29
Jul 15

Windows 10 Shares Your Wi-Fi With Contacts

Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10. But there’s a very important security caveat that users should know about before transitioning to the new OS: Unless you opt out, Windows 10 will by default prompt to you share access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends.

msoptoutThis brilliant new feature, which Microsoft has dubbed Wi-Fi Sense, doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).

I first read about this over at The Register, which noted that Microsoft’s Wi-Fi Sense FAQ seeks to reassure would-be Windows 10 users that the Wi-Fi password will be sent encrypted and stored encrypted — on a Microsoft server. According to PCGamer, if you use Windows 10’s “Express” settings during installation, Wi-Fi Sense is enabled by default.

“For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared,” the FAQ reads.

The company says your contacts will only be able to share your network access, and that Wi-Fi Sense will block those users from accessing any other shared resources on your network, including computers, file shares or other devices. But these words of assurance probably ring hollow for anyone who’s been paying attention to security trends over the past few years: Given the myriad ways in which social networks and associated applications share and intertwine personal connections and contacts, it’s doubtful that most people are aware of who exactly all of their social network followers really are from one day to the next.

Update, July 30, 12:35 p.m. ET: Ed Bott over at ZDNet takes issue with the experience described in the stories referenced above, stating that while Wi-Fi Sense is turned on by default, users still have to explicitly choose to share a network. “When you first connect to a password-protected Wi-Fi network, you choose if you want to share access to that network with your contacts,” Bott writes. Nevertheless, many users are conditioned to click “yes” to these prompts, and shared networks will be shared to all Facebook, Outlook, and Skype contacts (users can’t pick individual contacts; the access is shared with all contacts on a social network). Updated the lead to clarify that users are prompted to share.

El Reg says it well here:

That sounds wise – but we’re not convinced how it will be practically enforced: if a computer is connected to a protected Wi-Fi network, it must know the key. And if the computer knows the key, a determined user or hacker will be able to find it within the system and use it to log into the network with full access.

In theory, someone who wanted access to your company network could befriend an employee or two, and drive into the office car park to be in range, and then gain access to the wireless network. Some basic protections, specifically ones that safeguard against people sharing their passwords, should prevent this.

I should point out that Wi-Fi networks which use the centralized 802.1x Wi-Fi authentication — and these are generally tech-savvy large organizations — won’t have their Wi-Fi credentials shared by this new feature.

Microsoft’s solution for those concerned requires users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).

It’s interesting to contrast Microsoft’s approach here with that of Apple, who offer an opt-in service called iCloud Keychain; this service allows users who decide to use the service to sync WiFi access information, email passwords, and other stored credentials amongst their own personal constellation of Apple computers and iDevices via Apple’s iCloud service, but which does not share this information with other users. Apple’s iCloud Keychain service encrypts the credentials prior to sharing them, as does Microsoft’s Wi-Fi Sense service; the difference is that it’s opt-in and that it only shares the credentials with your own devices.

Wi-Fi Sense has of course been a part of the latest Windows Phone for some time, yet it’s been less of a concern previously because Windows Phone has nowhere near the market share of mobile devices powered by Google’s Android or Apple’s iOS. But embedding this feature in an upgrade version of Windows makes it a serious concern for much of the planet.

Why? For starters, despite years of advice to the contrary, many people tend to re-use the same password for everything. Also, lots of people write down their passwords. And, as The Reg notes, if you personally share your Wi-Fi password with a friend — by telling it to them or perhaps accidentally leaving it on a sticky note on your fridge — and your friend enters the password into his phone, the friends of your friend now have access to the network.

Source: How-To Geek

Source: How-To Geek

An article in Ars Technica suggests the concern over this new feature is much ado about nothing. That story states: “First, a bit of anti-scaremongering. Despite what you may have read elsewhere, you should not be mortally afraid of Wi-Fi Sense. By default, it will not share Wi-Fi passwords with anyone else. For every network you join, you’ll be asked if you want to share it with your friends/social networks.”

