Windows 10 WiFi Sense, The Worst Idea Ever?

Discussion in 'Networking & Security' started by Zarathustra[H], Jul 28, 2015.

  1. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    I just became aware of this.

    Essentially Windows 10 is automatically (unless you opt out) sharing all of your WiFi passwords with all of your contacts on facebook, outlook, etc, so they can automatically log into the network you are on at any given time.

    From what I am reading, the only way to opt out is to rename your goddamned SSID with the _optout suffix.

    Have they lost their collective minds?

    Is there really nothing short of renaming my SSID, I as a network owner can do to prevent Windows 10 devices from letting other Windows 10 devices access my network?

    This is is absolutely horrifyingly bad. I can't believe this is actually real. it sounds like a bad joke. A real betrayal of trust.

    How are you guys dealing with this?

    As far as I am concerned my network is my network, and is private. Only people I intentionally an explicitly allow to connect to it are allowed in.

    It makes me wonder if there is away I can universally block ALL Windows 10 devices from my network.

    Maybe if I by default block all mac addresses except those I have explicitly let through?

    Maybe if I add a password protected captive portal?

    I might just have to disable WiFi permanently and revert to an all wired network.

    Any ideas? I should NOT have to change my SSID to stop Windows from sharing my network password with anyone I have tangentially connected with online.
     
    Last edited: Jul 28, 2015
  2. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    13,059
    Joined:
    Mar 18, 2010
    So if someone were to hack that database, they can get the GPS location, name, and password of the router. Great.
     
  3. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    Wow that's retarded. So glad I'm on Linux. I definitely would avoid using wifi on Windows 10 that's for sure. The more I read on Windows 10 the more I think it will be another disaster. I was really hoping it would not be one because there needs to be a decent upgrade path from 7 for when that is considered obsolete. Maybe the upgrade path will be to Linux. 2016: The year of the Linux Desktop. :D
     
  4. kuhla

    kuhla Limp Gawd

    Messages:
    472
    Joined:
    Nov 21, 2005
    From the source.

    So you have to opt-in and it's not new?
     
  5. dar124

    dar124 [H]ard|Gawd

    Messages:
    1,059
    Joined:
    Jan 21, 2012

    You mean when someone hacks that database they'll have the GPS location, name, and password of the router!!! Seems like a database like that would become an immediate target. :eek:
     
  6. Ocellaris

    Ocellaris Ginger @le, an alcoholic's best friend.

    Messages:
    18,837
    Joined:
    Jan 1, 2008
    It's opt in, people need to stop being retarded about what they opt into.
     
  7. gimp

    gimp [H]ardForum Junkie

    Messages:
    9,983
    Joined:
    Jul 25, 2008
    Yup.. automatic, alright. So automatic they have to check a box first.
    How automagical.
     
  8. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    Everything I have read is that it is enabled by default, not opt in.

    It works like this. When you authenticate to a network, unless you remember to unchecked the "share this WiFi" box, Windows 10 will by default, immediately encrypt the SSID, password and geolocation, and sync it to the Microsoft cloud.

    From there it will then sync to the services you tell it to sync to. By default this is everyone you have ever communicated with in Outlook/Hotmail, Skype and Facebook.

    My understanding is you can disable each service individually, but there is little in the way of user management, and everything is enabled by default.

    You can disable sharing of individual networks or disable the service all together, but it can take several days for the shared network to desync itself from the cloud. Once you disable the service, you can no longer use others shared wifi passwords.


    The biggest problem I see with it is that it is client side. The owner of the network should be the one to opt in or not, not the clients. The clients often do not own the networks they are connected to.

    So, as a owner of a network, the only way to be safe is to enter the WiFi password for everyone who uses your WiFi yourself, and making sure you uncheck the "share this network" option under the advanced settings.

    Most people are going miss unchecking it, it be too lazy to care even if asked, and it is going to be automatically shared.

