Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends.
Redmond made the announcement almost as a footnote in its Windows 10 Experience blog, but the feature caused quite a stir when the company’s flagship operating system first debuted last summer.
Microsoft didn’t mention the privacy and security concerns raised by Wi-Fi Sense, saying only that the feature was being removed because it was expensive to maintain and that few Windows 10 users were taking advantage of it.
“We have removed the Wi-Fi Sense feature that allows you to share Wi-Fi networks with your contacts and to be automatically connected to networks shared by your contacts,” wrote Gabe Aul, corporate vice president of Microsoft’s engineering systems team. “The cost of updating the code to keep this feature working combined with low usage and low demand made this not worth further investment. Wi-Fi Sense, if enabled, will continue to get you connected to open Wi-Fi hotspots that it knows about through crowdsourcing.”
Wi-Fi Sense doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna!).
When the feature first launched, Microsoft sought to reassure would-be Windows 10 users that their Wi-Fi password would be sent encrypted and stored encrypted — on a Microsoft server. The company also pointed out that Windows 10 users had to initially agree to share their network during the Windows 10 installation process before the feature would be turned on.
But these assurances rang hollow for many Windows users already suspicious about a feature that could share access to a user’s wireless network even after that user changed their Wi-Fi network password.
“Annoyingly, because they didn’t have your actual password, just authorization to ask the Wi-Fi Sense service to supply it on their behalf, changing your password down the line wouldn’t keep them out – Wi-Fi Sense would learn the new password directly from you and supply it for them in future,” John Zorabedian wrote for security firm Sophos.
Microsoft’s solution for those concerned required users to change the name (a.k.a. “SSID“) of their Wi-Fi network to include the text “_optout” somewhere in the network name (for example, “oldnetworknamehere_optout”).
I commend Microsoft for taking this step, if albeit belatedly. Much security is undone by ill-advised features in software and hardware that are unnecessarily enabled by default.
Automatically sharing anything related to security is a bad practice for security illiterate people. No excuses. No exceptions.
It never did. Sharing configuration was enabled at default (opt out), but for every wifi network, the user had to still ***manually*** share it.
So the statement thatc hanging the password would automatically pass it along to other users is untrue. If it was anouther person, that person would not share the new password untill you gavethat person your new password. And if it were you yourself you initially shared, well, turn the sharing off. Either in the config or for that specific network.
So even though I never liked this feature as well, security wise it was never as bad as hyped.
HA ! I opted out of this heap. I’ll stay where I am at until I have to move up. This “push” and a rather hard one (sometines minus the “e”) to make people get a rather controlled environment is no good for the good, and the evil ones will simply go to linux or other OS.
Its a monopolization of privacy issues, profiling and other less appealing matters. Sure, this has been going on for quite some time.
I can remember one of the first times I did a search on hard drive using a windows box. I opened up a DOS prompt and seen the PC connected to microsoft.com ( i think it was search.microsoft.com) and thought to myself, why is my PC contacting Microsoft when I am doing a local search, with no browser or other application open? Makes one wonder to what extent that this…….. corporation is up to.
Thanks for the MS update.
Here at Procrastinators Central, we will score this as yet another victory for NOT being an early adapter.
We favor letting the young and foolish, be young and foolish, forging ahead whilst simultaneously clearing out the technical IEDs for the majority following on the information highway.
Kudos for discovering the cantennae piece.
Who needs STEM courses?
STEM students need the arts and music and literature and philosophy as much as students of the latter need STEM, maybe more so. There’s no point to life if you can’t get a rose tattoo if you want one, or ride the streetcar.
Nice picture, Brian. Microsoft_optout. I would also add Windows_10_optout 🙂 A good reason NOT to use Windows 10!
You not using Windows 10 does not help, as it are *other* users who share your password. That was the main issue: the sharing happened outside your control (once you gave them the password initially).
I run both 32- and 64-bit versions of W7 / SP1. Windows Updates option selected: “Check for updates but let me choose whether to download and install them.” I’ve manually hidden an ever-growing list of W10-related “updates”. For some of these updates, the “hide” instruction is temporary. For example, today (18 May 2016)
KB3123862 Updated capabilities to upgrade Windows 8.1 and Windows 7
showed up yet again.
As always, Brian: thanks for the security-related news. Under the heading of “resistance is futile”, I continue to question the merits of transitioning from updated versions of W7 to W10.
I’m in your camp also Arbee!
Anyone also finding that Windows update (for Windows 7) is getting progressively slower?
As if someone wanted us to give up on Windows 7!
(Hint to MS: Ubuntu 16.04 (Mate) or Lubuntu 16.04 are very logical upgrades from Windows 7 – possibly more than Windows 10 is)
Microsoft is reportedly working on a “rollup” of all of the existing fixes and so forth. They aren’t calling it a service pack, but essentially one “update” will replace hundreds of these things that they have pushed out over the years. This *might* help with the WU performance. Then again it might not.
