Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends
From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-) Cheers, -- jra ----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
There is a reason why my family loves open source. My kid is learning Linux and she doesn't even know it. Mommy has an Android... On 07/06/2015 12:53 PM, Jay Ashworth wrote:
From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-)
Cheers, -- jra
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
Does that happen with 802.1x logins, too? Andrew
-----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Richard Golodner Sent: Monday, July 06, 2015 1:16 PM To: nanog@nanog.org Subject: Re: Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends
There is a reason why my family loves open source. My kid is learning Linux and she doesn't even know it. Mommy has an Android...
From Lauren, a new "feature" in Windows 10 I think this community
On 07/06/2015 12:53 PM, Jay Ashworth wrote: probably
wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-)
Cheers, -- jra
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
On Mon 2015-Jul-06 18:22:47 +0000, Andrew Bosch <Andrew.Bosch@elca.org> wrote:
Does that happen with 802.1x logins, too?
No.
Andrew
-- Hugo hugo@slabnet.com: email, xmpp/jabber PGP fingerprint (B178313E): CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E (also on textsecure & redphone)
This isn't really an open source issue -- anybody can make foolish product design decisions regardless of licensing model. This is more about a vendor producing a feature that deliberately and shortsightedly creates a slew of problems impacting almost all existing networks anywhere. It's highly convenient feature for a specific, limited use case (home users hosting a party with a bunch of people that they don't want to have to worry about how to give them a network password). However, gat ignores all of the other security and user impact issues. Can you imagine how the user experience will change when you change your SSID to include the _optout tag and then try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years. On Jul 6, 2015 11:17 AM, "Richard Golodner" <rgolodner@infratection.com> wrote:
There is a reason why my family loves open source. My kid is learning Linux and she doesn't even know it. Mommy has an Android...
On 07/06/2015 12:53 PM, Jay Ashworth wrote:
From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-)
Cheers, -- jra
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
On Jul 6, 2015, at 2:29 PM, Daniel C. Eckert <dan@drakontas.org> wrote:
This isn't really an open source issue -- anybody can make foolish product design decisions regardless of licensing model. This is more about a vendor producing a feature that deliberately and shortsightedly creates a slew of problems impacting almost all existing networks anywhere. It's highly convenient feature for a specific, limited use case (home users hosting a party with a bunch of people that they don't want to have to worry about how to give them a network password). However, gat ignores all of the other security and user impact issues. Can you imagine how the user experience will change when you change your SSID to include the _optout tag and then try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years.
Bonus-bonus points for throwing in language barriers. Triple-bonus points if your SSID is called “Underscore” -jav
Time to teach home-routers WPA Enterprise auth? Then at least you know whom to blame :-) and just one user to disconnect instead of everybody who previously had the key. Well, but if "friends" were to share your wifi-key through other ways the end-result would be the same. Just hand your key to "clueful" people. I think the point here is that we might assume people have a lot of good friends who don't know what they are doing (have things like this enabled by default)? Hmm ... yeah might be :-( Kind regards, Stefan Am 06.07.2015 um 20:29 schrieb Daniel C. Eckert:
This isn't really an open source issue -- anybody can make foolish product design decisions regardless of licensing model. This is more about a vendor producing a feature that deliberately and shortsightedly creates a slew of problems impacting almost all existing networks anywhere. It's highly convenient feature for a specific, limited use case (home users hosting a party with a bunch of people that they don't want to have to worry about how to give them a network password). However, gat ignores all of the other security and user impact issues. Can you imagine how the user experience will change when you change your SSID to include the _optout tag and then try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years. On Jul 6, 2015 11:17 AM, "Richard Golodner" <rgolodner@infratection.com> wrote:
There is a reason why my family loves open source. My kid is learning Linux and she doesn't even know it. Mommy has an Android...
On 07/06/2015 12:53 PM, Jay Ashworth wrote:
From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-)
Cheers, -- jra
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
[...]
On Mon, 06 Jul 2015 11:29:53 -0700, "Daniel C. Eckert" said:
try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years.
Bonus points for telling 40,000 users what the new campus SSID is.... Was Microsoft *trying* to make sure they weren't welcome in enterprise environments? ObNANOG: How does this interact with Comcast/Xfinity's wireless hotspot thing, where it *used* to be that customers could get on anyplace, but now it's "customers and anybody they happen to know?"
Yeah that's scary! I have seen similar feature across multiple apps on Android and iOS. To deal with them I do mac filtering along with WPA + separate guest network where I can share password. On Tue, Jul 7, 2015 at 12:17 AM, <Valdis.Kletnieks@vt.edu> wrote:
On Mon, 06 Jul 2015 11:29:53 -0700, "Daniel C. Eckert" said:
try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years.