To my way of reading that, if I’m running Windows 10 in the default configuration and a contact of mine connects to my Wi-Fi network and say yes to sharing, Windows shares access to that network: The contact gets access automatically, because I’m running Windows 10 and we’re social media contacts. True, that contact doesn’t get to see my Wi-Fi password, but he can nonetheless connect to my network.

While you’re at it, consider keeping Google off your Wi-Fi network as well. It’s unclear whether the Wi-Fi Sense opt-out kludge will also let users opt-out of having their wireless network name indexed by Google, which requires the inclusion of the phrase “_nomap” in the Wi-Fi network name. The Register seems to think Windows 10 upgraders can avoid each by including both “_nomap” and “_optout” in the Wi-Fi network name, but this article at How-To Geek says users will need to choose the lesser of two evils.

Either way, Wi-Fi Sense combined with integrated Google mapping tells people where you live (and/or where your business is), meaning that they now know where to congregate to jump onto your Wi-Fi network without your permission.

My suggestions:

  1. Prior to upgrade to Windows 10, change your Wi-Fi network name/SSID to something that includes the terms “_nomap_optout”.
  2. After the upgrade is complete, change the privacy settings in Windows to disable Wi-Fi Sense sharing.
  3. If you haven’t already done so, consider additional steps to harden the security of your Wi-Fi network.

Further reading:

What Is Wi-Fi Sense and Why Does it Want Your Facebook Account? 

UH OH: Windows 10 Will Share Your Wi-Fi Key With Your Friends’ Friends

Why Windows 10 Shares Your Wi-Fi Password and How to Stop it

Wi-Fi Sense in Windows 10: Yes, It Shares Your Passkeys, No You Shouldn’t Be Scared

Tags: , , ,

250 comments

  1. Free upgrade to an NS-5 robot? (W-10 version)

  2. While I feel that this ‘feature’ is a bad idea, I doubt that most of the so-called tech-savvy users here complaining will avoid upgrading to Win 10 because of this issue. People merely join the bandwagon with their complaints. Those who say that ‘Linux is looking good now’ are not going to switch to Linux just because of this. They will merely do the _optout and go about their lives.

    • >>Those who say that ‘Linux is looking good now’ are not going to switch to Linux just because of this.<<

      Wrong! I have 3 computers, and 2 of them already run Linux. When I don't need Windoze anymore, I won't be using it.

    • Yes, *you* can easily disable it. The 90%+ of windows users who will buy a pc, turn it on, hit “express settings” and log into facebook will have no idea it exists, let alone that they can disable it, and will only find out about it after their crazy ex “somehow” gets their new wifi password that was set to keep said crazy ex out, and crazy ex deletes their files.

    • disable??? what about your son|daughter|friend|etc who comes over with their brand new Win10 system? does that person already have your WiFi password? Could be; and are they going to stuff it gleefully into their new Win10 box? Likely, I’d say.

      what then ? your password spreads like the measles ??

  3. I’m not sure why people are freaking out over this. So now my family and friends get on my wifi when they come over for a visit? So what. The sky is falling indeed.

    Are you that mistrusting of your friends?

    • It has it’s pros and cons, the crux of the matter is that this could easily be used by hackers or anyone looking to steal your Wifi

    • Everyone that I know of on facebook, and even in their e-mail accounts “friends” people that they don’t know. Finding where a person lives, even if they use fake info isn’t as difficult as it may seem.

      Let’s say, just for argument’s sake, that you are the most secure online person in the world. You only add people that you know in real life. Or, you think that you do. That contact that has your cousin’s name is actually someone posing as your cousin.

      What if you accidentally click on “Add to contacts” on those e-mails from people that you know, but don’t really want in your contacts?

      What about people that you have in your contacts that you forgot about? Like an ex boyfriend or girlfriend?

      What about people that you do business with? Businesses are not afraid to conduct social networking sleuthing to find out what their potential employees are like. What’s to stop them from adding you as a contact, drive near your house, and sniff your network traffic looking for damning information about you, especially if you are being interviewed for a high security position?

