Microsoft Windows 10 Wi-Fi Sense, an astoundingly bad idea

Contrary to some of the more lurid commentaries out there, Wi-Fi Sense isn’t utter doom, death, and destruction. But it's close.

From the Windows 10 W-Fi Sense FAQ:

Wi‑Fi Sense connects you to Wi‑Fi networks around you. It can do these things for you to get you Internet access:

  • Automatically connect you to open Wi‑Fi networks it knows about by crowdsourcing networks that other people using Windows have connected to. These are typically open Wi‑Fi hotspots you see when you're out and about.
  • Automatically connect you to Wi‑Fi networks that your Facebook friends, contacts, or Skype contacts have shared with you after you've shared at least one network with your contacts. When you and your contacts share Wi‑Fi networks with each other, you give each other Internet access, but don’t get to see each other’s passwords. No networks are shared automatically. When you first connect to a network that you decide to share, you'll need to enter the password, and then select the Share network with my contacts check box to share that network.

Windows 10 system will have Wi-Fi Sense turned on by default if Express Settings are selected at installation. This doesn’t do anything unless you are signed in with a Microsoft account then, when you connect to a WiFi network, you’ll be asked if you want to share that network with your bestie (your besties being any or all of your, Skype, and Facebook contacts but, crucially, not friends of friends). If you select that you do want to share, then the WiFi password is encrypted and stored in Microsoft’s cloud somewhere. When one of your besties comes in range of the shared network the SSID is recognized, the encrypted password retrieved, decrypted in the bowels of Windows 10, you get logged on, and you can access the Internet (note that your contacts never have access to the unencrypted password). Importantly, your access via the shared network is to the Internet only, local access (if available) is blocked.

Wi-Fi Sense is a hand-me-down from Windows Phone where it was pretty much ignored by the three people using Windows Phone. As I noted, in Windows 10 it’s turned on by default if you use Express Settings and, should you buy a computer with the OS pre-installed, then you might want to go to Wi-Fi int he control panel, then to "Change Wi-Fi settings." In "Manage Wi-Fi settings" you can turn Wi-Fi Sense off; disable password sharing with your Facebook, Outlook, or Skype contact; and in the list of your known Wi-Fi networks, you can enable and disable password sharing. Note that networks protected by corporate authentication protocols, such as 802.1x EAP, will not be shared while consumer grade authentication protocols such as WPA/WPA2 can be.

If you don’t want your network shared then all you have to do is append _optout to the WIFi SSID (I would have preferred _hellno but Microsoft failed to consult with me) and Microsoft also notes that “It can take several days for your network to be added to the opted-out list for Wi-Fi Sense.” Terrific. You can get there from here ... eventually.

Now, is this the end of civilization as we know it? No. Contrary to some of the more lurid commentaries out there, Wi-Fi Sense isn’t utter doom, death, and destruction.

But, is it a really bad idea? Absolutely. Why? Because it’s turned on by default which means legions of naive users won’t know about it or change their settings. Combine that with the high probability that Wi-Fi Sense will get broken or hacked and there’s the potential for bad things to happen to lots of people.

“Hacked? Broken? Really?” you say. Yep, either there will be a bug that breaks the Wi-Fi Sense or exposes the inner workings or some enterprising hacker in Moscow or Beijing will have at it. And there’s another reason it’s a bad idea; Wi-Fi Sense hands Microsoft (and all the three letter agencies slipstreaming behind them along with any successful hackers) your social graph and location data. You’ll be giving Microsoft an insane amount of detailed and highly useful personal data.

Bottom line: Even though Windows 10 Wi-Fi Sense could (will probably) be a huge problem, the core problem is going to be what is always the problem; uninformed and or lazy users who value convenience over security.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)