Bonus points for telling 40,000 users what the new campus SSID is....
Was Microsoft *trying* to make sure they weren't welcome in enterprise environments?
ObNANOG: How does this interact with Comcast/Xfinity's wireless hotspot thing, where it *used* to be that customers could get on anyplace, but now it's "customers and anybody they happen to know?"
-- Anurag Bhatia anuragbhatia.com PGP Key Fingerprint: 3115 677D 2E94 B696 651B 870C C06D D524 245E 58E2
Yes and no. It’s not about licensing, but it is about the fundamental difference between open and closed development models. When you make a stupid product design decision in a vacuum (closed model), and only the people drinking the same kool-aid ever see your decision on a source code level, it’s a lot easier to ship that bad decision out into widespread use. Further, the people now afflicted with your bad decision are beholden to you in order to get a fix for the problem(s) it has created. OTOH, when you try to do something stupid like this in the open source world, there are far to many eyeballs looking at what gets submitted for it to last long. Anyone and everyone can contribute a fix. Any victim has access to everything they need in order to fix it themselves. Owen
On Jul 6, 2015, at 11:29 AM, Daniel C. Eckert <dan@drakontas.org> wrote:
This isn't really an open source issue -- anybody can make foolish product design decisions regardless of licensing model. This is more about a vendor producing a feature that deliberately and shortsightedly creates a slew of problems impacting almost all existing networks anywhere. It's highly convenient feature for a specific, limited use case (home users hosting a party with a bunch of people that they don't want to have to worry about how to give them a network password). However, gat ignores all of the other security and user impact issues. Can you imagine how the user experience will change when you change your SSID to include the _optout tag and then try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years. On Jul 6, 2015 11:17 AM, "Richard Golodner" <rgolodner@infratection.com> wrote:
There is a reason why my family loves open source. My kid is learning Linux and she doesn't even know it. Mommy has an Android...
On 07/06/2015 12:53 PM, Jay Ashworth wrote:
From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-)
Cheers, -- jra
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
On 07/06/2015 02:16 PM, Richard Golodner wrote:
Mommy has an Android... Android shares your wifi password with Google. Including the password of everyone's wifi you've ever logged into.
http://www.computerworld.com/article/2474851/android-google-knows-nearly-eve...
I long for the days of a good old fashion, bar, that made calls and received them. The smart phones are "smarter" than I am, but that is not much of a challenege either! On 07/06/2015 04:15 PM, rdrake wrote:
On 07/06/2015 02:16 PM, Richard Golodner wrote:
Mommy has an Android... Android shares your wifi password with Google. Including the password of everyone's wifi you've ever logged into.
http://www.computerworld.com/article/2474851/android-google-knows-nearly-eve...
It gives it to one degree of friends on <insert social media here>. So those friends can't share it again. I'm still changing my networks to EAP, though. -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Jay Ashworth Sent: Monday, July 06, 2015 10:54 AM To: NANOG Subject: Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already. I *knew* I didn't like W10. :-) Cheers, -- jra ----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
On Mon 2015-Jul-06 18:17:01 +0000, Dan Gamble <dgamble@wavebroadband.com> wrote:
It gives it to one degree of friends on <insert social media here>. So those friends can't share it again.
I'm still changing my networks to EAP, though.
We've been had! This is all just a giant ploy by Microsoft to push EAP adoption on WLANs! Expect to see some turn-key RADIUS solution from Microsoft in Windows 10. Marketing headline: "Prevent unauthorized access to your corporate WLANs! For the low price of $OH-MY-GOD-YOU-MUST-BE-JOKING!, get Windows Systems Center WLAN Defender today!" Those sly devils... ;) -- Hugo hugo@slabnet.com: email, xmpp/jabber PGP fingerprint (B178313E): CF18 15FA 9FE4 0CD1 2319 1D77 9AB1 0FFD B178 313E (also on textsecure & redphone)
Terrible idea. These are the kind of features that should be opt in, and Microsoft could have done that instead. Does the 802.11 beacon support TLV data, like setting some opt-out flag without changing the SSID? (Even if the the flag name hasn't been yet agreed on?) Would this be a bad idea? Best regards. On 06/07/15 10:53, Jay Ashworth wrote:
From Lauren, a new "feature" in Windows 10 I think this community probably wants to know about, to the extent you don't already.
I *knew* I didn't like W10. :-)
Cheers, -- jra
----- Forwarded Message -----
From: "PRIVACY Forum mailing list" <privacy@vortex.com> To: privacy-list@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends
http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/
In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment.
- - -
--Lauren-- Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com _______________________________________________ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
Terrible idea. These are the kind of features that should be opt in, and Microsoft could have done that instead.