      Sounds far-fetched, I know. Those are just some things that I can come up with. I’m sure that people that are more wise than I am can come up with more.

      Anyone with nefarious purposes has the hard part done for them with this… getting access to the network. Next comes the easier part, finding a vulnerability to exploit. Sure, Microsoft says that they can “only” share your wireless, but, how many times has microsoft issued updates to services that were supposed to be secure? What about the 3rd party software on your computer? Microsoft may not even be to blame. Oh, you’re running Antivirus software? Don’t make me laugh. Look up how easy those are to bypass.

      • Well like most people I don’t fit that scenario. And those that need the high security will already know to turn it off, or they already suck at their job 🙂

      • Not so far fetched. I am Facebook friends with 2-3 people who are in foreign service (ex military), one of whom lives/works in eastern Europe (a former communist country). A few months ago, somebody faked his Facebook account (borrowed one of his pictures for a profile pic) and created an account in his name. After several of us unknowingly accepted his friend request, he proceeded to try to market to us. I checked my current (at the time) friend list, and he was listed twice, so I kept the real one and dropped the fake one. Sure, this case was benign, but what if it was a real criminal from eastern Europe? It could have been worse.

        No Windows 10 for me. I’m running 7 on my desktop until it’s no longer supported, then moving to Linux. My other two computers are already on Linux.

    • Well.

      That was a deliciously ironic moment when I clicked reply on my comment to your article.

      http://www.wpdownunder.com/wp-content/uploads/2015/07/SecurityGuyIrony_wifisense.jpg

      😉

    • I have roughly 60 people that live very close to me that are in my contact list, I don’t want them tapping into my wifi. This is a major screw up (again) by Microsoft.

    • Such a thing should NEVER be enabled by default. The whole point of having a WIFI password is to keep a tight grip on who can connect to your network. Everybody has contacts that aren’t actually friends. Depending on your settings, total strangers can be added to your contacts simply by replying to them. What about your ex-husband who is a bit of a lunatic? What about the casual acquaintance that happens to live nearby and wants to do something illegal online? And how about your kid’s friend that you let connect? Are you going to trust their contacts? And Facebook contacts? How many hundreds of friends does your kid have that they’ve never even met before?

    • Al,
      Its not a “mis trust” of friends… to me its that (emphasis) I should decide who I share my life, home and possessions with, not Microsoft or any other company.
      If someone wants to offer a feature that allows for easy wifi sharing or that tells my friends where I am, what TV I just watched, what I just bought, etc it should be a feature that I decide to enable.

    • There’s more to it than being “mistrusting of your friends.” I’m responsible for the network at a small business of 100 employees. We have a separate guest Wi-Fi network that does not give access to our LAN; however, we can still get into trouble for what people on that network do. We got a nasty scary letter once from ASCAP or something because an employee brought his laptop to work which was doing peer to peer music sharing; the offending employee had forgotten that service was even turned on. That was hard enough to track down. Someone could park in our parking lot, hop on our guest network, and upload kiddie porn. Who do you think would get in trouble? I am simply appalled at how half-baked this entire scheme is.

  4. I believe George Santayana said it best, “Those who cannot remember the past are condemned to repeat it.”

    Security is always served best in a closed state, not open for convenience.

    I wonder if the Chicago FD has any openings?

  5. Windows 10 is a privacy nightmare even without the wi-fi sense features anyway.

  6. @Brian, I know people worry about this feature, but as you underline, any real network will use per user authentication, and that won’t be shared by Wi-Fi Sharing.

    It’s probably better to ask: “What is my Wi-Fi password protecting?”

