Windows 10 Shares Your Wi-Fi Password With Contacts

gsslay writes: The Register reports that Windows 10 will include, defaulted on, "Wi-Fi Sense" which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends. This involves Microsoft storing the wifi passwords entered into your laptop which can then be used by any other person suitably connected to you. If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

if that's true,

[unami]

no guests with windows laptops on my wifi - i'm not going to change my ssid, microsoft style. ugh. i guess this issue will resolve itself after a short shitstorm.

Re:if that's true,

[dinfinity]

It seems that there is room for convenient router functionality that asks you this: 'A device with MAC address x requests access to your network: GuestLAN. Allow?'

Handing out passwords to untrusted parties instead of tokens is archaic anyway.

Re:if that's true,

[fuzzyfuzzyfungus]

What I would like to see explained in more detail is the claim that 'wifi sense doesn't reveal your plaintext password' during the sharing process.

My understanding was that(except WPA2 with RADIUS and a suitably chosen EAP) there isn't any provision for authenticating to a password protected AP without knowing the password. The AP itself might be able to destroy the password after it has been set, saving only a hash, as is good practice to keep more important sets of usernames and passwords from being compromised; but the client requesting authentication needs the password. The non 'enterprise' cases were designed to be easy to use, not particularly clever; and MS has limited room to get creative without causing nasty breakage on large numbers of variously dysfunctional legacy APs.

With a proper full WPA2 setup, or with one of the 'no authentication at the AP; but captive portal and/or VPN is the only way to access anything interesting' arrangements, you have more options; but how can you 'share' authentication to a WPA-PSK or WEP network without also sharing the key? Did they actually come up with something really clever, or does the UI just not show you the password, thus 'hiding' it?

Re:if that's true,

[Anonymous Coward]

Your password is stored and hashed on Microsoft's servers. The hash is sent to your contacts. When they try to connect, their computer sends the hash to yours, which then checks that hash against the one on Microsoft's servers. If they match, then access is granted.

Re:

[wimconradie]

Your password is stored and hashed on Microsoft's servers. The hash is sent to your contacts. When they try to connect, their computer sends the hash to yours, which then checks that hash against the one on Microsoft's servers. If they match, then access is granted.

So if I am trying to connect how would I be able to send any hash to any computer while I'm not connected?

Re:if that's true,

[bondsbw]

The way I read it, they probably don't.

The FAQ [windowsphone.com] seems to imply that it is only applicable to open routers:

What does Wi-Fi Sense do?

Wi-Fi Sense connects you to Wi-Fi networks around you to help you save cellular data. It can do these things for you to get you Internet access:

Automatically connect you to open Wi-Fi networks it knows about by crowdsourcing networks that other Windows Phone users have connected to. These are typically open Wi-Fi hotspots you see when you're out and about.

Still very questionable, but perhaps not nearly as pervasive. I'd think it would mostly apply to hotels, restaurants, and other places of business.

Re:if that's true,

[bondsbw]

And I didn't mean to downplay how big of a problem this may be for the many people who have a password-protected open network for guest access.

I'm just keeping in mind, though, that guest networks are typically isolated from the main network and the guest network would only be shared with friends-of-friends*... probably not an actual issue for the vast majority of people, so much as a theoretical one.

* Actually, come to think of it, would the password also go to friends-of-friends-of-friends? Friends-of-friends-of-friends-of-friends? How deep can this go? The whole six-degrees-of-separation thing comes to mind... could this end up pushing almost everyone's network passwords to the entire connected internet? Yeah, I'd like more info, and the sooner the better.

Re:if that's true,

[Ol Olsoc]

Friends-of-friends-of-friends-of-friends? How deep can this go? The whole six-degrees-of-separation thing comes to mind... could this end up pushing almost everyone's network passwords to the entire connected internet? Yeah, I'd like more info, and the sooner the better.

Sounds like Kevin Bacon will have access to everything!

Re:if that's true,

[StikyPad]

Spoiler alert: Kevin Bacon already has access to everything.

Re:if that's true,

[whoever57]

I think that you are mis-reading the FAQ, I found this in it

When you share Wi-Fi network access with Facebook friends, Outlook.com contacts, or Skype contacts, they'll be connected to the password-protected Wi-Fi networks that you choose to share and get Internet access when they're in range of the networks (if they use Wi-Fi Sense).

