ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Windows 10 Wi-Fi Sense is a bad idea

    Scheduled Pinned Locked Moved IT Discussion
    microsoftwindows 10security
    118 Posts 6 Posters 36.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Alex Sage @scottalanmiller
      last edited by

      This post is deleted!
      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        Even simpler than that. It gives people access to my wireless network without my explicit permission.

        I have ZERO method to control this sharing other than renaming my entire wireless network with some stupid _optout on the SSID.

        A 1 Reply Last reply Reply Quote 1
        • A
          Alex Sage @JaredBusch
          last edited by

          @JaredBusch said:

          Even simpler than that. It gives people access to my wireless network without my explicit permission.

          I have ZERO method to control this sharing other than renaming my entire wireless network with some stupid _optout on the SSID.

          So you don't trust your friend? Or you don't trust yourself to keep up in your contact list?

          scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @Alex Sage
            last edited by

            @anonymous said:

            It's encrypted.

            Maybe, but access is already granted. We'll have to see how this encryption holds up. Sharing data with someone means that your security has been compromised. When people talk about data center breaches, often it is encrypted data that they get. They just get unlimited time to crack it. Cracking data you own is generally pretty trivial. Not seconds or minutes, but very, very doable.

            But that's the lesser concern. That a human knows your password is only so big of a deal. What matters is that a human can leverage that password at will.

            1 Reply Last reply Reply Quote 0
            • JaredBuschJ
              JaredBusch @Alex Sage
              last edited by

              @anonymous said:

              It's encrypted.

              Doesn't matter.

              You are my FB firned and gain access to my network.

              Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.

              His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.

              A DashrenderD 2 Replies Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Alex Sage
                last edited by

                @anonymous said:

                So you don't trust your friend? Or you don't trust yourself to keep up in your contact list?

                You have a very different definition of friend than I do. "Person with access to an account that is a 'friend' with mine on a communications system" is not what I call a friend. My contact list includes business associates, people who want to chat with me, etc. The security of my Facebook or Skype list, all of which is just public info, is now a weak link in the security of any wifi to which I have access, not necessarily my own.

                This has nothing to do with friends, this has to do with an arbitrary usage of one data set for a purpose for which it is not and never was intended. It's a massive security vulnerability, it's that simple. Even the idea that the association via FB or Skype somehow means friends is a fundamental flaw - the connection on Skype in no way suggests that I know that person, like that person or am friends with them.

                The leap between "random list A" and "people you want to grant access to your network" is huge.

                1 Reply Last reply Reply Quote 1
                • JaredBuschJ
                  JaredBusch @Alex Sage
                  last edited by

                  @anonymous said:

                  Or you don't trust yourself to keep up in your contact list?

                  Do you trust 100% of the people on your contact list? I certainly do not. I have people on various contact lists in order to maintain contact. That does not insinuate a friend. Just because a tool like FB calls them a friend, it does not mean they are.

                  scottalanmillerS 1 Reply Last reply Reply Quote 2
                  • A
                    Alex Sage @JaredBusch
                    last edited by Alex Sage

                    @JaredBusch said:

                    @anonymous said:

                    It's encrypted.

                    Doesn't matter.

                    You are my FB firned and gain access to my network.

                    Your FB friend that lives across town drives by my house and pulls the password from you while at a stoplight.

                    His FB friend is my neighbor (that I don't know except to see in passing sometimes int he parking lot) and now has unlimited access to my private wifi network.

                    There is no way for the person to see your password, so how are they going to give it to someone else?

                    scottalanmillerS JaredBuschJ 2 Replies Last reply Reply Quote 0
                    • scottalanmillerS
                      scottalanmiller @JaredBusch
                      last edited by

                      @JaredBusch said:

                      @anonymous said:

                      Or you don't trust yourself to keep up in your contact list?

                      Do you trust 100% of the people on your contact list? I certainly do not. I have people on various contact lists in order to maintain contact. That does not insinuate a friend. Just because a tool like FB calls them a friend, it does not mean they are.