    * If you have a NAS on your network, that NAS should have its own account protection.
    * If you have a Roku / similar TV, do you care if someone on your network can access it?
    * If you have a laptop on your network, that laptop should require distinct credentials for remote file access/control/login.
    * If you have a PoS machine on that Network, it shouldn’t be on a PSK WiFi network, take it off!
    * If you have a Media Server on your network, then write access should have its own access control, and whether it has access control for read is really your decision.
    * Are local laws sufficiently stupid that I can be arrested when someone borrows my WiFi? — If so, could you please contact your local representative and ask that they be changed? — Until then, you probably shouldn’t enable WiFi in the first place…
    * Is your ISP overcharging you so much for exceeding some incredibly low MB of usage limit? — If so, your WiFi AP or the Router should be configured to do at least QoS, if not have two networks with throttling for everyone else. — And you should ask Google to deploy their Fiber network / Ask your representative to encourage Municipal Fiber.

    There are a couple of basic categories:
    1. Things that shouldn’t be on a basic network (PoS comes to mind).
    2. Things that could be on a basic network and which should have their own protection (NAS, laptop, desktop).
    3. Things that could be on a basic network which probably don’t need protection (streaming to TVs, reading from Media Server).
    4. Excess downloading costs you $$$!

    As long as you have properly addressed the first two classes (#1/#2), the only other real issue is “do you really care if someone changes the channel on your TV / listens to your music / watches your movies / uses some of your bandwidth?” (#3). The last issue (#4) is more of a “Why are you still paying that evil company to give you terrible service at horrible rates?”, and you should be fixing that anyway.
    ra, right?; you do use a strong password and have a reasonable lockout policy w/ auditing, right?)

    Keep in mind that when your friends visit your house, they’re likely to bring their own poorly maintained computer with viruses and malware running, and you’re going to give them your WiFi password (just like WiFi sharing does). So you want to address points #1..#4 whether or not you spend time worrying about WiFi sharing.

    • Try this analogy: I live in a multi-unit building. I have strong locks on my apartment door. And surveillance cameras and motion detectors inside my unit. Consequently, there’s NO reason whatsoever that I should be even the least bit concerned to discover that the building manager is giving out keys to the lobby door to anyone who asks for one?

      • You live in a condo building with 10 units, you have a contractual arrangement with the building manager.

        You are shocked to discover that people come/go from the building more or less at will, or practically at the will of any of the (possibly quite careless) residents of the other 9 units?

        Yes, there really isn’t any reason to worry about that. Keep in mind that realtors more or less do share out front door keys randomly to pretty much anyone. Also coming/going are pizza delivery people, restaurant delivery people, mail/package delivery people…. And people will tailgate into pretty much any building.

        If you’re worried, you should talk to the owners of the other 9 units and the building manager. You’ll also want to campaign to all of those other units that they lock their windows… If you think about this point though, it’s pretty much my #2.

    • @timeless Wow! Thanks! That’s a huge help! I’ll just forward it on to my Granny…

      • @bob: do your grandma a favor. Visit her *repeatedly*. Offer to make her a meal.

        On each visit do one, two or maybe three of the things on this list, eventually you’ll have done most of them:
        * check to see if the pipes are leaking
        * check to see if there are ants, termites, rodents …
        * see if the windows are leaking
        * see if her smoke detector+carbon monoxide detector batteries have been changed recently (actually, don’t check, just change them!)
        * check her fire extinguishers (are they still charged? probably not, replace them)
        * clean the lint filters for her dryer, and clean the fan filters
        * help her freeze her credit reports (all four major bureaus) — she’s retired, she doesn’t need someone opening credit for her

        * update her tv, camera, phone
        * find out if she can use her phone (are the buttons too small/hard to use?)

        * teach her to be skeptical of email links
        * teach her to be skeptical of Facebook friend requests
        * review her Facebook friends and make sure she hasn’t been catfished

        * see if her router is properly configured
        * see if her router software is up to date (or exploitable, it’s probably exploitable)
        * remove the malware from her computer
        * update Firefox/Chrome
        * update Flash
        * remove Shockwave and Java
        * if she’s using a mail program instead of webmail, fix her program to use TLS instead of plaintext for passwords
        * enable two factor authentication for her (Gmail, Facebook, …), and walk her through using it — https://twofactorauth.org
        * — if she’s using a mail program, set up the application password for the two factor authentication account
        * — have those sites kick off any other sessions
        * see if her computer software is up to date — if it isn’t, you’ll want to update it (for minor things)
        * check to see if she has other devices on her network that should be kicked off/updated/locked down
        * set up Skype and teach her how to use it to video call you, and use screen sharing — so that you can walk her through minor things when you’re not nearby

        Then, ask yourself: what resources exist on her network that aren’t properly secured. Fix them!