What is even more interesting is that it apparently automatically accepts any terms of use and provides passwords to web-based WiFi access logins, which could create some interesting legal situations (did you really accept the terms, and are you logging in with someone else's username/password)?

Re:if that's true,

[unixisc]

I think that you are mis-reading the FAQ, I found this in it

When you share Wi-Fi network access with Facebook friends, Outlook.com contacts, or Skype contacts, they'll be connected to the password-protected Wi-Fi networks that you choose to share and get Internet access when they're in range of the networks (if they use Wi-Fi Sense).

What is even more interesting is that it apparently automatically accepts any terms of use and provides passwords to web-based WiFi access logins, which could create some interesting legal situations (did you really accept the terms, and are you logging in with someone else's username/password)?

'You choose to share' is key here, so the headline is definitely misleading. I could choose to share my primary SSID, or I could choose to share just my guest SSID. If I did the latter, there shouldn't be a problem

Microsoft is widely misunderstood.

[Anonymous Coward]

What I would like to see explained in more detail

Explanation: Microsoft is widely misunderstood. People think that Microsoft is a software company that does evil. That's not true. Microsoft's main purpose is delivering evil. The software is just a means of doing that. (My opinion, shared with others.)

Re:Microsoft is widely misunderstood.

[Anonymous Coward]

What I would like to see explained in more detail

Explanation: Microsoft is widely misunderstood. People think that Microsoft is a software company that does evil. That's not true. Microsoft's main purpose is delivering evil. The software is just a means of doing that. (My opinion, shared with others.)

So you mean evil as a service, rather than evil as a platform?

Re:Microsoft is widely misunderstood.

[Darinbob]

Evil as a user experience.

Re:if that's true,

[Rutulian]

I was curious about this too. But the AC below gave a nice hint, so I went looking for a better explanation. Here is the blurb from the Wiki,

Also referred to as WPA-PSK (Pre-shared key) mode, this is designed for home and small office networks and doesn't require an authentication server.[9] Each wireless network device encrypts the network traffic using a 256 bit key. This key may be entered either as a string of 64 hexadecimal digits, or as a passphrase of 8 to 63 printable ASCII characters.[10] If ASCII characters are used, the 256 bit key is calculated by applying the PBKDF2 key derivation function to the passphrase, using the SSID as the salt and 4096 iterations of HMAC-SHA1.[11] WPA-Personal mode is available with both WPA and WPA2.

So it seems the PSK can be passed around without revealing the passphrase. But if I also remember correctly, the PSK is supposed to rotate (or maybe that's WPA2).

Re:

[Rutulian]

Did you read my comment? The key is derived from the passphrase, it is not the passphrase itself. Neither the key nor the passphrase is ever transmitted. There is a handshake protocol where both the AP and the client demonstrate they both know the key and then a unique session key is generated from the key to encrypt traffic.

Re:if that's true,

[sd4f]

Yea i don't get this idea, it absolutely crazy. While I'm sure security experts are going to say why this is a bad idea from the start, at least make it an easy opt out, not some crazy way to not do it.

Re:

[Anonymous Coward]

Opt-in would be better.

Re:

[Dr. Spork]

Agreed. As an opt-in feature, it's actually a good idea. I've written down passwords on stick-it notes for visiting friends, and that sort of opt-in password sharing is also not without security issues. My stick-it notes don't self-destruct. I think it also makes it more concrete who really is a friend - a person with whom you're willing to share your wifi password. I think that's actually a pretty good minimum standard for friendship.

Re:

[TheRaven64]

A better solution would be a standard form of QR code for WiFi configuration info, so you just point your camera at something and now you have WiFi credentials.

Re:if that's true,

[Anonymous Coward]

The Slashdot summary is pure FUD. In the article itself you can see an image of the settings, with a large checkbox to enable/disable sharing with Outlook, Skype and Facebook independently and it also has a large slider above those where you can disable it entirely.

Re: if that's true,

[TerryMathews]

Most people can't be bothered to look at what their computer is doing before clicking an UAC window, you really expect them to properly opt-out of SSID passkey sharing properly?

Re:if that's true,

[hawguy]

The Slashdot summary is pure FUD. In the article itself you can see an image of the settings, with a large checkbox to enable/disable sharing with Outlook, Skype and Facebook independently and it also has a large slider above those where you can disable it entirely.

Did you read the box?

Save on mobile data usage with Wifi Sense. Join in and get connected to WiFi. By using WiFi Sense, you agree that it can use your location.

