The other notable change in build 14342 isn’t a feature that’s been added but rather one that’s been removed. Windows Phone 8.1 and Windows 10 both included a contentious feature called Wi-Fi Sense that allowed Wi-Fi credentials to be shared with your Facebook and Skype contacts. Citing the lack of end-user uptake of this feature, it has been removed from 14342.
Windows 10 will still sync Wi-Fi credentials among your own machines, so signing on to a network with one Windows 10 PC will allow all the other PCs that use the same Microsoft Account to also access the network, so this (arguably more important) capability isn’t going away, but the one that raised so many hackles after it was spotted a year after its introduction is consigned to the dustbin of history.
Good. This was such an incredibly creepy and potentially dangerous feature that I really cannot fathom that it got through the countless levels of triage Windows features certainly go through.
What I think it still creepy that someone (aka Microsoft) potentially has a database somewhere with a very large amount of WiFi passphrases from around the world.
Ehm, you mean like Google? (Android *hint hint*)
Edited 2016-05-12 11:20 UTC
That’s what I was thinking: Android, by default, stores your WiFi-credentials and stuff on their servers. You have to manually disable that if you don’t want it to do it.
My phone doesn’t (I didn’t set up a Google account for my Android phone), I believe that is the default.
That’s one thing Apple does right, at least. It won’t save any wifi passwords on their servers unless you opt to enable iCloud Keychain. Doing that is easy enough but cannot be done by accident.
In Android, when setting up the google account in the setup wizard, it asks about it (it’s the card with backup settings) and explicitly tells, that data will be sent to google servers.
Yes, that is also bad. I mentioned Microsoft because that is what the post was about.
I wonder how many times WiFi private keys have been handed over in government requests. Microsoft or google would be obligated to do so, but IMHO neither of them have any business storing private keys to begin with, I bet most people aren’t even aware they do it.
Prior to other posters saying it, I did not know google was doing it too…
http://www.huffingtonpost.com/2013/09/17/google-wifi-passwords-andr…
What bothers me is that the owner of a network can authorize a user, but the user can inadvertently leak the key to google or microsoft without intending to when they sync up.
Now I have to admit, maybe they do it in such a way that they don’t get to see the cleartext password and it can’t be derived.
I know it’s possible to do it right, just no way of checking it. Well, in case of Android maybe you can.
In the article it says:
“This data is encrypted in transit”
That suggests it’s send in cleartext over an encrypted connection like HTTPS.
So that would be bad. ๐
Do they? Whenever I’ve restored my Android phone, I’ve always had to re-input network credentials, even when everything else is restored.
Depends. My wifes current phone (Samsung S5) “remembered” wifi passwords from her previous (Verizon Galaxy Nexus). It’s possible different vendors or carriers enable or disable this stuff.
When I restore my phone, I have to input the initial wifi password in order to connect to the internet and Google. But once it’s connected, all the others are synced. Of course, if I initially connected with mobile data and then synced everything over mobile, I guess I wouldn’t need to even input that first wifi password!
True, but let’s not forget they still have to match that with the geographical location and actually “get on” your wifi network – or any on the list.
it’s not a key to get on your network over the internet right.
Google are of course even better placed than MS in this regard they’re (even) more likely to have said geographic data. or at least in so far as GPS data is still more accurate, usually by far, than IP based geolocations.
Edited 2016-05-13 09:32 UTC
You don’t need geographical information, most WiFi’s are names pretty uniquely (especially if it includes information about for example the AP MAC-address). And a lot has already mapped long ago.
Just look at the detail of these maps:
https://wigle.net/map?maplat=39.364533289631694&maplon=-76.370213242…
I believe people sell queries on lookup systems and people can buy databases, etc. But a lot is already freely available in an open source fashion.
Feel stupid. Of course it has…. .Face palm.
๐
thanks for the heads up though.
But let’s call it discipline
It’s not so much the credential synch that bothered me. Microsoft are keeping that and, so long as I’ve explicitly turned it on (which I have on iCloud) then I don’t mind. What freaked me out about this late and unlamented sharing feature was that you’d share with your friends, who’d share with their friends, who’d share with… well, you just never knew. I can only imagine how much criminals would have loved it.