Have you ever been to a friend’s house and wanted to connect your phone or tablet to their network to avoid using your mobile data allowance? If so, you know it can be a minor inconvenience having to ask for the Wi-Fi password, and then to tap it via the on-screen keyboard.
Microsoft has come up with a solution for that. Wi-Fi Sense is a feature of the soon-to-be-released Windows 10 operating system that not only allows you to automatically connect a compatible device to any in-range open crowdsourced Wi-Fi network, but also grants access to password-protected networks by sharing login credentials between friends.
The feature, which can automatically accept a Wi-Fi network’s terms and conditions and provide your name, email address or phone number on your behalf, also allows you to share access to password-protected Wi-Fi networks with Outlook.com and Skype contacts, as well as Facebook friends (via an opt-in), all on a per-service rather than per-person basis.
While Wi-Fi Sense doesn’t explicitly hand over your passwords to your friends, it does need to store them centrally in order to present them to the Wi-Fi Sense connection software on your buddies’ devices as and when required.
From Microsoft’s FAQs page:
For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts' phone if they use Wi-Fi Sense and they're in range of the Wi-Fi network you shared. Your contacts don't get to see your password, and you don't get to see theirs.
How secure that element of Wi-Fi Sense is, we don’t yet know.
But what we do know is that access to your network can, depending on your choices, be shared between all your contacts on Outlook.com, Skype and/or Facebook. So, you could be inadvertently granting access network to people you don’t know all that well.
That means you could find yourself in the position where a comparative stranger who has a tenuous link to you – say, the man you emailed about painting your kitchen, your Zumba instructor or your babysitter – could lurk near your home and connect to your wireless network using the access rights you inadvertently gave them.
Fortunately, Microsoft says this Wi-Fi Sense sharing will allow only the internet connection to be used by the third party:
They won't have access to other computers, devices, or files stored on your home network, and you won't have access to these things on their network.
Quite how that works is unclear – presumably, the Wi-Fi Sense client software keeps some kind of control over the the connection in order to prevent your friends from connecting to other computers and devices on the inside of your Wi-Fi access point.
This feature isn’t entirely new – it first appeared on Windows Phone with the release of version 8.1.
But with the impending release of Windows 10 at the end of this month, use of Wi-Fi Sense is likely to expand quickly as desktop and laptop users take advantage of the free upgrade.
Microsoft offers a convoluted workaround by which your Wi-Fi access point can tell Wi-Fi Sense to leave it alone. (Microsoft can’t reprogram your access point to negotiate selectively with Wi-Fi Sense clients, so the clients need some way of recognising that you have opted out.)
To opt out, you will need to append a phrase to your network name. For example, if your network name is mynetwork, you’ll need to change it to mynetwork_optout.
To do this you will need to connect to your router via its web-based configuration page. This is done by typing its address (typically http://192.168.0.1 or http://192.168.1.1) into a web browser.
When prompted, enter your administrator name and password. Within the router’s control panel look for a section labelled Name or SSID (this may be under Wireless Settings) and append _optout to the name. If you’ve already put special characters at the end, e.g. _nomap to opt out of Google’s Street View Wi-Fi data collection, you can put _optout_ into the middle of the network name instead
When done, and you have saved the change you made, log out and then attempt to connect to the network once more. You’ll be prompted to enter the network name (don’t forget you’ve just changed it) and password and then you’ll be set.
Do note, however, that Microsoft says the opt out may not be instant and so you may also wish to change your network’s password while on the configuration webpage:
It can take several days for your network to be added to the opted-out list for Wi-Fi Sense. If you want to stop your network from being shared sooner than that, you can change your Wi-Fi network password.
If you need help picking a new password the following video is full of useful tips:
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
Image of Wi-Fi courtesy of Shutterstock.
John
Seems like a useless and insecure feature to me.
Anonymous
oh joy, another exploit waiting to be patched every month.
Anonymous
actually WIN 10 will no longer have super patch tuesdays
Anonymous
So my SID should be whatever_optout_nomap to opt out for M$ and Google?