It *is* an option. When you're setting up Windows 10, it asks you two screens of configuration questions, but most people will hit the "Use express settings" option and just blow past the choice. I don't know, most of the express settings seem to be craptacular to me, so I always go through all the "defaults" and usually find myself flipping many/most of them. But that's probably because I am not in search of automated Cortana and Bing magic page prediction goodness that auto- matically shares my name, location, and advertising ID with every random website that it possibly can (hyperbole?? maybe??) http://winaero.com/blog/windows-10-build-10074-features-a-reworked-setup-exp... Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on. I didn't spend a lot of time trying to figure out exactly how that'd work. I don't really want my "contacts" or any other data being sent to Microsoft's servers. I have my own servers that I'm reasonably happy with. I have an uneasy feeling that if set I'd find it to be slurping a lot of data over to Microsoft's servers and I guess I would not be shocked to find that 50 of my best friends on NANOG are suddenly (and unexpectedly) populating WiFi passwords at me. I suppose I could be wrong, but it's amazing how many LinkedIn invites I get from people I've never heard of, who seem to only have a mailing list in common, etc. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Mon, 6 Jul 2015, Joe Greco wrote:
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
Defaults matter. Every configuration parameter has a default setting, whether intentional or not.
This is on by default in the beta like all the reporting in MS. Will probably be either a prompt in the RTM version. On 7 Jul 2015 05:05, "Sean Donelan" <sean@donelan.com> wrote:
On Mon, 6 Jul 2015, Joe Greco wrote:
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
Defaults matter. Every configuration parameter has a default setting, whether intentional or not.
"Sean Donelan" <sean@donelan.com> writes:
On Mon, 6 Jul 2015, Joe Greco wrote:
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
Defaults matter. Every configuration parameter has a default setting, whether intentional or not.
Well of course defaults matter. We work in an industry where the defaults supplied by most tech companies for the average user are quite depressing to me. People want easy and many don't bother to understand or (even worse) care about privacy. Just look at web advertising and tracking. As bad as that is on the general Internet, even I was a bit shocked to find yesterday while training NoScript on a new VM that a certain wireless carrier's customer portal was reaching out to maybe as many as twenty different ad and tracking networks, including Bing, Yahoo, and Google, in order for you to log in and pay your bill. http://www.sol.net/tmp/nanog/mytmobile-login.jpg This stuff is frickin' pervasive. The default is "track the hell out of everyone" and "share everything you can." I remember first seeing the Windows 10 "share networks to contacts" and trying to imagine that it meant anything other than wifi access creds. That's part of the problem. They don't even tell you what the words are actually saying, or why it matters one way or another. For those on this list, that may not be a problem, but my 80 year old mom isn't going to have a clue. Bacon Zombie <baconzombie@gmail.com> writes:
This is on by default in the beta like all the reporting in MS.
Will probably be either a prompt in the RTM version.
Sure. A prompt that defaults to on, on a screen that most people probably bypass, because the new thing is to make tech easy, and bogging them down with a bunch of questions that only computer geeks and privacy wonks and network gearheads care about (or even understand) is anti-user. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On Mon, 06 Jul 2015 21:12:55 -0500, Joe Greco said:
http://winaero.com/blog/windows-10-build-10074-features-a-reworked-setup-exp...
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
There's a subtle but important difference between that and "Allow this device to send sharing info to contacts".....
On Mon, 06 Jul 2015 21:12:55 -0500, Joe Greco said:
http://winaero.com/blog/windows-10-build-10074-features-a-reworked-setup-exp...
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
There's a subtle but important difference between that and "Allow this device to send sharing info to contacts".....
Is there? The problem is that the text that's presented there is so vague as to what it means that it is completely worthless to try to infer anything from it. Without going and researching it further, which may or may not be feasible for some poor soul deploying the damn thing since it is quite possible it is their only computer, it is unclear whether it might mean any one of a dozen or more things. I could easily believe that setting this option could automagically sign you up for SSID password sharing with your contacts. Especially the first time I saw it, I had no idea what it meant other than that it was likely something that was probably in the bad to evil range, because, well, that's the point, it doesn't actually SAY what it is you're committing to. The stuff later on (which is referenced in The Register article that was initially quoted) may help make it a little clearer, but again, there's a lot of bad, and you get to answer that first question without knowing what the context is. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
On 06/07/15 19:12, Joe Greco wrote:
Terrible idea. These are the kind of features that should be opt in, and Microsoft could have done that instead.
It *is* an option.
Opt-in and opt-out are two models of having an option. Also I meant being opt-out for the network administrator regarding the availability of the _optout suffix. Instead it should have been opt-in by the use of some _share suffix.
