I thought about posting this in GD to debate whether or not this is a good idea, but I can’t see anyone here arguing in favor of this. Am I wrong?
The thinking apparently is that it’s safer than giving your friends your WiFi password when they come to visit, since with this mechanism it’s encrypted, but you could achieve this with a selective mechanism that doesn’t mindlessly share it with all your contacts and that doesn’t involve any third party services.
When the time comes that I start using Windows 10 one of the first things I’ll do is opt out of this.
Sharing is enabled by default.
Sharing YOUR NETWORK is not enabled by default.
If you go in and enable sharing your network, any of YOUR FRIENDS who you trust in your home will be able to get through to the internet (but not on your network) without having to pester you for the password.
The feature which enables the possibility of sharing networks is switched on by default, but also by default, none of your wireless networks are actually shared until you say so.
And, it doesn’t give your password to anybody, it just assumes anybody you trust enough to add them to your contact list and also to enter your home is also trusted enough to get to the internet.
The real weak part here is that I’ve got a contact list that goes back ten years. If there was a more granular way to designate people - call them Trusted Contacts, or some such - this would be a great idea. Then, say, family members who drop by can use your wifi any time they’re logged in on a Microsoft-account-enabled device.
That’s one other thing to keep in mind, this only works if the other person is on a Microsoft-account device. Anonymous users can’t log in even if they’re in your contact list. The MS account is how MS knows who they are to let them in. So if the slacker next door is bogarting your bandwidth, it will show up in your logs.
Here’s an Ars Tech article about (they think it’s an ok feature) -
And one from Krebs on Security (he’s mostly ok with it) -
And instructions for turning it off via MS - (Windows Phone link because it’s a originally a Phone feature)
If I’m understanding it correctly, you’ll know it, but you can’t stop them unless you turn it off for everybody. It’s an all or nothing thing. Am I understanding correctly?
Right. At the moment, the only option is to boot the bum off your contact list or turn it all off.
This is part of the granularity options I mentioned. We should be able to designate individuals who are blocked or allowed, not just the whole list. Hopefully, MS will update these options eventually.
Why in the world would you assume that everyone you have in your contact list is someone you’d want to use your Internet? And what makes you think they must be in your house? I live out in the boonies but can pick up my neighbors’ Wi-Fi. I can’t imagine how much you pick up in the city, let alone an apartment complex.
This is just like Microsoft. New features that they don’t think through. All it would take is a simple popup saying “So and so wants to go online” with an option to Allow or Deny and a checkmark to keep it that way. And, yes, the ability to enable it for Contacts in a certain group.
Not that I quite understand how this works. If my Wi-Fi is encrypted, how are they getting on in the first place? How do they know that they are actually hitting my Wi-Fi access point, and not another one with the same SSID elsewhere? Are they actually just sending out the password to everyone?
I’m inferring from this that means Microsoft will have a huge database of SSID to WiFi passwords?
I may have lots of people in my contacts who I don’t want access to my network. I can imagine someone on the condo board having everyone in the building in their contact list, but that doesn’t mean that they want everyone in the building to use their wifi.
That article tries to argue it is more secure than giving your password out to people you actually trust with the password. This is not true, since you no longer can choose to only give it only to those people you trust not to abuse it, but instead to everyone on your contact list. Just because I’ve sent you an email and you happen to be near my house doesn’t mean I want you on my Internet.
Sure, if you don’t use the feature, you’re still secure. But if you do use it, you are decreasing your security. It should not have rolled out like that.
That’s pretty much the opposite of what he said. He’s mostly not okay with it, even after the ZDNet correction. He suspects most users will choose to enable a network when prompted to do so, which, of course, turns it on for everyone. He doesn’t trust Microsoft’s security when it comes to keeping people off the main network, and has the same concerns I do about sharing it with everyone on Skype/Facebook/Outlook. He compares it disfavorably with Apple’s iCloud Keychain.
This is just how Skynet takes over. I only have about 20 contacts. But they have contacts. And they have contacts… One little upgrade that allows “friend of a friend” access and then next thing you know every device has got internet anywhere on the nearest wifi. Goddam phone already tells someone where I am at any given moment–even tells me how long it’s gonna take me to get to work–and I never even told it where I work!