Earlier this week Microsoft released a new build of Windows 10 for PC dubbed 10158 which for the first time includes Wi-Fi Sense on the desktop operating system. The new feature, which has been part of Windows Phone since v8.1 update, improves the Wi-Fi experience significantly and hence is ought to please many users. But, unfortunately, it comes with a caveat that might not sit well with many.
For those unaware, Wi-Fi Sense is a feature that automatically connects one to local, and open crowdsourced Wi-Fi networks. It does so by sharing your Wi-Fi credentials with your friends listed in your phone and social contacts — which as you may have guessed — is the Achilles heel.
The feature, which is turned on by default, automatically accepts Wi-Fi network’s ToS and gives away your name, email address and contact number on your behalf. It further goes on to share the password of your Wi-Fi network with your friends listed in contacts in your phone, Outlook.com, Skype, and Facebook.
Do note that Wi-Fi Sense isn’t leaking your passwords to your friends. It encrypts your password and then shares it on a protected network. As Microsoft notes, “For networks you choose to share access to, the password is sent over an encrypted connection and stored in an encrypted file on a Microsoft server, and then sent over a secure connection to your contacts’ phone if they use Wi-Fi Sense and they’re in range of the Wi-Fi network you shared. Your contacts don’t get to see your password, and you don’t get to see theirs.”
There is just one problem: your network’s password is getting shared to your contacts — many of which you might not know so well. Possibly, this will allow someone who has ever emailed you on your Live/Outlook email Id to use your Wi-Fi, or that odd person you added on Facebook but don’t really know so well. If not fixed soon enough, the odds of this feature getting abused is now more likely than ever.
At its current state, as Microsoft notes, your friends won’t be able to access any device connected to the same network. “They won’t have access to other computers, devices, or files stored on your home network, and you won’t have access to these things on their network.”
I am not so sure how much truth is in that statement. With internet sniffing tools becoming increasingly popular, there is a chance that one could not only find a way to access other devices, but also eavesdrop on the ongoing data exchanges. Things are not very clear as of yet.
One could, obviously, login to the settings of their router and change password and SSID (and add “_optout” at the end) to be sure that no intruder is accessing their network. The problem, however, is that Wi-Fi Sense doesn’t instantly comply with these changes. As Microsoft notes, “It can take several days for your network to be added to the opted-out list for Wi-Fi Sense. If you want to stop your network from being shared sooner than that, you can change your Wi-Fi network password.”