info has been going around on this topic – that would be bad indeed though. It should be the Windows Phone way, where *I* select who will get it.
In the Windows Phone 8.1 was it therefore is not a security issue. If it in Windows 10 now shares with all contacts that would be a facepalm indeed.
Is it not a disaster when most people won’t even know to turn it off? That’s the point of opt out being a disaster. Just because it’s “easy to turn off” doesn’t mean it’s not a disaster
The feature is opt-out, but networks will still NOT be automatically shared. When joining a network for the first time, it will ask you *per network* again.
Granted that is default-on and users may simply always leave the check mark, but it is blindly not-auto-share to all as some people seem to believe. Also you can revoke it.
I also don’t like this feature and will turn it off, but the damage is slightly less worse than some people fear.
For the 18 people who will find this feature useful, I’d love to know how the brains at Microsoft rationalized it was OK to throw the rest of the Windows userbase under the bus with this.
Same logic that prompts Comcast and most other ISP’s in the world (e.g. very popular in Europe) to push new modems with integrated dual-SSID WiFi routers to their users. WiFi routers which are default allow using your network to random strangers who also happen to use the same ISP.
Granted these networks are separated by a layer of software protecton (separate SSID), but that is not really different than what Windows 10 does by only allowing routing to the internet for those users who get the shared password.
The point I’m making is that it seems private WiFi is not considered ‘private’ anymore. And don’t shoot the messenger, as I don’t like it either, but the backlash to these ISP’s was little and most applauded them even for it, so I can see Microsoft following suit.
Brilliant idea!…. NOT!
So I become friends with a person that I don’t like and get added to their contacts. I then drive by subjects area connect to THEIR WiFi and start downloading all kinds of ILLEGAL crap.
Guess who it traces back to. Don’t look behind the curtain, there is nothing to see Dorthy…..
HA! Windows 10 – moving to a more secure code model. By secretly sharing your passkeys.
I think I still have an OS/2 v3 CD in a box somewhere – I wonder if I can find an email client for it…
Lotus Notes
Believe the cantenna has to be set up at the transmitter and not the receiver, so I doubt if it will work the way you are describing here.
The benefits of a high-gain antenna are basically identical for both transmit and receive, so I don’t think it matters much if the cantenna is on the transmitter or the receiver.
I think that you’ve seen that the cantenna was connected to wireless router and assumed it was transmitting, which is the most common configuration for the wireless router. In fact the router is configured in bridge mode, so the antenna is extending an existing network.
In the past, Microsoft’s record on security has been shameful. But in recent years they’ve become much more savvy…well, OK—maybe much less irresponsible is more accurate.
But this Wi-Fi Sense idea pretty much pegs the Bonehead Meter. Couple that with the potentially disastrous automatic system updates feature in Windows 10, and it seems clear that the folks in Redmond are still bonking themselves with the stupid stick.
This has to be the worst case of stupidity and irresponsibility on behalf of a corporation. With the famous fact that it only takes 6 connections to reach any person it wouldn’t take long for the gov’t to reach anyone they wanted even if through a friend of a friend.
Hello Microsoft! It’s called a PASSWORD because we DON’T want to share it with everyone by default! (Something Comcast/Xfinity should also learn).
Making millions of homes who value privacy now change our SSIDs “by default” is ludicrous.
I was looking forward to see what Win 10 had in store but now I think I should run to *nix or Mac.
I bet the NSA must be laughing and high-fiving at this one! Something THIS stupid had to have been planned, not just a “bad decision”.
How many homes will have to be hacked to breach a corporate network some day too?!
This is a worse and much more dangerous decision than leaving out the START button ever was.
It’s like your bank said, “Hey, we decided to share your banking password with anyone in your contact list, ’cause, you know, we figure they are well trusted friends to be in your contact lists.” People would flee that bank in droves.
Well storing data at MS makes them a bank of trusted items just the same. Time for a run on this bank!
I wonder just how many backdoors they fit into this spyware/adware called W10.
They are stealing (taking without permission) network passwords and giving themselves access to everyone’s wireless network in the world that will use the OS. The opt out “might” prevent MS and google from sharing it with others, but they will still have access to it, which means it’s available to anyone (when it eventually gets hacked).
If there ever was a red flag to avoid software it’s this. W10 can burn in hell.
And we are trusting MS to respect the “_optout” opt-out. How hard would it be for them to just ignore that?
Hardly a disaster, yet.
I think this rises to the level of criminal stupidity.
How secure will a Microsoft Windows 10 Smart Home be if Wi-Fi sense is letting the “intruder” onto my network? Will content insurance providers have an issue with this?
…also, looking forward to Facebook parties going wrong. I dont mean the “traditional” way with the home/ neighborhood being trashed.
Does Microsoft know that social media contacts (even outlook contacts) are not real friends? I am for an easy way to share the Wi-fi with visiting friends, but Wi-fi sense seems to be too much.
The argument “you can simply turn Wi-fi sense off” does not sound practicable for the general public (everyone here is tech savvy and NOT the general public).
I’m not so sure this needs to be at the angst level that this is being made out to be. Regarding offices, if you are using 802.1X, this is not a problem. Furthermore, it appears that you need to actively select (and enter the password) of Wi-Fi netowrks you want to share. So, it cannot propagate.
This is not to say that these controls couldn’t be overridden. However, this should be a wakeup call to businesses to use 802.1X versus WPA2 in there environment (it doesn’t protect against rogue Wi-Fi spots in the infrastructure though, but that is another problem).
Please, if I am incorrect in my research, let me know.
hey everyone, this article seems to create confusion to whoever read it.
AFAIK, WiFi Sense DOESNOT share your WiFi network without your permission.
Even if you’re opt-in this setting, you have to choose the network (SSID) you want to share, and click “Share” to really share the network.
So, NO. Microsoft not doing any harm, not sending your WiFi password to others without your concern.
Another facepalm moment from a market leader…I bet none of the WiFi passwords will be misused or shared, ever.