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
That's an option for the users, not for the network administrator. As a network administrator (at home, at work, whatever) I have some trust for my users but not necessarily for the friends of my users. The decision should be up to the network administrator, not the user. The way it's implemented, user inaction makes him/her violate network usage policy. Best regards. Octavio.
On 06/07/15 19:12, Joe Greco wrote:
Terrible idea. These are the kind of features that should be opt in, and Microsoft could have done that instead.
It *is* an option.
Opt-in and opt-out are two models of having an option.
Also I meant being opt-out for the network administrator regarding the availability of the _optout suffix. Instead it should have been opt-in by the use of some _share suffix.
No, it should have been opt-in by the use of some standards-track mechanism. Substituting less-screwed for more-screwed is still just screwed at the end of the day.
Anyways, if you look on the first page of "Customize settings", yes there's an option for "Automatically connect to networks shared by my contacts" and it CAN be turned off, but it defaults to on.
That's an option for the users, not for the network administrator.
That's unclear. It is likely settable as policy at some level. I'm not going to defend Microsoft since I think it is total crap, but I am not going to be totally unfair about it.
As a network administrator (at home, at work, whatever) I have some trust for my users but not necessarily for the friends of my users. The decision should be up to the network administrator, not the user.
The way it's implemented, user inaction makes him/her violate network usage policy.
Unclear at best. The way it is implemented, the user has the potential to go either way. A network might not want the user to have the choice, clearly, but there is certainly a subset of users who will opt out of the feature and I cannot see how those would be in violation of any sane network usage policy. It's certainly a mess in any case. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Unclear at best. The way it is implemented, the user has the potential to go either way. A network might not want the user to have the choice, clearly, but there is certainly a subset of users who will opt out of the feature and I cannot see how those would be in violation of any sane network usage policy. It's certainly a mess in any case. Now that windows mobile and desktop versions are converging, I doubt
On 7/7/2015 5:39 PM, Joe Greco wrote: there is a way to really tell if a device is a PC or a phone or a tablet. Some network administrators banned mobile phones from wifi connections because of Google's password storage violating their security policy. Now administrators don't even get that knob. We could fix it in a couple of ways (or, they could fix it.. depending on who pushes around money and if anyone cares enough to bother): 1. Wifi sends password policy during handshaking. If you save passwords you aren't allowed to connect here (or, you aren't allowed to backup/share this password) but we will allow the user to connect. This can be transparent to the user and handled by the OS.* 2. The client device sends "I am configured to backup/share passwords" to the wifi. This allows the AP to either deny the user outright, or redirect them to a page explaining what is wrong or whatever. This might be accomplished via DHCP option if we want to keep it all in software. * The fact that we need an IEEE level fix for a security problem created by Google and then propagated by Microsoft is just pathetic. These are two companies that should know better than to do this.
... JG
On 7/7/2015 5:39 PM, Joe Greco wrote:
Unclear at best. The way it is implemented, the user has the potential to go either way. A network might not want the user to have the choice, clearly, but there is certainly a subset of users who will opt out of the feature and I cannot see how those would be in violation of any sane network usage policy. It's certainly a mess in any case.
Now that windows mobile and desktop versions are converging, I doubt there is a way to really tell if a device is a PC or a phone or a tablet. Some network administrators banned mobile phones from wifi connections because of Google's password storage violating their security policy.
Now administrators don't even get that knob.
We could fix it in a couple of ways (or, they could fix it.. depending on who pushes around money and if anyone cares enough to bother):
1. Wifi sends password policy during handshaking. If you save passwords you aren't allowed to connect here (or, you aren't allowed to backup/share this password) but we will allow the user to connect. This can be transparent to the user and handled by the OS.* 2. The client device sends "I am configured to backup/share passwords" to the wifi. This allows the AP to either deny the user outright, or redirect them to a page explaining what is wrong or whatever. This might be accomplished via DHCP option if we want to keep it all in software.
* The fact that we need an IEEE level fix for a security problem created by Google and then propagated by Microsoft is just pathetic. These are two companies that should know better than to do this.
Yes, I agree. It makes me wonder how much of this is new-feature-ism promoted by a management that is looking at the(ir) big picture, then having people without sufficient technical depth "do that new feature." Or are they really drinking their own koolaid and thinking that everything is in "the cloud" today and so there aren't local security concerns? I best go before I delve into the truly cynical. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
participants (17)
-
Andrew Bosch -
Anurag Bhatia -
Bacon Zombie -
Dan Gamble -
Daniel C. Eckert -
Hugo Slabbert -
Javier Henderson -
Jay Ashworth -
Joe Greco -
Octavio Alvarez -
Owen DeLong -
rdrake -
Richard Golodner -
Robert Drake
-
Sean Donelan -
Stefan Neufeind -
Valdis.Kletnieks@vt.edu