        Will your grandma have her other grandchildren/great-grandchildren over as visitors? will she be giving them access to the internet (almost certainly)? — it’s probably easier for her computer to just share the password to her limited Facebook friends.

        Once you’re confident/comfortable that she, her house, and her computer are in good shape, then you can move on to the next step:

        * if her computer is going to update to Windows 10 (and you should want her on 10 as opposed to 7/8.*), then you want to be there to help her adjust to it

        — If she’s using a Mac, then you’ll want to upgrade it to 10.10, and as with Windows 10, you’ll want to help her adjust to it.

  7. Who gets into trouble when someone you know, on your friends list, uses your Wi-Fi WITHOUT your explicit permission, to access websites such as those hosting kiddie porn or other illegal material. Who’s door gets knocked in then?

  8. Our security team has laid down a betting pool on the # of days until this becomes a exploited feature that hits the news and needs a MS patch.
    The line currently at 54 days…. and I think that’s generous

    • 39

      Im gonna give this OS half a year before I even start to consider putting it on my laptop, till the final month to get for free on my desktop.

  9. Lots of comments about not using Win10 to avoid this ‘feature’ – but its your visitors sharing your wifi password you need to be worried about!

  10. Fortunately, the Wi-Fi sense doc is clear that they just look for the string “_optout” being present in the SSID, not at the end. “_optout_nomap” would work if Google is only looking at the end. (and in fact, that SSID alone should work)

  11. Having to mutilate SSIDs to opt out is total bumpkis. This will force all existing connected devices to be reconnected. This is a kludgy “fix” for “features” that should not exist.

    WiFi connection settings should NEVER be automatically shared in this way. It shouldn’t even be an opt in feature. It shouldn’t exist period. The reason is that a person being granted access to a WiFi network may not be the owner of the network and thus may not have the right to be able to share said access. Only the owner of a WiFi network should have the ability to choose who to share it with.

  12. Great article. It’s unfortunate that Microsoft has jumped on the auto-opt-in band wagon, but as with all company’s they don’t really care. And honestly, it just means that your data is not really yours anyway. They are just taking it to a new level.

    The crux of the issue is not that the password is shared, it’s that it is no longer controlled. It doesn’t matter if you install Windows 10 either. If you gave your password to someone that gets Windows 10, then they connect to your network and then share this with 2 friends, and so on, and so on. Rinse and repeat.

    Add the fact that Microsoft has removed themselves from this nightmare and placed the onus squarely on the consumer. They don’t have to do anything, but consumers now have to purchase firewalls, do MAC filtering, etc. just to keep their networks secure. Next, Microsoft will be offering a secure NAC solution to consumers who want to protect themselves from unwanted network devices.

  13. Throw Windows PC in trash. Buy Mac. Problem solved.

    • Already went through the Apple planned obsolescence, limited ability to upgrade components, and forced updates nightmare.
      The best alternative may be Linux. Am considering it very seriously.

    • …because everybody should pay five times the cost for a computer with a screen that’s one-fifth the size!

  14. The neighbours saved as contacts from those exchanges of local issues last year?
    and,
    unless you live on 100 acres, in range of your wifi ?

    torrents and downloads, GO!

  15. You folks don’t know what you are talking about – including Krebs (sorry, love you but…). You don’t know enough about networking. There are infrastructure networks and data networks. Having a password to use your infrastructure network has nothing to do with any data network (Local Area Network/Homegroup) that happens to use the infrastructure. We’re all sharing a common infrastructure already – it’s called the Internet. Your crazy ex can’t delete your files simply because you are both on the Internet. If someone is smart enough to hack into your computer and files because you are on the Internet, then yes, they could do the same thing here. My point is it is no different than the risk we have all been taking all along.