    What's worse is, that all the stored WiFi passwords on Windows machines upgraded to 10 will start automatically sharing every WiFi password they know, even if the passwords were entered YEARS before Windows 10 was ever installed.

    Not only that, but apparently it is designed to automatically bypass captive portals and other authentications as well, making it very difficult to circumvent, even if you are a more experienced user.

    I don't necessarily have a problem with a service like this, but IMHO, it violates a few cardinal sins.

    1.) It needs to be off be default. The default setting for anything security related should ALWAYS be the least permissive. ALWAYS err on the side of sharing less, not more.

    2.) The person doing the opting in or out, should NEVER be the client, and ALWAYS be the network owner. If this were a WAP or router option, and it were opt in, it would be no big deal.

    As it is, this is a fucking catastrophe.

    And the only way to opt out as a network owner (like we all are, as we all own a home router) is to append your SSID with "_optout" which is absolutely fucking obnoxious.

    Someone hit Microsoft over the head with the stupid brick on this one. I hope someone files charges against them for "conspiracy to illegally access a private network" or something like that.

    WiFi Sense needs to be shut down in the worst possible way. This is like giving all your friends, acquaintances, colleagues, mailing lists, AND Nigerian scammers the keys to your house, and inviting them in, BY DEFAULT, and then saying "Well, you can opt out, by writing 'OPT OUT' in big letters with paint on the front of your house."

    In fucking sane....
     
    Last edited: Jul 28, 2015
  9. evilsofa

    evilsofa [H]ardForum Junkie

    Messages:
    10,078
    Joined:
    Jan 1, 2007
    There is some more details in the PCGamer article, including some confusion about when it's on by default. PC Gamer says it's on by default when Win10 is installed with Express Settings; Gizmodo claims that upgraded installs are on by default but Microsoft says they aren't.
     
  10. Snufykat

    Snufykat [H]ard|Gawd

    Messages:
    1,077
    Joined:
    Jan 20, 2006
    I am more inclined to believe the microsoft statement that you need to opt in. No offense.
     
  11. Ryun

    Ryun Limp Gawd

    Messages:
    256
    Joined:
    Jan 5, 2011
    The way wi-fi sense works on my windows phone is that location must be enabled (otherwise wi-fi sense is disabled). I can't remember if it was opt in or out but during the install I definitely had a choice.

    At any rate it doesn't sound like there's much you can do other than educate the people in your home of the issue. For anyone outside the home, only give them a guest network key (said guest network should be blocked at the router level from accessing the main network).

    Oh, and I suppose you could also enable MAC filtering at the router level for good measure on the main network.
     
  12. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    Even if the client needs to opt in, this is still awful, as the client may not be the owner of the network, and may not have the right to decide who does and who doesn't have access.

    This feature is not without merit, but really should have been designed such that the owner of the network is the one who has to opt in.

    It's like you give a friend a key to your apartment for the weekend, and microaoft is running a service to copy that key, and send it all your friends friends and invite them in as well.

    Home networks are private places, not public ones, and should be treated the same as physical access to your home.
     
  13. Ocellaris

    Ocellaris Ginger @le, an alcoholic's best friend.

    Messages:
    18,837
    Joined:
    Jan 1, 2008
    The owner of the network is in full control over who gets the password. If you can't trust the people on your network to keep the password safe, they should be on a Guest network or just no network at all.
     
  14. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    That's all good and well, but you know that people can't be trusted to take network security seriously. People leave everything at the defaults and can't be bothered to change things, even when told how bad if an idea it is, or are asked to do so - in this case - in exchange for a key.

    The public is lackadaisical about privacy and network security, and 99.9% of people you give that key to are going to disregard that request of not including it in Microsoft's WiFi hack database, because "he is just being g a silly opinionated geek, besides Becky is coming over later, and what if she's needs the WiFi? It is much easier to just ignore him"....

    Microaoft knows this and is taking advantage of it so they can brag about offering a service that makes it easier for you to connect to the internet everywhere.