Who doesn't want to save on mobile data usage!? How many people will opt-out? Where does it say that by opting in that they are sharing their Wifi passphrase with everyone they share to? It may be obvious to you, but not to 99% of the people that will run Windows 10.

Re:

[hawguy]

Maybe it will change some more, but I just set up WiFi on a Windows 10 build today and it had an UNCHECKED check box for sharing the password. I would have had to check the box to allow it to share. How many people go around checking boxes?

Probably the same number of people that want to save on mobile data usage with Wifi Sense?

Re:if that's true,

[Zontar The Mindless]

I don't live in a basement. But I am concerned about being held liable for what others do with my connection.

Re:if that's true,

[Namarrgon]

Here's the thing: You can leave your box unchecked - but if ANY of your friends have access to your wifi, and *their* box is checked, then all their Facebook friends will also get access to your wifi.

And the only way you can prevent this is to append "_optout" to your SSID.

Re:if that's true,

[MightyMartian]

I don't care about whether you can prevent sharing with your friends on FB it whatever, what I care about is me not having to alter my network settings so that if I give you access to my WiFi network, you sharing MY network information with the pwoe you're "friends" with.

Re:if that's true,

[maorb]

The problem is you can't enforce that you're friend didn't enable WiFi Sense without looking over his shoulder. He might end up accidentally distributing YOUR passphrase when he shouldn't be.

The only way to be sure that this doesn't happen is to add an ugly _optout line at the end of your SSID. Frankly Mr. Joe Person down the street shouldn't have to know about Microsoft's new feature to be confident that his passphrase isn't being passed around without his permission.

Re:if that's true,

[Pope Raymond Lama]

It looks like it is not /. editors who can't read things here, but you. This is the sitautionm - I own Wifi access point "A"; Friend "B" comes by, I physically pass A's password to B. Now "B" is the one with the option to share or not the passwords (and all of them) with all HIS contacts - not mine. And moreover, it will happen by default - if B has 2000 Outlook.com contacts, all those 2000 people will be automatically allowed to connect on my WiFi "A". And the ony means this not to happen is if `B` opt out __all__ his sharing (not just for WiFi "A") or if WiFi "A` SSID is formatted as dictated by Microsoft (i.e., ending in `_optout`).

This is so insanely ridiculous that there are no word to describe how ridiculous that is.

Re:

[jrumney]

You are the one who is "full of shit", since you are getting all of your information on the implementation of this feature on Windows 10 from an old article about Windows Phone 8.

Lol, what could go wrong.

[Anonymous Coward]

I can't wait

No

[Anonymous Coward]

ahhhh no, for networks you have SELECTED to share it can do it. Wifi sense being on doesn't suddenly expose all your wifi passwords. extremely inflammatory summary. still seems a stupid risky feature, just not as dumb as those writing the Slashdot summaries.

Re:No

[danomac]

However, just because I gave Person A access to my wifi, that doesn't mean I give everyone Person A knows access to my wifi. This could end up in legal hot water territory.

I guess that I just won't be giving any guests access to my network anymore. They can pony up and get their own mobile data plan for their devices.

Re:

[Harlequin80]

Serious question - who here is not running a guest wifi access point? I would never give full access to my network to an unknown device. So I run an open guest wifi which is on a different subnet and has its internet rate limited.

Re:No

[amicusNYCL]

Serious question - who here is not running a guest wifi access point?

I'm going to guess the vast majority of people running wifi at home. My office has a guest network, my house does not.

Re:

[Harlequin80]

The second you talk about tor routing you are stepping outside of off the shelf consumer grade routers. If you want that you will need to roll your own.

Re: No

[danomac]

I do in the manner you mention but now I am not so worried about it anymore.

Re:

[Balthisar]

I don't run an incubator in my house, so usually it's just friends' kids that want to connect their iPhones to my network, thus I have no reason to run a separate guest network, although Tomato on my AP's would make this trivial. The networked computers have passwords for VNC and keys for ssh, and I'm not overly concerned that my friends' kids will have compromised iPhones that want to brute-force anything.

Re:

[Chris Mattern]

Me--because my wifi router is entirely private. Only I use it.

Re:No

[vux984]

. So I run an open guest wifi which is on a different subnet and has its internet rate limited.

Even my guest network is password protected. Its for my guests not for everybody. If I wanted it for everybody, there wouldn't be a password on it, and people wouldn't need a windows feature to shared with their contacts.

