Windows 10 WiFi Sense

I advise disabling WiFi Sense in Windows 10 (it’s turned ON by default)

What does WiFi Sense do? It’s a new feature in Windows 10 that is supposed to make connecting to wireless networks easier. However, Microsoft seem to have completely failed to consider the security implications. Specifically, It does two things:

  • Connects you to available open hotspots without asking you or telling you. All it takes for this to happen is for at least one other Windows 10 user who has WiFi Sense enabled (anywhere in the world) to have connected to that open network before.
  • Connects you automatically (without a password) to any hotspot that any of your contacts has connected to before (where “contacts” covers anyone in your Skype database, your contacts, or your Facebook friends). And, of course, the corollary is true: those same people can connect to YOUR network without a password.

At first glance, this is horrendous. Do Microsoft think we only have family and bosom buddies in our contact lists? Do they really think that we would want to automatically trust everyone in our contacts lists to connect to our router?

WiFi Sense - signed on to a Local Account
Figure 1. If you see the blue link circled above when you enter WiFi Settings then you are signing on to a local account, so are not vulnerable to WiFi Sense
And it gets worse. Suppose that you give your password to a friend, either in the normal way or by having WiFi Sense enabled. If that friend has WiFi Sense enabled, then my understanding is that that friend will automatically share your password with all of their contacts who have Wi-Fi Sense enabled. This is just appalling and it’s hard to think that it can really be true that Microsoft have invited such a situation to come about.

There have been several blogs written in the last few weeks (no names, no pack drill) that have suggested that that is the exact situation. However, a deeper look at things indicates that you have to do more than just have WiFi Sense “enabled” in order to be put at risk.

WiFi Sense - signed on to an Online Account
Figure 2. This machine is signing on to an Online Account. Slide the slidey things to the left (as shown) to disable WiFi Sense
To be at risk you have to:

  • Turn on the options to enable WiFi Sense (these are the ones that are on by default – see Figure 2)
  • Tick the boxes to select which lists of contacts you wish to share with (these are all unticked by default – see Figure 3)
  • Specifically share the networks over which you have control (none are shared by default – see Figure 4)

So, I would completely agree that WiFi Sense appears to be badly conceived and should be switched off completely (see below), but we haven’t been left as helpless and vulnerable as many bloggers have suggested.

I am grateful to ZD Net for pointing out the real situation concerning Wi-Fi Sense (before I, too, could make a prat of myself……)

There is another way that Microsoft say you can prevent your wifi network from being laid open by WiFi Sense and that is to rename your network so that it includes the text “_optout” (without the quotes) – eg changing your router identification from SkyXYZ123 to SkyXYZ123_optout. Yes, I know, it’s a cheek for Microsoft to cause us to have to do this just because they introduced a security risk. Anyway, almost all of my own computer support clients would not know how to do this. And if you do do it, you’ll have to re-set the connection settings for every computer and device that connects to it. Don’t bother about it. Just make sure Wi-Fi Sense is disabled as follows:

WiFi Sense - Contacts Lists
Figure 3. Even with Wifi Sense enabled (as shown by slidey things), network passwords will not be shared as none of the contacts lists are enabled
If you do log onto your Microsoft Account when your computer starts, then disable WiFi Sense as follows:

  • Click on the Start Button
  • Click on Settings
  • Click on Network & Internet, WiFi, Flight Mode, VPN
  • Click on Wifi
  • Click on Manage Wifi Settings (you may need to scroll down to see this)
  • Slide the two slidey things to the left (so that it says “off” next to them – see Figure 2)
  • Close the Settings window by clicking on the “X” at top right

By the way, if you log onto your Windows 10 computer as a “local user” (ie you don’t connect to your Microsoft Account) then you are not put at risk anyway so you can completely forget the scare stories (see Figure 1).

WiFi Sense - Share Network
Figure 4. Even with WiFi Sense enabled, your own network will not be shared unless you explicitly share it by clicking in the circle