Paul Ducklin
That’s my understanding. I’m not sure if “_nomap” can be in the middle of the name, but it seems pretty certain that you can stick Microsoft’s “_optout” wherever you want. So to speak.
Microsoft’s exact wording is that you opt out “by including _optout in the Wi-Fi network name,” which is not that same as saying “by appending _optout to it.”
Now…just wait for a feature that you do want but that is off by default, and you’ll end up with “_optin_optout_nomap” :-)
madao
Do you think hiding the ssid will solve the problem?
Steven Murphy
I had “SSID not shown” for years – now if everyone did the same how do I know which one is me. I had to surface and be a SSID to know who it is to connect to, You can restrict people by MAC Address too.
Paul Ducklin
You can indeed do both of those things – address filtering and network name hiding – but please bear in mind their limitations from a security perspective:
https://nakedsecurity.sophos.com/2013/05/22/busting-wireless-security-myths-video/
ajft
That’s right, and then when twitter implement their own version you’ll have to add “_notwittage” and “_nozuckerburglars” for facebook, etc etc. Shame if your router only lets you have a 16 character SID. Perhaps _noinbandsignalling would be a better idea. Or having an opt-in version instead.
Bob
My router has MAC address filtering. Will this “feature” override this or can I be secure in that devices not registered will not be able to access my WiFi?
Daren N
Win 10 doesn’t change the router settings, and as MAC address filtering is part of the router, there will be no issues with MA|C filtering (assuming you have whitelist filtering).
Blake
I can’t imagine any way in which the feature could affect your router settings. Since your router is rejecting all connections except for those from the specified MAC addresses, you should be safe. Of course, there is MAC address spoofing…
lordtridus
MAC address filtering won’t let anyone on unless they’re either on the valid MAC list or they spoof something that is. This just has the password and not the MAC address, so people who try to use it will fail.
Megan Kenal
okay, so now here’s my question…
…i’m frequently over at my parents’ house and my best friend’s house. my laptop automatically connects to both networks as a result.
so when i get the upgrade to Win10, will my computer now share ~their~ network information with my friends?? not my networks to add ‘_optout’ to the SSID…
G-Man
On windows phone you first have to turn on Share Networks I connect to, then you have the option to share each network. Click the WiFi Sense link at the beginning of the article, scroll to near bottom “To share Wi-Fi network access with your contacts” to get an idea of how it works.
Anonymous
question: if i visit a friend and they share their login credentials with me (whether via WiFi Sense or manually or the WPS button), and i have Win10…will my laptop then automatically share their network info with my friends? is there a way to disable this for my laptop, because honestly i can’t be going around to all of my friends’ houses and changing all their SSIDs to include ‘_optout’…..?
Odd S
Change your wifi pw, and never give friends using Win 10 and
Win Phone 8+, access to your wifi again. Make sure NOT to use
your Microsoft account when logging in to your Win 10 PC.
Martin O
Why not use you Microsoft account to log in to your Windows 10 PC?
I use it for Win 8.1, it defaulted, and I plan to upgrade, how do I correct this?
Ed Meadows
I don’t like this idea at all! It is being foisted upon us as if to say, “take this, whether you like it or not! We know what’s best for you.”
It should be that we have to OPT-IN if we want this, not OPT-OUT if we don’t.
This will throw some serious security risks into networks. Those who have gone to great lengths to design and secure their networks now have to alter their SSIDs but still worry that exploits will be discovered and abused. I can see small businesses being especially at risk.
My question is, what if all of my Windows machines on my network are connected via ethernet, and have no wireless capability? Will MS still be able to determine that I have wireless networks and do this dirty work? If so, how would it determine this?
Anonymous
Just wait, some idiot employee (or just unaware, or it “mysteriously” defaults to share with everybody) accidentally shares the password with a crook, and their RADIUS credentials for a Fortune 500 company used to leak huge data.
Then, MS gets sued, and they disable it, restoring security.
Seriously, WHO THOUGHT THIS WAS SMART? Prepare to see your enterprise credentials sucked away by people who don’t understand the technology. If WPS is disabled, it should not enable this for the network. You took steps to secure it more than a standard password, which means you DON’T want someone haphazardly handing your password out. Respect, MS, you lost it entirely.
