This kinda reminds me of a feature Windows (Phone) used to have, where it would share your Wi-Fi password with the device's contacts automatically. To opt-out you had to add _optout to the SSID name. https://www.theregister.com/2015/06/30/windows_10_wi_fi_sens...
It looks like this feature was removed eventually, but it's just one of those tasteless things that MS does every once in a while.
From that article:
I knew about the Google Maps thing, I didn't know about this. That kind of stuff is so presumptuous and user hostile it's outrageous.
Yep. My WiFi has had _optout_nomap ever since it was introduced. People always ask me why and I've never seen another SSID with it included.
Come over to my place and we can possibly be the first people ever to bond over their home wifi SSIDs ;)
I really miss the days when people put time and thought in to their SSIDs instead of using the defaults
Mine is "go fuck yourself" so whenever anyone asks what my wifi is, it results in a hilarious exchange.
And the password is either "figure it out for yourself", "check the packaging", "try 123456 backwards", or "I don't know"?
On of my neighbors SSID used to be some bad words towards people working in IT. I think he got some bad experience with his ISP support.
There's a certain comfort, and security, from the anonymity afforded by randomly generated SSIDs.
My parents were 'CIA moble survalance unit'.
My Unifi setup has whitelisted devices. Everything else is completely crippled on the WiFi.
I’m happy for how easy it is to do this.
Google maps cars go around scanning WiFi SSIDs so they can map them to geolocations.
Google maps doesn't need to be able to connect to your wifi in order to use it for location detection. i.e. You still need to add _nomap to the ssid.
I saw a _nomap once! Mentioned it to those around me and nobody knew what it was of course. Must admit I didn't know of optout until now either
Would it be better to have an op-out database, where you have to log in with a Google account, and prove that you own the device somehow using geolocation?
The system has to be resistant against bad actors taking someone else off the map who chooses to opt in.
It would be better if the syntax were simpler, like changing myhouse to __myhouse (double underscore == private identifier).
By setting SSID a certain way, you simultaneously show your intent to opt out and prove that you're the operator.
This assumes such a database is necessary in this first place, which in my mind would require serious justification to prove, given that it creates a situation where the customer’s security is degraded by default.
I do wonder how much it actually does improve location accuracy on phones. Certainly if you have no GPS signal at all it'll give you something rather than nothing, but if you do have GPS, does it really improve things?
At my workplace it used to identify my location as various places within a 300 mile radius of my actual location correlating (at best) to places where our ISP had a footprint, but sometimes even places that it didn't. In any case I had never connected to to our WiFi with my phone, so it would have to be correlating the IPs of users who had. I eventually found a place where you could submit location services corrections to Google and now it gets within 100 feet of the building.
We used to joke about making a digital sign above our office door saying "Welcome to ___" which would use the location returned by the Google AGPS service.
Ever since "private relay" became available on my iphone (which I don't disable even when at home), whenever I get on google maps on my PC (so not going through the private relay) google maps always shows me in random cities hundreds of miles away.
Maybe this has been useful when introduced, but I'm not convinced it still is the case.
If you are in an urban area (especially at the time it was introduced), it will really improve things, mainly because GPS* signal reflections in urban areas disrupt proper positioning. It won't put you into another continent but it tends to be around two magnitudes worse, especially when you're moving (from ~1 meter to ~100 meters). The fact that multi-band GPS is now common does reduce this problem, but this is still helpful in dense areas with high skyscrapers that can still attenuate both bands.
* I'm using GPS here as shorthand for all GNSS systems (including GLONASS and Galileo).
Without it, your phone's location services would be next to useless in any kind of more urban area (next to useless = you'd have to wait for minutes for the phone to get a fix and burn a lot of battery in the process). It would not function inside a lot of buildings _at all_.
People HATE HATE HATE and complain loudly at their phones if they fall back to pure A-GNSS positioning.
no it would be great if you had to prove you own the device to opt-in.
After the most massive awareness campaign you can imagine to get people to know about this at all, the opt-in rate would likely be < 0.00000001%. Cash-like incentives would be required. Likely, router manufactures would have to be bribed to promote that to the users, and have some opt-in screen in the router firmware.
oh no, that's sad. anyway.
The "_optout_nomap" postfix atleast gives a veneer of privacy that your SSID doesn't need to be sent by every nearby device to a backend service to see if it's in the opt-out database and logged/read by some government backfeed etc.
Be thankful that this actually works. It wouldn’t if both Microsoft and Google checked for the magic token at the end of the SSID string :-/
I learned about this recently when I looked at using beacondb[1] as network geolocation provider.
