ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows 10 Wi-Fi Sense is a bad idea

    Scheduled Pinned Locked Moved IT Discussion
    microsoftwindows 10security
    118 Posts 6 Posters 36.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller @Alex Sage
      last edited by

      @anonymous said:

      So to recap. Wifi Sense isn't the end of the world, but it should be used carefully.

      I think an import component of the recap is yes, it's not the end of the world, there are tons of little "this is too complex and end users will be confused about security" things out there, although I feel that this one leans to the "overly complex and completely unnecessary and missed a great opportunity to really help security" side but there is the takeaway that I feel we need for IT pros, rather than looking at the feature purely in a general context...

      For IT Pros we need to be aware of just how easily someone using Windows 10 on our networks could be accidentally sharing or tricked into sharing WiFi access. This means considering moving to EAP, using GPOs to lock this feature down, turning this off for customers or scanning for the feature and blocking access on corporate networks when it is enabled, etc.

      For Security Vendors like WebRoot, it represents and opportunity flag as a vulnerability and either warn end users or warn IT that the risk exists.

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.

        JaredBuschJ 1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch @scottalanmiller
          last edited by

          @scottalanmiller said:

          According to an article at InfoWorld, you can make WiFi Sense not share your data for your network by adding the very long _optout postfix onto your SSID.

          Yes, that was mentioned in earlier posts by both myself and @anonymous

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            Oh sorry, don't know how I missed that 😞

            1 Reply Last reply Reply Quote 1
            • gjacobseG
              gjacobse
              last edited by

              This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @gjacobse
                last edited by

                @g.jacobse said:

                This from a major IT player about sharing passwords? Nuts. On the list of must deactivate ... that is ... worse than writing your password on a post-it and putting it on the underside of your keyboard.

                No, I disagree with that. As I mentioned before, I use the iOS version of this.

                I do not like that this is shared through social networks with no control more than on or off.
                I do not trust all the players to ensure the data is well encrypted.
                I do not trust that the sharing will never spread to friends of friends

                A 1 Reply Last reply Reply Quote 0
                • A
                  Alex Sage @JaredBusch
                  last edited by Alex Sage

                  @JaredBusch said:

                  I do not trust all the players to ensure the data is well encrypted.

                  You don't trust Microsoft? Then why I are using Windows as all?

                  scottalanmillerS 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Alex Sage
                    last edited by

                    @anonymous said:

                    You don't trust Facebook? Then choose not to use it.

                    Has nothing to do with trusting them. Because they are not aware that their end users are being used in this way. That's a misunderstanding of the concept of trust. Not only that, but this isn't about trusting Facebook but about trusting both your own selection and verification process and of the account management of all of the people using it who don't agree or are not aware of what you expect of them.

                    1 Reply Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller
                      last edited by

                      It's like this...

                      I might trust you to lock up my house if I ask you to. That's proper trust.

                      But I don't "trust" that you will come to my house and lock it up if I forget to lock it right now, you don't even know that I need it to be locked or that I went to the store. That has nothing to do with not trusting you, it's just a scenario that you have no idea needs attention.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Just like if you asked me to get you milk from the store, you'd probably trust me that I would do it.

                        But you certainly aren't expecting me to show up with some needed groceries right now, I don't know that you need groceries or which ones you might need.

                        1 Reply Last reply Reply Quote 0
                        • A
                          Alex Sage
                          last edited by

                          http://windows.microsoft.com/en-gb/windows-10/wi-fi-sense-faq

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller
                            last edited by

                            According to the FAQ:

                            WiFi Sense will automatically connect you to suggested open WiFi hotspots if you have Connect to suggested open hotspots turned on in Settings > Network & Internet > WiFi > Manage WiFi settings. This is turned on already if you did either of these:

                            Selected Use Express settings when you first set up your PC with Windows 10

                            This is the setting that will make it super easy to get other people to connect to your hotspot without them knowing. Easy to hijack DNS and present alternative web pages in this way.

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              Not that you can't do that today, but it is much more complicated and far less likely that a user does not know that they are connecting to something. This makes it so that users who think that they are on 4G will suddenly get WiFi and without knowing, unless really paying attention or understanding, have the potential to be hijacked.

                              1 Reply Last reply Reply Quote 0
                              • DashrenderD
                                Dashrender @JaredBusch
                                last edited by

                                @JaredBusch said:

                                @anonymous said:

                                It's encrypted.

                                Doesn't matter.

                                You are my FB firned and gain access to my network.

                                Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.

                                His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.

                                I'm not sure that's true. Just because you're friend has access because he's friends with you, I hope that doesn't mean that all of his friends now have access to it as well... they shouldn't, if it's built correctly.

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Dashrender
                                  last edited by

                                  @Dashrender said:

                                  @JaredBusch said:

                                  @anonymous said:

                                  It's encrypted.

                                  Doesn't matter.

                                  You are my FB firned and gain access to my network.

                                  Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.

                                  His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.

                                  I'm not sure that's true. Just because you're friend has access because he's friends with you, I hope that doesn't mean that all of his friends now have access to it as well... they shouldn't, if it's built correctly.

                                  That's an important question, when does it stop sharing? And if it does share that way, then basically everyone gets every password. If it doesn't, then you have a lot of manual management to still do, possibly more because the natural sharing that we used to do isn't there since our associates don't get the passwords from us.

                                  JaredBuschJ 1 Reply Last reply Reply Quote 0
                                  • DashrenderD
                                    Dashrender
                                    last edited by

                                    I love the idea of this, but Scott and Jared are right - this is not a good implementation of this. They really need to have granular control of who you give access to.

                                    I'm also not sure that I want to associate FB with my machine - I normally don't have the contacts from FB flood my phone either - I only want the app and the chat app - and I really want location services to be off too.

                                    1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch @scottalanmiller
                                      last edited by

                                      @scottalanmiller said:

                                      That's an important question, when does it stop sharing?

                                      This issue is not clear yet. It shouldnot be able to share infinitely because one article states that it will only share to a direct friend. But another article state that you can share any network you have acess too.

                                      So this implies that once my network is shared with you, it will not automatically share past you. But you can go into your wireless networks and share it to your friends.

                                      @scottalanmiller said:

                                      And if it does share that way, then basically everyone gets every password.

                                      The password is never released in clear text. So that is not out until the encryption is broken. That is not a part of this I am worried about.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @JaredBusch
                                        last edited by

                                        @JaredBusch said:

                                        But another article state that you can share any network you have acess too.

                                        So this implies that once my network is shared with you, it will not automatically share past you. But you can go into your wireless networks and share it to your friends.

                                        Right, if everyone shares everything that they have access to, it would quickly have a network effect of going to just about everywhere. Seven orders of Kevin Bacon and all of that.

                                        Which articles are right is the big question.

                                        1 Reply Last reply Reply Quote 0
                                        • 1
                                        • 2
                                        • 3
                                        • 4
                                        • 5
                                        • 6
                                        • 5 / 6
                                        • First post
                                          Last post