Paul Ducklin
AFAIK, this only shares access to open or pre-shared key WPA networks. For all that I an queasy about this whole Wi-Fi Sense thing, I suspect that a Fortune 500 company that runs access points protected by WPA+PSK and then uses that PSK as a single-sign-on password to get right into the network probably has bigger things to worry about :-)
loadtest
I think I’ll keep things just the way they are when I upgrade.
I use a PC, not an iMac, so like most PC users my minitower is wired to my router.
It doesn’t need a password, Microsoft has no way to get it, and I’m not about to give it to them. Nor am I about to “opt out”
Anonymous
What if the SSID is hidden ?
Nomphra
Honestly can’t see that making a difference. Your Windows 10 system with the credentials stored will likely just share them anyway. No Windows 10 device will be wirelessly connecting to my network, that’s for sure!
JR
What could possibly go wrong?
Ron Runeborg
Well, there goes my Windows 10 upgrade into the toilet. I’ll just have to be a Luddite and stick with win 7
lordtridus
I can see the use case they’re going for here: friends come over to my place and want to use the wifi without having to do the setup. That makes some sense, since I have no objection to my friends using my wifi and not having to set them up is convenient.
But the controls are seriously lacking in granularity, and it appears that anyone I’ve ever let onto my wifi can share it with everyone they know, rather than just me sharing it with people I want to be able to use it.
Given that, I predict a bunch of _optout SSID names in my future. At least, unless the backlash gets big enough that Microsoft does something.
Blake
“Wi-Fi Sense doesn’t explicitly hand over your passwords to your friends”.
Yes and no. It has to send the credentials down to the Win10 device somehow. It’s just a matter of time until someone reverse engineers the process and creates a utility that will let you view WiFi Sense pushed passwords.
In general, this just seems like a really, really bad idea. Hopefully there is a way to restrict this through AD GPO. I can only imagine the security nightmare of having Windows share your corporate WiFi password with every user’s facebook friend list. What in the world are they thinking!? If there’s no way to restrict then we will have to ban all Windows 10 devices from our corp network.
MikeP_UK
Yet another ill-considered and dangerous idea from Microsoft. Surely that means it is highly dangerous to ‘upgrade’ to a much more insecure system than even W8.1 is!
I’m glad I refused all the ‘tweaks’ that MS have been putting out that turn out to be advertising for W10 and nothing more – but you can remove the daft icon added by one of the ‘tweaks’.
I shall not be taking Windows 10 until such time as we can reset all these dangerous default settings and have the system run the way we need and want and not the way MS dictate.
Laurence Marks
I guess they didn’t learn anything from the “success” of Wi-Fi Protected Setup (WPS).
Tim
Reading the linked FAQ, a few things come apparent. (Tho the FAQ is for Windows Phone 8.1, the implementation may vary on Win10.)
– It appears you can choose whether to share any given network you connect to, tho it’s not clear if the default is opt in or opt out. Should really be opt in.
– Should you choose to share your home network, I’d recommend only sharing the “guest” network that most home wifi routers have now.
– The feature supposedly does not give access to other devices on the local network. Not sure how this would be implemented. But if you only share the guest network, then this won’t be an issue.
– If you manually give your network password to a friend, and they do not deselect sharing when setting up their device, they can share it with their contacts on your behalf. M$ suggests entering your password on their device yourself, and unchecking the share option as a way of preventing this. I presume this means you cannot change the share option without reentering the pw. Another reason only to give the guest network access to friends.
– However, it appears that friends who gain access to your network via WiFi Sense cannot then re-share it to their friends
– MAC address filtering will prevent anyone with the shared credentials from connecting with an unregistered MAC address.
– It uses location data to determine what networks to attempt to connect to. Thus it theoretically could attempt to connect to a network who’s SSID is hidden. Whether it actually tries this is in the implementation, and that would need to be tested. (Hiding the SSID is an obscurity tool, not a security tool.)