Many of my neighbors also have guest networks... none of them are wide open.

This feature is probably the worst/dumbest thing I've seen in Windows 10 so far. Actually no... the inability to disable bing searching the web when you use the search in the start menu is the dumbest hting I've seen in windows 10... if that shit isn't fixed by release nobody should upgrade. NOBODY.

(And the sad thing is I actually over all like windows 10... but its just stuffed with bloat I don't want. At least most of it I can shut off... live tiles, cortana, using microsoft accounts, etc... but its becoming more and more work to set the settings up right.

I'm looking forward to a windows 10 de-crapifier powertool shortly after release... hell I'm tempted to write one.

Re:

[Luthair]

From a security perspective you kind of do as Person A can give out the password to whomever. That said I agree, I don't like the idea of Microsoft automating it.

Re:

[fuzzyfuzzyfungus]

Just as they say, in the context of backups, that 'if it isn't automated it won't happen'; there is likely to be a considerable difference in the rate of unintended leakage between a 'yeah, I guess I did tell Bob the password, he could pass it on' and 'the password spreads through your entire social group like a bad chain email'.

This sort of 'friend/acquaintance' attack attack is also exactly where slightly-too-automatic automation makes it really easy to bypass what limited good sense about security hum

Re: No

[firewrought]

How often do your friends immediately email the Wi-Fi password you just gave them to their entire contact list? The correct answer (unless you have really shitty friends) is never. Now all of your friends will do this by default, unless they are technically literate enough to disable the option. (And even if your friends are literate enough, your roommate/boyfriend/girlfriend/spouse's friends won't be.) It's very aggravating that Microsoft has chosen to so promiscuously share the secrets its users have entrusted to the OS. A Wi-Fi password that might have previously been shared with a handful of friends is now automatically spread to a network of hundreds, and exposed to possible interception by enterprise, underground, and state-sponsored hackers. One really has to question the legality of this feature, unless the wording is very clear and the user opts-in every time.

Re:No

[MightyMartian]

Inflammatory Mode On: Why in the fuck would even want to opt-in to such a service? If it's private WiFi, it's likely to be at my home or my workplace, and in either case I absolutely do not ever want to share that over fucking Fuckbook, Twatter or whatever stupid lame-ass soshial neshworking crap site becomes the next biggest and greatest.

Rational Mode On: Now let's imagine that my organization has a private WiFi hotspot available for employees and a few others. I do not ever want to have those keys shared outside that group, nor should I have to change MY network with an "_optout" on the end of an SSID. I would consider that a breach of security. Sure, I'll probably be able to disable Windows devices that are domain members via GPO, but if they're not actually devices belonging to the organization, or "Pro" versions of Windows where it even knows what the hell Active Directory is, then MY network is being compromised by this service.

This is just a plain bad idea, whether you're being reasonable or inflammatory.

Re:

[MightyMartian]

There's a doodad on my AP that let's me disable a feature on a connecting WiFi client?

Re:

[tepples]

Yes. It's called rotating the WPA2 key.

Re:

[the_B0fh]

OP is asking a very pointed question to which you have no answer, so you are avoiding the answer instead of owning up to it.

If you really don't understand OP's point, go read it again.

Re:

[I'm New Around Here]

If you don't get the AC's and MM's point, you can shove that facepalm up your ass.

The person running the router doesn't always have control of the devices connecting to the router. Even if that person was able to turn off the email-secret-password-to-the-world feature while the device is in the office, there is no way to ensure it doesn't get re-enabled two hours later.

Re:No

[ewhac]

ahhhh no, for networks you have SELECTED to share it can do it. [ ... ]

ERROR: MISLEADING.

Wi-Fi Sense's default settings are to share everything, all the time. Indeed, Microsoft's rules for shipping Windows Phone 8.1 requires OEMs to turn this "killer feature" fully on. Expecting users to have the presence of mind to turn this off is willfully disingenuous.

Re:

[i.r.id10t]

After setting up the new device adn being prompted "Do you want to share your connection" how many users are gonna think to themselves "Well, yeah, I want to share this with my iDevice and tablet and the $housemate and ... " and click "Yes" ?

Beyond Stupid

[Mikkeles]

This is so moronic on so many levels.

Re:

[I'm New Around Here]

I think you just gave yourself big tits and a dildo.

