Windows 10's Wi-Fi Sense is not a security risk. Here's why
Yesterday, tech sites went full Chicken Little over a Windows 10 feature that allows you to share your wireless connection without having to give away your Wi-Fi password. If only those alarmists had actually used the feature first...
Every new Windows release brings its own sudden explosions of FUD: fear, uncertainty, and doubt.
It used to be that competitors were the one responsible for sowing FUD. These days, it's the tech press.
For this week's launch of Windows 10, the primary FUD factor is one I didn't expect. Coinciding with yesterday's launch, there was an absolute avalanche of paranoid posts warning of the horrible security risks of the Wi-Fi Sense feature.
Even the normally reliable Brian Krebs fell for the FUD: "Unless you opt out," he warned, "Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype -- and, with an opt-in, your Facebook friends."
According to Krebs, this feature will "allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network -- should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good 'ole cantenna!)."
And of course the echo chamber made sure to reinforce the message that this feature is terrible and dangerous and you should disable it right away. NPR, for example, quoted Krebs as calling this feature "a disaster waiting to happen." He even went so far as recommending that people rename their Wi-Fi access points.
Except, no. That's not how Wi-Fi Sense works.
Yes, the option to allow sharing is enabled by default. Here's what it looks like in Windows 10's Settings.
But did you notice the part where it says "For networks I select..."? That's the key detail that Krebs and everyone who rewrote his post under their own by-line missed.
Yes, you actually have to take an extra step to make a Wi-Fi network available for sharing by your contacts. If you scroll down from the screen I just showed, you get a list of Known Networks. Here's the list of available networks in my office, I've tapped one of those networks to show the options available for it.
If you know you're in my Skype contacts list feel free to park in front of my house with your Windows 10 PC. But you'll have to bring your own Wi-Fi, because Wi-Fi Sense won't let you connect to my network. That option is off by default for every network, as you can see by the Not Shared status message under each one.
And you have to very consciously enable sharing for a network. It's not something you'll do by accident.
And of course even if it were on, Wi-Fi Sense only shares Internet access. It doesn't allow any access to local resources, so you can't rifle through my personal files. (As my colleague Simon Bisson pointed out, it's based on the well-tested, enterprise grade Network Access Protection feature that has been part of business versions of Windows for years.)
I've been using Windows 10 since last October. And yet none of my networks are available for my friends and contacts to share over Wi-Fi Sense. Why? Because I never enabled sharing for any of those networks.
I could imagine doing so if I was having a party or expecting houseguests and I knew that some of them would be using Windows 10 on a tablet or a phone. It's much more convenient (and secure) for all concerned if I don't have to give them my password and they can just connect automatically.
I could also imagine disabling this feature after the party's over.
If you upgrade to Windows 10, you have the same options. Despite what you read yesterday, Wi-Fi Sense is not a security hole, and no one is going to connect to your network without your permission.
Spread the word. Don't spread FUD.
Windows 1.0 to 10: The changing face of Microsoft's landmark OS