– Remember that anyone using your network, guest or otherwise, involved in nefarious activity, could reflect back on your ISP account. Your friends’ hacking, file sharing, accessing illegal sites, etc., could earn you a visit from any number of law enforcement agencies or tort bearing attorneys. Keep this in mind when determining how widely your credentials can be shared.
– By sharing credentials, you are trusting M$ to keep them safe… Probably not an issue, until it is…
– While this could be convenient in some cases, but there’s a degradation in security with any convenience feature. That’s just the way it is. Make your own informed decision.
Note that I have not used nor tested this feature, my statements are based on my interpretation of the FAQ and info from M$ regarding the feature on Windows Phone 8.1. Windows 10 may or may not work exactly the same way. Your mileage may vary.
Anonymous
Interesting. Just tested this on my router, and it doesn’t allow the SSID to have _ in the name, nor any other special character for that matter. I can only put letters and numbers.
Anonymous
Plus now you must change your infrastructure to accommodate them..
Really think this is ridiculous.
Anonymous
What if your router doesn’t allow special characters, so you can’t append _optout or _nomap?
Anonymous
Linux keeps looking better and better for my main OS with “advancements” like this.
MossyRock
As quoted in this article, MS says on its FAQ page, “For networks you choose to share access to…”
This implies that you, as the administrator of your network, can make a choice somewhere to share a network, otherwise if you do nothing, it won’t be shared.
However, what I’m gathering here is exactly the opposite. A network in your control will be shared by default unless you insert “_optout” in the SSID.
So MS should be saying instead, “Your networks will be shared unless you take explicit action by altering your SSIDs…
Am I missing something? Or is there a setting in Win 10 that enables/disables the whole concept?
Paul Ducklin
The problem at the access point side of things is that your access point can’t force Wi-Fi Sense off in every passing Windows Phone or Windows tablet/laptop.
So if you choose to have an open access point, loads of people will connect even if *they* don’t want to. And if you authorise one of your chums to connect to your passworded network, then the only way for your access point later to let it be known that it wants to retract its connectability seems to be with this _optout flag.
MossyRock
If all of my computers on my network are ethernet-connected and have no WiFi capability, (i.e., I can’t log onto any wireless network with them) and one of these computers is Win 10, could MS learn of my WiFi’s PSK? If so, how?
Carl T
And how hard would it or will it be to ignore the “_optout” addition to the SSID?
After all, you are trusting MS to honor a rule they are setting in place.
It’s not like we trusted companies mapping wifi before and found out they were capturing more than location information…
m
How about the security of the network I as a win10 user might inadvertently be connected to? somecone could run a network full of malicious attack tools (in some area where many folks go to often, like a near a trainstation, airport or such), ‘share’ that with some folks and then see it trickle to many thousands of folks who may then (unknowingly?) connect to this malicious net justy to have their win10 device attacked by what is on that net? Can a win10 user even opt out of using this from connecting to networks learnt of that way (if no other networks are available)?
Mark
Quite how that works is indeed unclear. A wi-fi network password is an access credential to something unrelated to devices on your network. If someone gets the password, they have access to your wi-fi LAN. How access control on the LAN is arranged is purely determined by the access point/router (higher-end ones likely have an option to restrict some wi-fi to the internet only, but that’s still something Microsoft can’t control); a Windows machine on that network can’t control this. Heck, it might not even be on at the time of access by the one getting your password.
I call shenanigans.
Anonymous
Linux?
Anonymous
Here’s a novel idea Microsoft. How about making it so I have to change my SSID to _opt-in? Why should I have to worry about making a change on my side to turn off a feature I don’t want on in the first place!
Tom C
How does Wi-Fi Sense know which access point is mine? Example, I have four different wireless APs stored. Does Windows 10 send all of the SSIDs and passwords to their server? Windows 10 doesn’t know which ones I administer. So if a friend passes by one of those networks, they will connect? Also, will Microsoft release the encrypted password to law enforcement? Or even nicely decrypt it for them?
Kev
Read between the lines, this is just a clandestine way for big brother to have immediate access to your network. MS will release the information if requested by the government. Change your SSID name and add optout at the end of the string or just don’t use Windows 10.