Not that there's anything wrong with that. ;^)

There goes my SSID :(

[MAXOMENOS]

FBI Surveillance Van #1_optout just looks dreadful.

Re:

[PoopMonkey]

Why'd you cave? If they complained, you should've renamed it to Anal Fisting Funhouse.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[amicusNYCL]

This is right up there with their leaving file extensions hidden by default.

It kind of is, yeah, except it's actually nothing like that. You see, one of them is hiding file extensions, and the other one is giving out your password.

Re:

[I'm New Around Here]

Dude, you fucked up an insult. How fucking brain damaged are you? You are the "After" example in the pamphlet about meth, aren't you?

Re:

[Zontar The Mindless]

Oh, well, that makes it perfectly okay, then. *eyeroll*

Re:

[gstoddart]

No, someone needs to be shot.

This is the most idiotic thing I've heard of in a long time.

Microsoft has said "fuck security", and once again have decided to "innovate" something which stupidly becomes a gaping security/privacy hole.

What shithead thought of this?

These passwords aren't Microsoft's to share, and decreeing that anybody who hasn't changed their SSID to opt out has consented.

Fuck that.

How bout we charge Microsoft with hacking and enabling unauthorized access to computer networks?

Fucking idiots.

Re:

[JaredOfEuropa]

These passwords aren't Microsoft's to share

Exactly. They are no one's to share but the owner of the access point, and when you give your house wifi password to a guest, most of them do understand that it's not ok to give that password to others. That changes when sharing passwords becomes a built-in or even automatic feature; if there's a button to share, it'll give the impression that it is safe and acceptable to do so.

Re:

[Pharmboy]

The problem is they are advertising a "free" upgrade to everyone with Win 7+ right now. Who doesn't want a FREE upgrade? Obvioously /. readers but most consumers think they are saving money with a free upgrade to an OS that is in fact pwning them.

Re:Uh, no

[gstoddart]

They're doing more than advertising it.

In Windows 8.1 they pushed out an update which put an icon in the task tray which said "upgrade to Windows 10, now or later?"

They're not pushing it as optional. They're installing stuff which is going to do it to you, and isn't giving you a way to decline. You end up needing to uninstall an update (KB 3035538).

I'm sure they'll do it again.

Microsoft seems to have decided they own the computers, and the networks they're attached to. Which is completely bullshit.

And, don't forget, once they have all those juicy passwords they can pass 'em off to law enforcement.

Microsoft have always been assholes, but this takes the cake.

Basically Windows Phone and Windows 10 are gaping security holes, and Outlook.com is now acting as malware.

Bad Summary, Only new part is the sharing option

[slacklinejoe]

First, we're only talking Windows 10 PHONE Secondly, it's only available on networks you choose to allow this on. Third, yes, your wifi passwords are being backed up to make it easier when you migrate devices - Apple, Google and Microsoft all do this on your mobile devices. This isn't new! I can't imagine that this won't be opt in only by the time it RTMs (or whatever the equivalent is).

Re:Bad Summary, Only new part is the sharing optio

[ArmoredDragon]

And if you give your wifi credentials to a guest who needs access to your network, they can opt you in without your permission or even your knowledge.

The only way then to prevent unknown people from having your wifi password is to forbid Windows 10 mobile users from accessing your network.

Re:Bad Summary, Only new part is the sharing optio

[ewhac]

First, we're only talking Windows 10 PHONE

ERROR: INCORRECT

First: This is in Windows 10 desktop, as detailed here, complete with screenshots: http://www.howtogeek.com/21970... [howtogeek.com]

Second: Even if this were only confined to Windows Phone 10, it would still be monumentally stupid.

Re:

[BitZtream]

Apple backs up my passwords with an encryption key which is also protected by a separate password.

Apple CAN NOT read my passwords, so they can not share them.

Not sure about Google, but I hope it does the same.

Microsoft is uploading passwords clear text or in some other equally dangerous form thats decryptable so they can be shared.

Re:

[flink]

Secondly, it's only available on networks you choose to allow this on.

I don't have any choice. If I give my friend my WiFi password, and he happens to be running a Windows 10 phone, suddenly my WiFi password is shared with all of his contacts. So now every time someone is over my house and asks for the WiFi I'll have to ask them if they currently own, or ever intend to own a windows phone. And then, assuming they understand the question, I have to sound like a paranoid asshole and say "no" if they answer in the affirmative. My other option is to rename mySSID to end in _o

No worries

[msobkow]

No worries here. I always disable the WiFi on my routers. I prefer hardwired connections that don't give the router fits trying to perform encryption with their underpowered chips.