    What they should have done is the absolute opposite. Make it impossible to display the key once entered so they can't copy and hand it to anyone else.
     
  15. nekrosoft13

    nekrosoft13 [H]ard|Gawd

    Messages:
    1,456
    Joined:
    Jan 4, 2005
    bigger issue is that any device on the network, any user that connects, any family member can that stupid setting on, and can share WiFi password with the world, without the network owner knowing.
     
  16. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    Exactly.
     
  17. /usr/sbin

    /usr/sbin Successfully Trolled by Megalith

    Messages:
    3,927
    Joined:
    Jul 18, 2010
    Isn't that how it works now already? If I know your WiFi password is "iLoveMyDogs" what is to stop me from telling other people the password?

    Not saying I'm agreeing with ms decision on this feature, more that if someone already knows the password they can already give it to anyone else, even if you don't want them to know it.

    Also I'm curious, does this share RADIUS credentials?





    EDIT: I answered my own question.

    ...it appears that Wi-Fi Sense does not share credentials from networks that are secured with additional authentication protocols, such as corporate networks that use 802.1x EAP. However, if your office Wi-Fi is secured with a simple WPA/WPA2 key, you probably shouldn't share that network with Wi-Fi Sense....​

    Looks like I'll be setting up RADIUS.
     
    Last edited: Jul 29, 2015
  18. cyclone3d

    cyclone3d [H]ardForum Junkie

    Messages:
    13,102
    Joined:
    Aug 16, 2004
    Who wants to bet that this comes down to government tracking/spying on the general populous?
     
  19. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    It is certainly possible for users to do this today, but it requires that they go into their "manage wireless networks" screen, and authenticate as an administrator, to be able to see the WiFi passwords in plain text. Then they can write it down ,and give it to someone else.

    IMHO, this is even going to far. There should be no way, regardless of credentials, to display a WiFi password stored on a computer.

    In other words, it takes explicit effort. Psychologically, people are less likely to violate someone's wishes, like for instance "please don't share my wifi password" if it takes some activity on their part to do so.

    If it is just a matter of checking a box (whether it is enabled by default or not, whether intentional or by accident) and after that is automatic, it is much more likely to happen, besides people don't psychologically see it as the same violation of trust, as they would have if they physically gave someone else the key.

    In fact, the general populations response will likely be "Microsoft is a trusted company, and they say it is OK, so it must be OK, this guy is just being paranoid and silly for not wanting his password shared"

    The technology not only enables people to easily disregard the requests of a network owner, without the same mental moral dilemma as physically handing the password over, but it also legitimizes the practice of sharing private passwords with others. This is very very troubling.

    It is automatically disabled on 802.1x authenticated systems. I am not by any means an expert on 802.1x or RADIUS, but I believe these are related, right?

    Personally, I don't give a rats ass, my home network security is just as important (if not more so) than enterprise network security.
     
  20. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    13,059
    Joined:
    Mar 18, 2010
    What Microsoft needs to do is that Wi-Fi sense sharing does not work unless the SSID has "_sense" in it. It should be an opt-in, rather than an opt-out system.
     
  21. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    This times 1000
     
  22. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    13,059
    Joined:
    Mar 18, 2010
  23. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Aug 16, 2013
    So to protect from Google and Microsoft, the network needs to be named something like the following?

    Code:
    yyy_nomap_optout
     
  24. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    If that even works. Both claim to need to be at the end of the SSID, so you might have to pick one or the other.

    If it does work - however - we are getting fewer and fewer characters left...
     
  25. polonyc2

    polonyc2 [H]ard as it Gets

    Messages:
    16,918
    Joined:
    Oct 25, 2004
    100% agree...why on earth is the client given that much freedom and not the owner of the network...totally idiotic
     
  26. evilsofa

    evilsofa [H]ardForum Junkie

    Messages:
    10,078
    Joined:
    Jan 1, 2007
    The other way around, yyy_optout_nomap

    The language for what Microsoft says is required for _optout is that it "has the phrase _optout in it" (meaning, it doesn't have to be at the end).