    Do I like this whole thing? No. I never turned on WiFi sense on my Windows 8.1 phone. But let’s not exaggerate the threat here either. Yes, it is there, but it is pretty minimal. And it no greater a threat than it has been all along.

    • I sincerely hope that no-one accepts this post as being in any way accurate. Connecting to someone’s WiFi is NOT the same as both parties just being on the Internet. The most obvious difference is that the WiFi will generally be located inside the firewall (and everyone has some kind of firewall between their network and the Internet, even if it is just basic NAT).

      • WiFi is like roads. Roads are basic infrastructure, everyone gets on them.

        http://blogs.wsj.com/cio/2015/05/11/google-moves-its-corporate-applications-to-the-internet/

        “Google Inc., taking a new approach to enterprise security, is moving its corporate applications to the Internet. In doing so, the Internet giant is flipping common corporate security practice on its head, shifting away from the idea of a trusted internal corporate network secured by perimeter devices such as firewalls, in favor of a model where corporate data can be accessed from anywhere with the right device and user credentials.

        The new model — called the BeyondCorp initiative — assumes that the internal network is as dangerous as the Internet. Access depends on the employee’s device and user credentials. Using authentication, authorization and encryption, the model grants employees fine-grained access to different enterprise resources,…”

        • >>WiFi is like roads. Roads are basic infrastructure, everyone gets on them.<<

          When was the last time you were duped into building a road for other people to use?

          • Less than 2 years ago I suppose. It was quite expensive, and my mayor was proud of it.

            Residents in Toronto have been duped into paying over a billion dollars for an incredibly useless subway.

            https://en.wikipedia.org/wiki/Line_3_Scarborough

            > On October 8, 2013, Toronto City Council voted 24–20 to replace the Scarborough line with a three-station extension of the Bloor–Danforth subway line. Council chose the Stintz plan for the extension.[25]
            > The subway extension is estimated to cost $3.56 billion.[26]

            Before that, there was line 4

            https://en.wikipedia.org/wiki/Line_4_Sheppard
            > It opened on November 22, 2002.[3]
            > the Sheppard subway costs $10-plus per ride to subsidize.[11]

            If you’re asking if I’d gladly trade the wasted money for either Line 4 or the replacement Line 3 for municipal Fiber, the answer is yes!

  16. Easy solution: configure your router to allow only specified MAC Addresses to connect to your Network. This will ensure that no uninvited Guests connect without your permission.

    • Unfortunately this is not secure at all, since MAC addresses are trivially easy to spoof.

      • MAC filtering is just one layer of network security.

        • MAC filtering is not a security feature. It provides nothing but a false sense of security. The only thing that works is encryption.

  17. Better shut the internet down. Kill all public wi-fi. Don’t have friends. Don’t live within a cantenna’s range of any other person. Better still – rip out your phone line too, just to be safe. That dumb phone from Nokia in 2000 is looking pretty attractive right now too. Pay with cash. Don’t trust banks. Do you know your mailman? What’s really in those drugs your Dr told you to get at the chemist – and where was he even trained. Is there such a University? Don’t drink the water, vaccinate your kids or believe easily faked special effects videos they “say” chronicles our history. Genetic modified food – don’t get me started. sugar. fat. preservatives. additives.

    Best to walk into your backyard, dig a hole and place your head into it….or go to the footy and boo Adam Goodes.

    Sorry – did I get off topic somewhere there?

    Other comments of mine at the Age/SMH syndicated post of this story.

  18. I went into Manage WiFi settings in Settings and simply clicked off the option to share with those three networks, then clicked the option to ahare off. Why all the dicking around with router settings??

  19. Massively overblown. While the feature is enabled by default you need to explicitly share a network for it to be shared.