Re:

[msobkow]

Bozo, it's not a pedestal. It's a complaint about the pathetic CPU power on the typical home router and the fact that they choke traffic with even one device trying to use a reasonable amount of bandwidth.

WiFi is useless by design for anything but the most casual of surfing.

Re:

[adolf]

AFAICT, the hardware encryption thing was solved eons ago.

Or at least, none of my routers suffer from high CPU utilization when doing Wifi things.

a matter of days

[daniel23]

That feature will have a half life time in the range of days.
MS is so focussed to make 10 a winner they will flip the default faster than we can get really upset about it.

third solution the MS doesn't want to mention

[frovingslosh]

If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions;

Not a problem for me, they missed the obvious third solution. Never ever use Outlook, Don't use Skype and don't use Facebook. Problem solved without having to change my SSID. And, of course, there is a fourth solution but that involves using Linux.

Re:third solution the MS doesn't want to mention

[ewhac]

ERROR: INCOMPLETE SOLUTION

There is no provision in this "killer feature" that establishes whether the person doing the sharing is the network administrator, i.e. the person who grants authorization to use their network. So if you share your WAP credentials with a friend, and that friend uses Windows 10 with Wi-Fi Sense enabled, than that friend has just compromised your WAP.

Re:

[frovingslosh]

Well, duh. If you give away your SSID to a 3rd party, YOU have compromised your security, not MS. That's why my guest room has a cat5 ethernet connection. And for special cases I do have an access point that I normally keep off but could turn on if someone shows up with a wifi only device such as a tablet. But the obvious solution for most users is simply be aware of this issue and never give your SSID password to a Windows 10 user. I have no problem explaining why if someone has Windows 10 they will not ge

That's great news!

[Demonoid-Penguin]

I'm now revising my opinion of Outlook - especially in light of the recently passed Oz laws about pirating. In fact I'm about to order an external antennae for a laptop (trivial) hardware hack shortly.

There are times when M$'s drive to put stupid in the sysadmin seat make me very happy - this may be one of them.

No - I don't run Windows as my OS of choice. It's fine for some, in some situations (seriously). But rarely do I celebrate M$ stupid - and this "sounds" like both M$ stupid (I know - they really are

I have another way

[Trailer Trash]

Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

Or, just don't use windows 10. I think I may have found the answer there.

Every SSD WIFI Password ?

[denisbergeron]

Including the one at my jobs ? University ? My City subscription ?

I can't change the name of the SSD where I paid for the service ???!!!!

Re:

[MightyMartian]

Thank you for being a friend,
And sharing WiFi passwords there and back again.
You're giving me the WiFi key of your favorite restaurant.

And if they came to your dorm,
Invited everyone you knew,
You would see the ugly guy at the back downloading kiddie porn,
And the FBI would raid you singing "Thank you for filling our jail!"

Not Exactly....

[nate_in_ME]

I've been running pretty much every build of Win10 since the preview first came out, and this isn't accurate at all....Yes, the Wi-Fi sense option is there, but when you connect to a new network, there's a "share with my contacts" checkbox that you have to turn ON for this network to be shared. The Wi-Fi Sense "master switch" may be on by default, but you have to specifically allow each individual network to be shared.

Re:Not Exactly....

[MightyMartian]

That isn't the issue. The issue is YOU being able to share MY WiFi key because I was dumb enough to let a Windows 10 user on my WiFi network. This is akin to me giving you the keys to my house so you can housesit, and you getting a hundred copies cut and distributing them to a bunch of people you know.

Re:

[nate_in_ME]

Fair enough....I haven't tested the "other side" of this (using a shared key to access a network) because I don't use FB, Skype, or Outlook, but I would hope that the option I mentioned earlier (that "share this network with my contacts" switch) isn't an option for networks that you got the key for through Wifi Share. Maybe someone who's actually used the new feature can weigh in on that part of it

Re:

[benjymouse]

That isn't the issue. The issue is YOU being able to share MY WiFi key because I was dumb enough to let a Windows 10 user on my WiFi network. This is akin to me giving you the keys to my house so you can housesit, and you getting a hundred copies cut and distributing them to a bunch of people you know.

So wrong.

If you *tell* someone your WiFi password *then* there's nothing stopping them from sharing it with whomever they want. So do not do that. Not if he brings OS X or Linux or Windows.

