Complaints about Windows 10 keep rolling in, but so far none appears to have stuck.
The latest brouhaha is over certain privacy settings. Windows 10 gives users many options to disable certain data-gathering and reporting features, but it appears that some communications to Microsoft servers still slip through.
So far, there doesn’t seem to be anything shifty or harmful about those interactions — but to some users, they’re unsettling. Why is Microsoft doing that?
Wi-Fi Sense and Sensibility
Another thing that just didn’t seem to make sense to some early adopters was Windows 10’s Wi-Fi Sense feature. The controversy over it already seems to have died down, but just a few weeks ago it was the subject of a raging debate.
Wi-Fi Sense automatically connects users to open WiFi networks and can grant their friends access to their own password-protected networks.
Users who want to provide friends access to their password-protected WiFi networks send their passwords through an encrypted link to a Microsoft server, which stores it in encrypted form before sharing it with those friends.
Concerns were raised that hackers might be able to find and extract the passwords, or that someone could “friend” potential victims to get access to their networks.
Another scenario envisioned users being stalked by contacts who’d been given their passwords.
Wi-Fi Sense requires that users give access to all of their contacts or none of them. It doesn’t allow them to be selective about who gets access.
Another fear was that people given access to users’ WiFi networks might be able to hack into other devices connected to those networks in order to steal data and personal information.
“You’re providing access to your network and getting access to networks you may not be sure are secure,” observed Rob Enderle, principal analyst at theEnderle Group.
“It’s a neat feature, but it could be used against you if you aren’t careful,” he told TechNewsWorld. “You want to be sure you’re giving access to, and getting access from, people you trust.”
Who Do You Love?
Like many, Enderle distinguishes between his social media contacts and personal friends, and “features like Wi-Fi Sense, if we use them, are going to force us to curate our friends and contacts more aggressively.”
The inclusion of social network contacts makes this feature “ripe for abuse,” noted Tim Erlin, director of IT security and risk strategy at Tripwire.
Con artists, criminals, and other dishonest actors exploit social networks, the FBI has warned.
Further, hackers reportedly have begun targeting the social media accounts of military personnel and their families.
“If an attacker can become a Skype contact of a target who’s using Wi-Fi Sense, then they can gain access to their home wireless network, providing a foothold from which further attacks can be launched,” Erlin told TechNewsWorld.
Keeping Users Protected
Users have to opt in to connect automatically to WiFi hotspots, and they have to decide to share their password-protected WiFi networks with their Facebook friends, Outlook.com contacts or Skype contacts, according to Microsoft’s FAQ about Wi-Fi Sense.
Some WiFi hotspots require additional information, but users can determine which information does or doesn’t get provided. They can change their settings at any time.
Further, users can decide which password-protected networks they want to share with others, and they can stop sharing to a WiFi network at any time, although the process does take a few days to complete.
Upgrading to Windows 10 doesn’t mean users’ existing WiFi connections are shared by default; they must enable sharing on a per-connection basis.
Wi-Fi Sense does not work with networks secured using 802.1X, a standard often used in enterprise settings.
It’s All Safe, Folks!
“Wi-Fi Sense is not the security hazard some people are making it out to be,” declared Richard Blech, CEO of Secure Channels. “If you do not enable the feature to automatically connect you, it will not.”
Further, WiFi Sense “does not share your hotspot with Facebook friends and contacts,” he told TechNewsWorld. Instead, it informs each party what WiFi hotspots the other is using. That’s “akin to Spotify letting your friends know the music to which you are listening, and informing you of the music to which they’re listening.”