gbaji wrote:
Samira wrote:
It also shares your wi-fi password with anyone connecting from your house. I'm not sure how they calculate what's your house, and what's just outside your house, or next door, or whatever. It apparently also shares that information, encrypted, with anyone you "share" with on Facebook, Skype or Outlook.
Also, allegedly, if you tell a friend your wi-fi password because, say, they're at your house to play a co-op game on their laptop, by default your password is then shared with THEIR friends when they type it in.
I get that privacy is a quaint conceit at this point; but do we really have to be so blatant about it?
Also, allegedly, if you tell a friend your wi-fi password because, say, they're at your house to play a co-op game on their laptop, by default your password is then shared with THEIR friends when they type it in.
I get that privacy is a quaint conceit at this point; but do we really have to be so blatant about it?
The bigger issue is how they do it. They basically use their own servers as a warehouse of encrypted credentials which associate the credentials to the wifi network. So when another Win10 system attempts to connect to a wifi network, it connects to the MS warehouse and checks to see if there's an associated credential for it, then checks to see if it's ok to share it. So basically, you've given up security of your home network to a remote server managed by someone else. You can opt out all you want, but at the end of the day if MS wants to opt you in (or hand those credentials out to anyone they want), you have no actual say in it.
I haven't been able to find any detailed information, but it's unclear if opting out actually prevents your credential from being stored on their server. It may be that it just changes the settings regarding that credential on said server. So even if you turn it off, it's still dropping a credential for your network in their warehouse, just not handing it out to anyone else (again, unless they decide to do so). I suppose technically they could do this with the credentials already stored on your system today, but by hiding it in a "service", it maybe makes it a bit less obviously problematic (and potentially illegal). Hard to say.
The other issue is with the upgrade process itself. So if someone with Win7/8 had previously visited your home, and you typed your wifi password in for them to access you network (assuming that it would remain stored only on that device), and that person now upgrades to Win10, it's also unclear if that process alone will result in your network credential being uploaded to their service (along with whatever opt-in/out information that user chooses). Again, the big issue is that they've basically removed the security from your home network and placed it on their server.
I'd recommend at the very least that anyone who has ever shared their home wifi password with anyone (even if you typed it yourself into their network connection tool), that you change your password now. Because even if you don't upgrade to Win10, if that other person does, your home network security is basically up in the air.
Security... pfft.. this is the new sharing economy in which security is deemed a passing fad. And besides, terrorists like their computers secure and encrypted. You are not a terrorist, are you?