Look, Microsoft. Just because I am Facebook friends with someone, doesn’t mean I want to share my wifi passwords with them.
Unfortunately, that’s exactly what happens by default in Windows 10. Anyone who I’m Outlook.com contacts with (spammers), Skype friends with (webcam strippers), or Facebook friends with (high school buddies turned webcam strippers) can connect to wifi networks that I have the password for.
It’s part of a system called Wi-Fi Sense, which has been lurking in Windows Phone for a while now. It sends wifi passwords (encrypted; they never see the plaintext password) to your contacts, who can therefore connect to any wifi network that you have the password to. It’s turned on by default, and I had to dig around in a few levels of settings to disable it.
(There’s also a checkbox when you first connect to a wifi network, giving you the option not to share the network. But since Windows 10 helpfully keeps your saved passwords when you upgrade, all the networks you’ve previously connected to are
shared by default. My bad — Win10 shares your saved Wi-Fi passwords with other devices signed into your Microsoft account by default, but not through Wi-Fi Sense.)
I’m not really complaining about the existence of the feature in the first place — I can see how it could be helpful, if you’re a non-data-plan-having tween hopping between various wifi-enabled basements. It’s the fact that Wi-Fi Sense is enabled by default, and most people will never know that it’s there.
It’s also a huge security fuckup waiting to happen. Users might not see the password, but it’s stored on the machine somewhere, and you can bet that an intrepid hacker will get at it.
To disable Wi-Fi sense, head into Wi-Fi—>Network settings—>Manage Wi-Fi settings, and uncheck basically all the boxes you can see.
Contact the author at firstname.lastname@example.org.