Anonymous
Why does nobody see the real problem here. It’s not the sharing of encrypted password. It’s that Microsoft wants to store your password for you on their servers. This gives them and in turn the Government access to your private home network without your knowledge or consent..
Kelly Manning
Issue like this are why I stick to 100 mbit ethernet cable and turn off the wireless radio on my high speed home router / modem.
DiveMaster
So I still think folks are still missing a very important couple of points to this issue. If I have turned everything off in my newly upgraded version of Windows 10, and someone that is in my contacts list or facebook or whatever and ALSO has Windows 10 – will they have access to my Wi-Fi if they have never been to my house before? And then following that, if they had been here before and had access and they upgraded to Windows 10 would their automatic access to my Wi-Fi grant all their friends that had Windows 10 access? Then I change my password to my Wi-Fi and that should take care of it – as long as I have everything turned off on my Windows 10 machine…Can anyone dispute?
OlFred
Hello everyone. It’s all good and dandy that Microsoft want to share your connection details with your family and friends. – But the issue of this is that it is all done by default and furthermore it is done all automatically, which is really bad for security because you are not always aware who is your friend or not and so if you are facebook friends with hackers they will have free access to abuse your network.
If I was to say something about it it should be turned around so it is available to share it with your friends but is defaulted to be inactive – If you want it to share with friends the Wireless should be something like _Share:#### which will turn it on instead of turning it off. The way I’m showing here is if you want to share with Facebook friends and Twitter friends but no other community friends it could be shown like this: “_Share-FB-TW” so Facebook would be -FB and Twitter would be -TW. any way – This way the user would be in control of the sharing and even which friend-types to share it with.
On the other part it can also be an issue when the wifi sense service is up it stores the info on Microsofts servers, This service is in fact a different backdoor effect by proxy – Especially id you have your network settings to be Home Network instead of Public Network. Finally – The facts are that no matter who you are – No person or company is completely without the risk of being hacked – None whatsoever and that comes from the fact that any device that can be programmed and updated, can be both infected and hacked.
System Software programmers all over the world – My advice is to make the functionality but for God’s sake leave it inactive so the user of the computer is the determinant. The world is full of malicious people and so malicious software and they don’t hesitate to use it so why do you insist on making it easy for them?!?
Steven Murphy
For example – If I write something here perhaps it never appears. Therefore you get all my information – twitter, facebook, or google whatever it happens to be that I sign in with. We do know how it works until we see how it wors.
Anonymous
If I remove _optout from my SSID at a later date am I automatically opting back in? Call me vain, but I dont want to see _optout on the end of my SSID?
Paul Ducklin
You’d want to assume that you’re essentially opting back in when you stop opting out. (You can put “optout” in the middle, apparently, if you find a way to make a pun out of it :-)
Dan_R
Most discussion of WiFi Sense seem to focus on the sharing options available the person running Win10. The real risks and bandwith costs are to the owner of the WiFi network itself. Since WiFi-Sense “can automatically accept a Wi-Fi network’s terms and conditions and provide your name, email address or phone number on your behalf”, A posssible solution to this unauthorized theft of service by Microsoft would be to make your ‘terms of service’ that any use of your [guest] WiFi network entitles the WiFi network operator to use man-in-the-middle software to capture any usernames and passwords you (the WiFi sense user) enter on the network and to subsequently publish or use those credentials for any purpose they may choose. Unwelcome WiFi Sense guests beware.
How can it be legal for Microsoft to distribute access credentials to private WiFi service without having permission beyond the single person who has, (probably illegally due to explicit or implicit ToS), provided those credentials to Microsoft?
Paul Ducklin
i think you’d be on legally very thin ground if you tried to regulate access to your own open Wi-Fi by deliberately harvesting stuff you know is supposed to be private and threatening to reveal it.
Wouldn’t it be a morally much less odious approach just to start using WPA with a key that a network visitor needs to ask for, and not to have an open (note the name :-) access point?