[1] https://beacondb.net/privacy/
Opting out via ssid is pull the table cloth off at a wedding level absurd. Effectively this design is we saying we respect you so little that you might be able deactivate this feature if tattoo your choice on your face but we might might ignore that too because fuck you for disagreeing.
Iirc the same optout method is used opting out of WiFi scanning.
Blanket behavior like this should always be opt in with explicit informed and uncoerced consent. A laughable proposition in this corporate world but a worthy aim nonetheless.
You are not wrong and I agree with you that this sort of bullshit is laughably unacceptable.
Unfortunately nothing opt in ever gets wide adoption. So I expect to keep seeing these sort of infernal acts as people get bright but misguided ideas that require broad adoption to work. for example googles wifi cataloging does not work at all if to get cataloged you have to put "_cataloged" in your ssid.
Sharing your host's WiFi password with all your contacts should never get a wide adoption. It should never be an option anyway.
It shows Microsoft's astonishing ignorance of security.
Well, actually Apple is doing something similar, and it's opt-in.
If you have a contact, they are in their settings, and they're nearby and they can see your wifi network, a prompt will appear on your phone which asks if you would like to share wifi credentials with them.
There's some foolery going on to stop it popping up if you're using the device normally, like you have to be in settings or the home screen - or recently unlock your phone or something... But it's very explicitly: opt-in.
It's opt in for the person with the option to share network credentials.
It's not opt-in for the owner of the network, who should really have a say in the matter.
I do use this feature from time to time, but it's typically on networks where either I'm the owner, or the owner's given me permission to share the creds.
This also opens up an attack surface (which I got to experience firsthand on a burner device at DEF CON 31), where someone spoofs an Apple device requesting network creds. The attack itself involves spamming share requests and catching you off guard, causing you to hit OK, or you just hit OK out of notification fatigue.
Why? It’s literally just a shortcut for asking for the password from someone who already has it and then having it read it out loud or texted. If the owner of the network doesn’t want that happening they need to explain that in either case.
It’s a shortcut that deprives the network owner of agency. As the person running the network, should you not have some degree of control over who gets to join your network, be it fully open, fully closed, or anywhere in between?
Use RADIUS then. If you told someone the password, they can share it
You have that control: allowlist individual devices
It doesn’t, they have exactly as much agency as they would if the shortcut didn’t exist.
If you want more control than a shareable password provides, it’s on you to implement something other than a shareable password. A feature that merely helps people share passwords doesn’t change that.
If you need control over who joins your network, implement 802.1x or a captive portal or something. If you just use a WPA key, people will always share them, you can't stop them, there are literally crowdsourced online databases of "free internet" WiFi keys
How does it change the network owners ability to decide who gets to join their network?
The guests could already simply tell each other the password
It reminds me a bit of how Waze or Google Maps would end up using access roads as shortcuts with navigation. You let a couple of people use it because you know them. They might tell a few others. Then big tech just sees it as "other people use it, so I'll use it". And now you have no control over your road anymore.
How does this work? Isn't there any verification done through iCloud or something? I don't expect my phone to know about all my contacts' iphone identifiers.
I just tried this the other day with my cousin's wife whose phone number I don't have stored in my contacts and it didn't offer to share the wifi password until we both added each other's number.
Too fucking bad for them. This opt-out bullshit for everything like this, marketing emails, etc. is bullshit. I’m sick of it.
Don't forget the website cookie popup tomfoolery, where you must study each and every popup carefully lest you click the wrong button to opt out.
...and they NEVER remember your preferences, well except your shopping preferences which will stick to you across networks and devices.
Computers were opt in.
Until they weren't.
Yeah, widespread adoption will do that to things.
Unfortunately, depending on country the same legal rules that make SSID mapping legal without any requirements for opt out are also rules that protect your freedom in other ways[1].
The proper way would be to design the protocol so that the identification information is useless in addition to disabling SSID broadcast.
That would of course mean that joining a device to network would be way harder unless you enabled at least network name broadcasting, which enables tracking again.
[1] under polish law, majority [2] of uses of received broadcast/shared public medium signal, is automatically legal. The only provision of privacy is encryption of said signal, because it's treated like shouting the information in public space.
Bypassing encryption is what turns it into unlawful violation of privacy.
[2] for historical reasons there's a mess involving radio&TV tax which was supposed to be paid per receiver, a bit like UK TV license.
This just reminds me of my theory of Microsoft's checklist-driven development: Some PM writes down some single-sentence description of a feature (e.g. "Share Wi-Fi passwords with contacts") and the developers just read the list and find the single least-effort way of implementing it. Once done, they can tick the item off the list and go home having done their job, although often in the most excruciatingly stupid way by damaging their users' experience. I do not see how else could M$ so often add features in a way that actively make their products worse to use.