    The language for what Google says is required for _nomap is that "it ends with _nomap".
     
  27. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Aug 16, 2013
  28. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    Thank you for that clarification.

    I have yet to add either. I don't care about the mapping. It doesn't access my network. :p

    The Wifi Sense though, I am going to have to figure out. It bugs me to have to add _optout to my SSID though.

    Maybe I'' play around with FreeRadius and 802.1x...
     
  29. TCM2

    TCM2 Gawd

    Messages:
    572
    Joined:
    Oct 17, 2013
    Fiddling with the SSID is complete bullshit and just shows how fucked up the idea is to begin with.
     
  30. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    Wait, is google doing shit like this too? What's their version and what program does it? I run Linux but do have an Android phone... is my phone potentially broadcasting my wifi password everywhere?

    It's completely retarded that these companies expect people to change their SSIDs to opt out, it should be the other way around you should need to opt in. If a civilian was doing the stuff these companies are doing, they'd end up in jail for hacking.
     
  31. evilsofa

    evilsofa [H]ardForum Junkie

    Messages:
    10,078
    Joined:
    Jan 1, 2007
    No, what you turn off with the Google opt-out is completely different, and has nothing whatsoever to do with passwords. Google uses publicly broadcast Wi-Fi information to estimate the location of a device that is using Google Location Services. The _nomap lets you set your router so Google doesn't use it to locate everybody else's phone. You can set your phone to not use Google Location Service in your settings.
     
  32. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Aug 16, 2013
    They're doing it because they think they can get away with it. Sadly, they probably can.
     
  33. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,629
    Joined:
    Oct 29, 2000
    It would be funny to see people press charges against Microsoft for being an accessory to illegaly accessing a network.
     
  34. rudy

    rudy [H]ardForum Junkie

    Messages:
    8,586
    Joined:
    Apr 4, 2004
    The reality is this isn't as bad as people make it to be but IMO all networks should require a password at the very least to be given to a specific person not everyone you ever emailed. But what would we expect out of the world today where companies like apple, facebook, google and MS constantly roll out "features" that invade your privacy, violate your security and so on by default. And they do it all in the name of consumer ignorance because consumers are too dumb to know what their password is or how their networks even work.

    I think of this sort of like if you give someone a key to your house temporarily. Sure they could go copy it 20x and give it to everyone on the block but what if I just want to share it with my mom through this automatic process and the automatic process without them really realizing it copies the key and mails it to EVERY single person you have ever talked to. The sad thing is shit like this will make everything worse because people like us will go and change our networks so that only devices with mac addresses we OK will be allowed to connect. I have already come close to doing this for various reason but this might push me over the edge. And the end result is that when people come over and ask to use my wifi I will probably just say sorry no you can't its not worth my time to go login to my router and allow your device. If you don't live here use your cell data.
     
  35. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Aug 16, 2013
    Do they all have cell data?
     
  36. Red Squirrel

    Red Squirrel [H]ardForum Junkie

    Messages:
    9,211
    Joined:
    Nov 29, 2009
    Oh ok so it's sorta using various wifi signals kinda like GPS? So Google collects info on location of the signals so that they can be used to determine location of a device? That does not seem that bad then.
     
  37. rudy

    rudy [H]ardForum Junkie

    Messages:
    8,586
    Joined:
    Apr 4, 2004
    Maybe not but if more and more people start feeling the way I do it may force them to get cell data.
     
  38. the_servicer

    the_servicer [H]ard|Gawd

    Messages:
    1,986
    Joined:
    Aug 16, 2013
    One piece of the puzzle doesn't seem that bad by itself. I think the creepiness becomes more apparent when one considers how all the pieces of the puzzle may work together.
     
  39. heatlesssun

    heatlesssun [H]ard as it Gets

    Messages:
    44,157
    Joined:
    Nov 5, 2005