Dan_R
@Paul Ducklin: your solutiion is exactly what we’ve had until Microsoft started offering to distribute WPA keys to various social networks without informing the network owners nor getting network owner permission other than from a source unauthorized to provide such access consent. After WiFi Sense, the option to have a key that the visitor has to ask for is gone. The visitor just has to be on contact [or friend] list of someone you once gave the current key to. Of course, it might work if you change your keys frequently and update ALL your connected devices acordingly. Yech.
I’m no expert on the thickness of legal ground, but I’m pretty sure that a EULA is a legal agreement. If the ground is thin for harvesting stuff with the user’s agrement, then isn’t it even thiner for a user to willfully encourage Microsoft to distribute access to unknown (to the WiFi owner) parties in a collusive arrangement that in NO WAY directly involves the network owner?
Aparently Microsoft actually promotes using WiFi Senset access over other sites detected by the visitor’s WiFi adapter, and hence advertises the availability of open access to such drive-by visitors. BTW, which would you consider more reprehensible:
1) Open access to stangers unknown to and unauthorized by the owner of the WiFi network (imagine the FBI arriving on your doorstep after they find that your network and IP was used to download gigabytes of kiddie porn), or
2) Making use by consentual agreement of info that a visitor types into your your private (not intentionally ‘Open’) network?
If it’s not OK to harvest visitor info by consent, why would it be OK for MS to ‘harvest’ access keys through people unauthorized by the WiFi owner to distribute access to additional parties?
Perhaps neither is on the moral high ground, but passing ‘secret’ keys along to unknown parties seems far more morally dubious than a straight up requirement for agreement prior to sharing private information with undisclosed third parties.
Of course the main point here is that the WiFi network is being pried open by WiFi Sense without in any way informing the network owner and without asking for the permission of the network owner. Such access certainly may involve actual costs to the network owner, and probably exposes the network owner to serious security risks or significant intimmidation and legal costs in the event that one of those Skype contacts of an aquaintance who used the network for a brief time a while ago happens to do something awful over the WiFi opened up by WiFi-Sense.
The MITM notice I suggested above, whether MIITM is actually used or not, is one way to provide a somewhat more level playing field that informs the visitor that his use of the network comes with some possible seriously negative consequences which he must agree to if he wants tu use the network. Surely you are not suggesting that Microsoft will just ‘auto accept usage terms’ without informing the user, or are you? Do we even know who’s phone number and email are attached to such usage, or if they are only provided if the access software requries that they be provided?
In summary, with WiFi Sense Microsoft is invading a network for which they do not have consent from the network owner and they are then distributing network access to individuals who may not be known or accountable in any real sense by anyone at all (other than as a name in a contact list.
Why should a network owner be asked to “opt_out” or else be subjected to such abuse just because someone they once trusted with access upgraded their Vista machine to Win10? Hard to find almost any behavior based on a visible EULA more reprehensible than what Microsoft is doing here. If the network EULA is NOT visible due to autofill by Microsoft, then Microsoft is misrepresenting the service they are providing as well as the Open nature of the network they are hijacking.
BTW, when the FBI does knock on your (as the newtork owner) door, who do you say was downloading all that illegal stuff? Not sure, but I think that you will have no clue as to the answer (“Oh, that must have been someone on a contact list or someone who used my WiFi in 2013”). Yes, you may not be liable under DMCA, but you may also go through quite a bit of pain and cost to prove your case.
Is it really possible that WiFi Sense is a legal service? Seems to me it is WiFi Sense that is on thin legal ground. At least I hope so for the sake of the privacy and security of all of us.
I guess it’s time to change all those access keys again.
Any actual lawyers in the house witth relevant experience?
Paul Ducklin
It was your suggestion of having a EULA in which you thretened “to publish the user’s credentials” that I thought wouldn’t fly. Two wrongs don’t make a legal right, and all that.
(I don’t much like Wi-Fi Sense, but I am not sure that your claim that Microsoft is “distribut[ing] WPA keys to various social networks” is correct. As you start off with that point, you may want to make sure it is correct before building an argument around it. IIRC, Microsoft “shares” your WPA key with itself, to store in its cloud. That is not quite rhe same as “distributing it to social networks.”)