Because this is Microsoft we shall apply Gates' razor and must thus conclude that "never attribute to stupidity that which is adequately explained by malice".
Can you elaborate why you would see Gates as a malicious actor?
This is a difficult question to answer without knowing whether your Bill Gates context includes his years at Microsoft, or only as a philanthropist with sketchy friends.
If the former, you'll need to present an argument that Microsoft did not hold back the entire industry for 20 years with low quality products, severe user-hostility, and monopolistic practices.
If the latter, you should read up about the 1980s and 1990s and early 2000s.
Monopolistic actions are malicious, if you believe in free markets. Gates led the war against Netscape, for one. The setback to the industry and consumers was massive.
Anti-market behavior is today completely normalized, so Gates is very much not alone. Malice is not an unusual phenomenon.
What you're thinking of is called Grey's Law: "Any sufficiently advanced incompetence is indistinguishable from Malice"
OP didn't mistake anything, this would be a public office clerk and they don't have private jets nor yachts.
I believe you mean Hanlon's Razor?
They've inverted it ironically to attribute malice to Microsoft. (Not undeservedly.)
Please refrain from content-free meming on HN.
I like this term, hopefully it enters dictionary. Stupidity doesn't buy yachts, vile malice does.
I do wonder of is partially not caused by the fact that underneath, Outlook and Exchange aren't massively using SMTP or MIME, they use MAPI which is built around X.400 even if it's no longer available to run Exchange work external X.400 connectivity.
Take that background, and how MAPI essentially prioritises internal email capabilities, and slowly a perfect storm for creation of such misfeatures emerges.
Internally to a corporation, in Outlook/MAPI/Exchange way richer world, implementing such a feature is both simple and possibly easy more useful (less annoying emails to write when you want to just give a short reaction).
But then you hit two confounding factors - systems outside of corporate Exchange server - so instead of using a richer messaging feature you make it into extra text message - and systemd outside the corporate, where your message now leaks out.
This way you can start with reasonably well thought out user story, and end with crap like the way reactions work - and weird extra headers
2001(?) I got an email from a client and it said "Debbie would like to revoke the earlier email". Might not have said 'revoke' but something like that. And there were a lot of extra headers I hadn't seen before. After some questioning, I got that they'd just installed some Exchange server setup (or whatever the direct predecessor was?) and you could undo email. But the 'undo' was to send an email revoking the earlier one. MAPI/internal clients understood it; to external clients like me, it was just another email. I'm not sure they (the client) quite understood that they couldn't 'undo' emails to me, because they could do it just fine to everyone else (inside the company).
I'm stealing the term Checklist-driven development. Combined with Cha Bu Duo it explains so much of what I see on a daily basis...
Lazy technical managers (incomplete specification) combined with lazy developers (does not improve specification) and task completion count based performance evaluation (implies atomic task allocation with strictly < 1w time estimation) is the devil, not Lucifer.
And they are everywhere.
This is why PM’s are supposed to work with Business Analysts. Unfortunately, most companies do not have BA’s because, you know, cost. And, most PM’s are not technical and have no engineering background or experience.
This was a good feature. Thankfully it still exists in iOS. Just requires approval.
The iOS implementation of this feature is perfect.
It isn't perfect if you are the wifi owner and people who have credentials then give it away to people you'd rather not give credentials.
It's still perfect, because guests can share passwords verbally or in writing too. Not supporting a digital password share just means the sharing will happen another way.
It's still an improvement though.
In the iOS way, your guest can share the creds privately to another person.
In the normal way, your guest can share the creds verbally to another person, which might be overheard by other unintended listeners.
I guess the ideal would be to allow the network owner (which would be determined by what method?) to share to guests with a flag set for no further sharing (and no viewing of credentials).
It’s cool but it’s not perfect.
I usually try to use this feature when traveling: either I or my wife will add the new Wi-Fi and share with the other. It works roughly 3/4 times, but the remaining 1/4 is infuriating because there’s no button to manually start the sharing and no info about why it doesn’t work.
I would prefer a reliable button to AirDrop the Wi-Fi credentials instead of unreliable magic.
No it isn't, it leaks data to Apple whether you opt in or not.
Or banish machines running Microsoft software from the network.
Sure, Jan.
Holy crap that's amazingly bad!
Apple does it right: it shares only if you press the button and only with your own devices (the share prompt will show up if your other device is currently facing Wi-Fi password prompt and your current device knows the password)
Tasteless describes pretty much every about Microsoft