  20. So right out of the gate it’s another security nightmare. Congratulations Microsoft.

  21. Why am I reminded of the Phorm debacle?

    Microsoft, this idea is crazy IMO. At the very least, this should be an opt-in. Better still, drop the idea as it is so open to abuse.

  22. All security concerns aside (justified or no):

    I see little if any benefit to this. It’s as if we’ve lost the ability to handle even the most basic of ideas.

  23. c1ph3r_qu33n_3

    really microsoft, apple, google after all the work we do in IT to try and ensure proper authentication to networks, you happily by default share viciate all that work and training.

    My guess, this “feature” will slow adoption of Windows 10 in the enterprise.

    Canada has Privacy by Design, can’t we expect our IT vendors to give us Security by Default??

  24. I’m aware enough to disable this “feature”, but I especially created a guest (internet only) network for friends, so they come in and share my guest network credentials with their friends, without me or them even knowing about it. If this went wrong in MS Public Relations lead development process, what else is wrong with this version of Windows?

  25. Will it share all your WiFi passwords? That would be almost criminal, and be in violation of most companies security policies
    (both my laptop and phone have quite a number of WiFi connections set up, since I move around quit a bit)

    Companies like Microsoft and Google, and many others, need to stop accessing contact lists without explicit, very explicit, permission. My contact lists are a mix of business and personal, and the two should not meet. I don’t want any automatic sharing of (personal) information with anybody. Only if I explicitly agree.

    It is almost insane that these days we think it is normal for an application that you want to install is entitled to access your contacts, or other completely unrelated information. Think of all the games and tools people put on their phones. 90% of the people click agree on any terms without reading.

    In the past you could count on the operating system providing some protection. Now it is free, and you can no longer trust it.

    I gladly will pay money for a social medial proof proof version.

    Bart

  26. Stefan Gentsch

    To my understanding this can even affect a WiFi network if the owner is not using Windows 10.

    If any guest in the WiFi (e.g. a friend of the owner) uses Windows 10 then the password can be shared with the guest’s friends despite the fact that the guest is not the owner.

  27. It should NOT be automatically on. It should be automatically OFF and if we want to use it have the ability to turn it on.
    But these big companies have ALWAYS been backwards.
    Guess I’ll be going to my mothers and friends a lot more than I though when Windows 10 is totally out. Fixing their settings. UGGHHH

  28. I can deal with Wi-Fi Sense effectively but I’m concerned with other features being reported on. I came across this article the other day. Any thoughts?

    http://realitynews.international/windows-10-your-privacy-is-dead/

  29. Wow. Some people add “friends” to skype, facebook, etc. that they do not know in real life, that they know from childhoo, that they know from friends of friends. I’ve even had coworkers on my contacts that I would frankly not trust at all. There’s a difference between letting someone into your social network and letting them into your physical network. The question one person asked, “Don’t you trust your friends?”, is quite amusing. No one should confuse “trust” with security.

    In this age of hacking and identity theft, for MS to allow this….is pretty incredible. How easy is it for someone to weasel their way on to your contacts list, find out where you live, then sit out front with wireshark capturing all you unencrypted data as it flies through your own personal wifi network.

    “Oh but you can disable it”..well that’s super but how about “Oh but you can enable it if you think it’s not dumb” instead?

    What about the new facial recognition for logins? Can I just cut of your dead noggin and hold it in front of your laptop to log in? At least with a password they need you alive…..

    • true, but fwiw, I believe that by default Facebook isn’t active, only Outlook.com and Skype are…

      Basically, these are the settings:
      WiFi Sense [opt-out]
      Outlook.com [opt-out]
      Skype [opt-out]
      Facebook [opt-in]
      Sharing the password for a network [opt-in]

      So, if everyone is lazy, nothing will be shared, and nothing will be shared to Facebook users.

      To have passwords shared to Facebook, a user would have to:
      1. opt-in for Facebook
      2. opt-in for Sharing the password

      Or, if the user wants to share the password, they could just post it to Facebook directly and let facebook.com store the password 🙂