If you want to allow some friend onto your network but not allow him to share your network with others, then *you* tap in the password at his computer when it connects. On OS X or Linux or Windows. That what you would do today, and that's what you would do when your friends brings a Windows 10. On Windows 10 simply DO NOT

Re:

[ewhac]

...when you connect to a new network, there's a "share with my contacts" checkbox that you have to turn ON for this network to be shared.

If true, this would be a departure from the Windows Phone 8.1 OEM requirements, which requires OEMs to fully enable this, "killer feature:" https://msdn.microsoft.com/en-... [microsoft.com]

What is the actual point of this?

[fahrbot-bot]

...which shares wifi passwords with Outlook.com contacts, Skype contacts and, with an opt-in, Facebook friends.

How many of those people will ever be in close enough physical proximity to your access point to actually need your WiFi password? Seriously? Unless I'm missing something, this has to win "Stupidest Idea of the Year".

So "_optout" of what?

[fahrbot-bot]

If you don't want someone's Windows 10 passing on your password, Microsoft has two solutions; only share passwords using their Wi-Fi Sense service, or by adding "_optout" to your SSID.

Does adding this also prevent Microsoft from storing said WiFi password on their servers, or just instruct them to not share it out?

I have a better solution.

[Lumpy]

Dont use the craptastic poorly designed outlook for email.

Just hope....

[idji]

..that no-one in your contact lists is a secret pedophile or selling stuff on silknet....

90 Days Late

[Anna Merikin]

Is there now a Fools' Day every three months?

I refuse to believe this.

Holy fuck ...

[gstoddart]

So Microsoft has taken it upon themselves to share the network credentials with anybody it sees fit?

Fuck you, Microsoft. How about you help us make networks more secure and not less?

Not only will I stick with my Windows 8.1 install, but no Windows 10 device will ever get my network credentials.

This has to be one of the stupidest things I've heard of. And, of course, since Microsoft will centrally store your passwords, law enforcement can subpoena them.

Microsoft are too fucking incompetent at security to be trusted with this. And then to have the nerve to suggest we have to change our network names to opt out of their shit?

Fuck you, Microsoft. Fuck you very much.

Re:

[account_deleted]

Comment removed based on user account deletion

Third Option:

[steevo.com]

OPTOUT of Windows 10.

Lawsuit

[grahamtriggs]

If Microsoft are stupid enough to ship this "feature" - and have it turned on by default - what are the chances that they will be hit with a massive lawsuit?

No doubt there will at least be group policies - if not it disabled entirely - on professional editions of Windows, because corporate customers are going to run a mile from having external guests authenticating on to protected networks with confidential material, just because they happen to be a contact of the person they are visiting.

Assumption is I trust all my contacts equally

[n0ano]

Do I understand this `feature` correctly? If I enable it then all of my contacts now have access to my wifi credentials. I can imagine that I might want this feature for my wife and kids but there is no way in hell I would want to do this for every contact in my list. My wife I trust but the friend of a friend that I just added to my contact list - not so much (although thinking about it maybe that should be reversed).

If that is truly the way this thing works then this is one of the more brain dead ideas some clueless program manager came up with (ranks right up there with the idiot that decided that email messages should be HTML formatted and should contain active content).

Re:

[Moheeheeko]

Probably the same guy who thought "no used games on xbox one" was a great idea.

Re:

[Known Nutter]

Now you can squirt your wi-fi passwords...

Re:

[fuzzyfuzzyfungus]

The 'feature' occurred on Windows Phone first, not sure exactly what version. I assume that it made a great pitch to prospective carriers, since they all love offloading customers onto anything that isn't their data network as often as possible, and typing passwords into your phone is a pain, so automating it likely increases network offload considerably.

Re:

[MightyMartian]

This is from the company that thought having users run as root user using a browser that would automatically install unsigned executables and libraries from the Internet was just the bestest idea ever.

Re:

[MightyMartian]

So, instead of posting multiple times hire they article misrepresents the feature, quit being a shill and explain how exactly it works.

Re:

[ewhac]

stop_stealing_my_shit_kents_optout_nomap

ERROR: SSID TOO LONG

You did know SSIDs were limited to 32 characters, didn't you?

Re:

[viperidaenz]

It would be your friends fault, for selecting your network to be shared.
WiFi Sense may be enabled by default, but you need to specifically share each network.