And people are suspicious of Microsoft now – what other stuff are they going to bury in there that people might not initially notice?
Actually if you read the blog entry that introduced the “convenience rollup” (funny how Microsoft will contort themselves into knots to avoid saying the word “service pack”), it mentions that they’re revamping the windows update system. Gone will be updates downloaded individually. Instead it’ll download the month’s updates, then install the components you choose. Couple fewer updates with using the new server setup for Windows 10, and it could make for a far less annoying update experience for 7 users.
Whats even more un-Microsoftian is that the new update servers require an activex control if you want to use them through a web browser. That control will “soon” be retired in favor of a non-ActiveX system. It’s almost like someone’s taken Microsoft hostage and is sending out messages in their name.
Windows Update has suffered greatly since Windows 10 dropped last summer.
You are right Formby! At least in the last two months Windows Update for Windows 7 is significantly slower. This is in no way an accident. With family Win 7 machines I support in different cities there is no way all of them suddenly are having performance issues. My theory is MS is removing update server resources which leads to much longer waits in the hopes some will become impatient and give into Win 10. Some are taking hours to find a few updates. Still, no way Win 10 is touching the rest if I can help it.
The excellent program GWX Control Panel can save you a lot of trouble.
GWX Control Panel will help to rid your system tray of the ‘Get Windows 10’ notification from continually popping up. Video walkthrough available.
It can also prevent unintentional Windows 10 upgrades from occurring via Windows Update. GWX Control Panel really works, is safe and easy to use, and gives you the option to re-enable the icon and upgrade notifications if you’re ever ready to move forward with Windows 10 in the future. Read more at: https://tr.im/OBAFo
(From the description at MajorGeeks:
GWX has gotten bloated and confusing. Please do yourself a favor and use Never 10 instead.
Never 10 merely configures the settings that Microsoft recommends for preventing the Windows 10 upgrade from occurring.
Microsoft made the process intentionally difficult. Never 10 does all of the steps for you.
Provided you haven’t told Microsoft “yes” to their many malware-like prompts to upgrade to Windows 10, opting out of Windows 10 is as simple as setting two registry keys.
It’s only if you’ve told them yes that you need a third party solution like GWXCP or the like. My system at home bluescreens in the middle of the upgrade, and I told them to upgrade, so it got stuck an annoying auto-upgrade/bluescreen/rollback loop for a few weeks.
Definitely colors your viewpoint of the competence of the vendor when that much of your life gets wasted cleaning up their mess.
You had to opt in to the service, you were not automatically enrolled by MS
Depends. For instance, if you shared your wireless password with a friend or family member, could you trust THEM never to mark accidently their own windows 10 device to share it with all their FB friends?
Then there’s the whole thing about changing network passwords not mattering to this feature.
And having MS say you had to change your network name to really opt out, that was such a load of BS.
I was reading on threatpost this morning that the changes won’t happen until late this summer with the Anniversary Edition update… Have they released a standalone update that disables it, or is it just the Insider Preview Builds that have the changes now?
Arbee – I’m 100% with you.
Anytime a company (Microsoft) keeps dropping subtle and tricky links / buttons to “Upgrade To Our Latest Software” – I walk!
Hopefully Windows 10 goes into the “Buy” upgrade soon and they will quit trying to trick users into their carppy new O/S
Buy? You kidding?
There target was 1 billion W10 equipped boxes. Only a third of the way there and PC sales keep declining. They have Maoists that target and will need to continue to give it away to get more folks onto W10 (this vastly simplifies MS s/w development costs the sooner they can move more folks to W10.)
Tbh, I wonder if the whole “free if you move now, pay for it if you dawdle” was a ploy to get many folks to jump on the billion W10 installations train as quickly as possible.
My machine will never be upgraded to Windows 10. The motherboard manufacturer is not releasing a bios upgrade to support it.
On the other hand, my Surface Pro came with Windows 10 Pro installed and I haven’t had any problems with it.
Windows 10 was/is FREE… So was the gift of a big horse in ancient times, and that worked out well, at least for the givers. Microsoft wanted something and was willing to “give” something in return. They are not a non-profit organization, they are a business – never trust a business that is willing to give something for free… There is always a catch.
I’m surprised it took them this long to remove it.
It’s all just one of the reasons why I will not be using Win10. Never used Win8 or Vista on any personally owned machine and will never have Win10.
Microsoft has simply gone the route with Windows 10 that many companies have gone with their own hardware & software: features & the illusion of convenience are far more important than security.
Automatic connection to ‘trusted access point” is the very easy beginning of an MITM attack vector for a “yes man” aka jaseger.
Or other similar tools.
I didn’t even know about that “feature” and boy am I grateful that I haven’t “upgraded” to windows 10!
