

Wi-Fi Sense in Windows 10: Yes, it shares your keys; no, you shouldn’t be scared - Artemis2
http://arstechnica.co.uk/gadgets/2015/07/wi-fi-sense-in-windows-10-yes-it-shares-your-passkeys-no-you-shouldnt-be-scared/

======
invaliduser
The article is pretty scary, actually. It totally misses the main issue with
Wifi Sense: I may want to share my wifi password with my friend Joe, but not
all of his acquaintances. And it's only a checkbox away for it to be shared
almost publicly (some people have thousands of contacts!).

There is this issue not mentionned in the article: in a lot of countries, the
owner of the internet connection is legally responsible for whatever happens
with their connection. Not only in north corea, also in countries like France.
Will Microsoft take responsability if someone uses my internet link for
illegal activities? Nope, because there will be no way to prove it's not me
doing it.

There are so many red flags with Wi-fi Sense, it's like Microsoft wants to
perpetuate its tradition of pointless features involving security issues. Why
Ars Technica published such a misleading article if beyond understanding.

~~~
pwr
I agree.

It's silly that the wifi owner has to opt-out of wifi sense. Because it's not
like it's already difficult enough for a non-techie to securely configure his
access point, no, let's add another thing he has to care/know about.

And the way to opt-out is even sillier: you have to append _optout to your
SSID. The SSID should not be used to control the clients behaviour imho.

------
facorreia
> When Wi-Fi Sense is fully enabled, it shares most of your Wi-Fi access
> passwords with all of your Outlook.com, Skype, and Facebook contacts.

I'm scared.

~~~
creshal
> It's also worth noting that Wi-Fi Sense passwords are stored "in an
> encrypted file on a Microsoft server."

Yep.

------
spdustin
Is there a method for determining if given SSID/MAC combination is in the
database, and requesting an opt out? I'm assuming MAC addresses come into
play, given that adding "_optout" to the end of the SSID works to opt out but
can take some time to propagate.

It also seems to suggest that changing the SSID won't invalidate the wifi-
sense credentials used for your access point.