                      My Skype account is not even my own!! It's a company account that I do not control.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @Alex Sage
                        last edited by

                        @anonymous said:

                        Take off your tin foil hat. There is no way for the person to see your password, so how are they going to give it to someone else?

                        Who said they were going to give it away? That's not the concern. Not the big one, anyway.

                        But they DO have your password, physical breach is the biggest portion. That part is already done. They have your password.

                        1 Reply Last reply Reply Quote 0
                        • A
                          Alex Sage
                          last edited by

                          BTW I am sharing my personal wifi password using this

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @Alex Sage
                            last edited by

                            @anonymous said:

                            Take off your tin foil hat. There is no way for the person to see your password, so how are they going to give it to someone else?

                            The linked article specifically stated that the sharing was automatic. no need to give the password.

                            @linked_article said:

                            Once Wi-Fi Share-enablers have typed that password into their Windows 10 devices, all of their friends can access our home network if they're within range. Even though we trust our friends and family, we haven't spent time with all of their contacts and Facebook friends, and we have no idea whether they're trustworthy.

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller
                              last edited by

                              I'm not saying that this is a completely crazy idea, I'm saying that without warning sharing security data with completely unrelated and arbitrary lists of people by default is insane. Completely insane.

                              Not only that, it is potentially illegal. Do you know that everyone on your list should have access to every network you have been granted access to?

                              1 Reply Last reply Reply Quote 0
                              • A
                                Alex Sage
                                last edited by

                                are we sure it is enabled by default? I think I was asked to turn it on....

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @Alex Sage
                                  last edited by

                                  @anonymous said:

                                  BTW I am sharing my personal wifi password using this

                                  Go for it. That's perfectly fine. YOU are AWARE that you are sharing it with whole social networks. You can take the time and delete anyone that you don't want having access. It is perfectly fine for you to not just trust the people on that list but trust Facebook and Skype to be secure with their accounts and for you to trust those people with the security of those accounts.

                                  But what about people who don't understand those things?

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch
                                    last edited by

                                    I use Apple's SSID sharing built into iOS to let all my devices connect after one has. but that does not come close to sharing it with someone else.

                                    A 1 Reply Last reply Reply Quote 2
                                    • JaredBuschJ
                                      JaredBusch @Alex Sage
                                      last edited by

                                      @anonymous said:

                                      are we sure it is enabled by default? I think I was asked to turn it on....

                                      See the screenshots above. that was on a brand new Windows 8.1 to Windows 10 upgrade.
                                      Enabled by default. The only "choice" is to grant FB access.

                                      1 Reply Last reply Reply Quote 1
                                      • A
                                        Alex Sage @JaredBusch
                                        last edited by

                                        @JaredBusch said:

                                        I use Apple's SSID sharing built into iOS to let all my devices connect after one has. but that does not come close to sharing it with someone else.

                                        What if someone hacks one of your devices?

                                        JaredBuschJ 1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Think about this.... have you ever had any friend had their Facebook account hacked? I see people I know have that happen all of the time. It's not a secure system. Nothing in the use of Facebook suggests that the person using FB takes it seriously. Sure some people do and that is great for them. For other people it is just a completely casual account.

                                          Now you are by association granted access through all of those allowances of lack of security.

                                          And more importantly, allowing it to other networks, not just your own, just because you are nearby.

                                          A 1 Reply Last reply Reply Quote 0
                                          • A
                                            Alex Sage @scottalanmiller
                                            last edited by

                                            @scottalanmiller said:

                                            Think about this.... have you ever had any friend had their Facebook account hacked? I see people I know have that happen all of the time. It's not a secure system. Nothing in the use of Facebook suggests that the person using FB takes it seriously. Sure some people do and that is great for them. For other people it is just a completely casual account.

                                            Now you are by association granted access through all of those allowances of lack of security.

                                            And more importantly, allowing it to other networks, not just your own, just because you are nearby.

                                            How does the hacker know I have wifi sense on? How do they know where I live?

                                            scottalanmillerS JaredBuschJ 3 Replies Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 2 / 6
                                            • First post
                                              Last post