For business reasons I have over 2,000 different people in my Outlook Contacts, some of which are people I once did business with and who I am now suing for fraud as a result of past dealings. These are the very last people I would like to give the ability to access any network where, for example, litigation correspondence might be found.
What on Earth were Microsoft thinking? This assumption that anyone found in your contacts is a “trusted friend” is naive beyond belief. Are you supposed not to have your enemies’ details in your contacts?
Thanks for making everyone aware. What an amazingly stupid default setting
Why they ever included this “feature” is beyond me? Nobody asked for it and then when everybody discovered it, they avoided it like the plague…. dumb Microsoft
I am not an IT expert, but very much enjoy your column Brian and the many insightful comments from your readers. I have not upgraded to Windows 10 and from the many comments I will stay with that decision.
I think it’s really neat that both IT professionals and everyday computers users both benefit from your column. Thank you.
This is not the reason I am not upgrading to Windows 10. This is the reason I do not allow Windows 10 on my WiFi network.
I only allow people I trust on my WiFi. I give them a few simple rules, one of which not to share the password and therefore access with anybody else. Windows 10 makes it harder for them to follow that rule.
Windows 10 has made it harder for me as a WiFi network admin and I’m not even running Windows 10.
The only silver lining I see is that most Windows 10 instances will be updated thanks to another Windows 10 feature and the WiFi share feature will go away.
On the topic of WU being slow, I have noticed. I haven’t thoroughly investigated, but it seems to be multi-faceted inefficiency. I noticed the checking for updates runs for a very long time and uses a lot of CPU cycles. Another thing I have noticed is .NET updates are highly inefficient. I used to manage some air-gapped systems which I downloaded updates to apply manually. .NET updates had a pre-update utility which did some “magic” when run and allow the .NET update to run efficiently.
fwiw, while I’m usually fairly paranoid, I decided this was a reasonable feature. And it was fairly handy.
It meant that when I configured WiFi access for myself on one computer, and then later set up a laptop (using the same MS login) and visited where the first computer was, my computer automatically connected.
The alternative is basically a text file listing all of your WiFi passwords, which is definitely not a good idea.
MS at least offered to encrypt passwords and play secret keeper.
Password sharing is hard. WiFi sense allowed you to control w/ whom (including only your own account) you shared passwords. It also meant that you could share a password with a friend w/o your friend easily* sharing the password w/ someone else.
(*a kernel debugger could certainly retrieve the password, but in general, your average friend wouldn’t know the password, and wouldn’t be able to accidentally leave it on a post-it note somewhere.)
This undermines one of my reasons not to accept Microsoft’s kind and generous offer of a free Windows 10 which is that it increases the chances of you getting worms.
The comments here clearly illustrate why writers need to accurately report things, because while WiFi Sense is enabled by default, each and every network had to be shared manually. The service would only use shared networks but actually share anything.
Oh, and Microsoft is only pulling it from Windows 10 Anniversary Edition, so if you’re not upgrading, you still have it.
Except, of course, the feature is one checkbox away for each and every person who connects to a WiFi network. So you don’t check the box and share the password with your contacts. What about Uncle Joe? Hipster Mark? Your little niece Susie? Do you honestly thing not a single person you give the password to will ever check that box? Then there’s the scary trend of password sharing among segments of our youth, who don’t think twice about sharing passwords, even banking PINs, with casual acquaintances. Do you honestly think that kind of person isn’t going to check the box?
With people joining your network who are running Windows 10, whether or not the password is shared is removed from your control, and instead is transferred to the control of each person who joins it. That’s why this feature is scary. That’s why this feature was never thought through.
A feature that’s enabled by default having a low usage, though, speaks volumes about how users view the feature.
BTW, if you login with the same Microsoft account on both systems, wouldn’t you gain access WiFi passcodes anyway? You don’t need WiFi sense to share passcodes with yourself.
This move doesn’t cotton to its new strategy to out Google, Google, and out Facebook, Facebook – I’d be wary of this news.
Back when I was but a lad one of the catch phrases of my generation was, “Never trust anyone over thirty.” I think that phrase has morphed into, “Never trust anyone.” I find that stance, which reeks of paranoia, a good way to conduct any business with ‘most’ anyone I personally don’t know. I may be paranoid BUT “THEY” are after our hard earned rent monies, and don’t lie to yourself.
Maybe if you guys read the screen instead of doing click-click-next-finish when installing/upgrading to Windows 10, you would realize that this “feature” could be turned off right from the beginning? No, instead it’s Microsoft’s fault. They straight out ask you if it should be turned off or not, and give a lengthy explanation of what it is.
When first installing W-10, Always click “Custom Install”. There are many choices for accepting or declining many built in features. Very helpful indeed. This will save you the trouble of having to look through many screens later, that you could have already done with a custom install. To many people have already made this mistake ( me included ). Save yourself a lot of time and trouble with an unfamiliar OS system. Thanks Brian for all the great advice you have given, to all of us!