You may want to rename your wireless router’s SSID(s) from “My Named Network” to “My Named Network_optout_nomap“, or at least to “My Named Network_nomap“.
Read the rest of this article to decide what you should do for your scenario. Just to-the-point information here. No fear-mongering or B.S.
Whatever you decide, don’t forget about your 5 GHz and Guest network SSIDs too (if applicable).
Windows 10 was officially released July 29, 2015. It’s a free upgrade for most computers and includes a new feature called Wi-Fi Sense that has caused quite a worrisome commotion on the Internet. (Microsoft can’t ever seem to do something new without getting bruised.)
This article will clarify the topic and go a step further and talk about GLS access point mapping, which is likely a bigger concern.
Yes, Wi-Fi Sense sounds scary to the uninformed. Feel free to share this article with your IT manager, teenager, or whomever is your technical advisor.
In case you didn’t know, you can download Windows 10 here.
Regarding the SSID renaming mentioned above, the “_optout” part exempts your wireless access point from Wi-Fi Sense and takes effect within a few days once found anywhere in your SSID.
The “_nomap” part exempts your wireless access point from Google Location Services (GLS) access point mapping — a map of all detected Wi-Fi signals from all those Google Street View cars driving through your neighborhood. Your SSID must end with “_nomap” to be exempted.
GLS access point mapping does not display hidden networks so you could also choose to disable broadcasting your SSID instead of or in addition to adding “_nomap” to the end of the SSID, but there are reasons not to disable broadcasting your SSID.
SSIDs must be 32 or fewer characters. Adding the 13 characters of “_optout_nomap” provides you 19 characters to customize your SSID. Or just adding “_nomap” leaves you with 26 characters to customize your SSID.
In case you’re a bit lost, the SSID is the network name. See this article’s first sentence for an example.
RouterPasswords.com can help if you’ve never edited your wireless settings before (or need to reset the device because you forgot your login) and need to know the router’s default password.
Lions, Tigers, Windows 10 Wi-Fi Sense, oh my!
Here are some excerpts from a Microsoft Community discussion that should open your mind to the viral nature of Wi-Fi Sense and its potential impropriety regarding your network’s security.
[…] Wi-Fi Sense automatically connects you to nearby Wi-Fi networks, helping you save your cellular data for when you really need it and giving you more Internet connectivity options. Wi-Fi Sense can do a lot of things for you to get you connected to the Internet using Wi-Fi, so you don’t have to do them on your own. These include:
- Automatically connecting you to crowd sourced open Wi-Fi networks it knows about.
- Letting you exchange password-protected Wi-Fi network access with your contacts to give and get Internet access without seeing each other’s Wi-Fi network passwords.
The following quotes are user comments highlighting some of the worries about Wi-Fi Sense.
[…] I have a 10 year old child, I don’t want him to give his friends access to my network without my permission and it seems that now I have to change my SSID? […]
[…] You should only have to change your SSID if you don’t trust the systems you give your wifi key to. But if you absolutely don’t want anyone sharing your network’s information, then it would be very advisable for you to set your SSID for opting out, but that is completely up to you. […]
[…] If I lend someone a key to get into my house to water the plants, that doesn’t mean he can copy that key for all of his friends, so they can hangout at my place too. And Microsoft makes the whole key copying an automated process.
Is it really that bad?
It depends on your perspective, but, in general, no. It’s not that bad. Here are some talking points:
1) In a way, it’s actually more secure, and it’s not at all automatic.
If you do want to share your internet connection with any of your contacts who is at your location and using Windows 10 or a Windows Phone and enabled their device to connect to Wi-Fi Sense networks, then it’s actually a quicker, easier, more secure way to do so because you don’t actually have to give them your Wi-Fi password. They just automatically receive an encrypted version of it via Wi-Fi Sense without even asking you for it.
In order for this to work, you actually have to explicitly enable it per network (it won’t happen automatically or by accident) and, if a contact’s device does connect via Wi-Fi Sense:
[…] Wi-Fi Sense only shares Internet access. It doesn’t allow any access to local resources, so you can’t rifle through my personal files. (As my colleague Simon Bisson pointed out, it’s based on the well-tested, enterprise grade Network Access Protection feature that has been part of business versions of Windows for years.)
Ed Bott (link above)
This means they won’t have access to other devices on your network, like your computers, wireless printers, mobile devices, etc. If you want them to have such access, you’ll need to give them the actual wireless password (or type it in for them) like you already do.
Bonus idea from Ed Bott: enable it when someone comes over with their laptop (or you’re hosting a party full of Windows Phones) and disable it when everyone leaves. For added protection, only do this for the Guest network (if you have one) if you choose to temporarily enable it.
2) It doesn’t work on 802.1X networks.
Wi-Fi Sense disregards 802.1X networks. If you don’t know what that is, you don’t have it. Likely, you do not. If you’re curious, here’s more information about this “per-user or per-device” type of network authentication.
It might exist in an enterprise office environment. If you’re an IT Manager worrying about Wi-Fi Sense and you have this setup, you should be worry-free.
3) There aren’t any granular sharing options.
If asked, you’d likely say you don’t want all of your Outlook address book, Skype contacts, and Facebook friends to bum Internet access off you (in the event they are nearby and using a Windows device and enabled their device to connect to Wi-Fi Sense networks).
Then again, you probably don’t care that much since you’re not billed according to bandwidth usage and they can’t access the rest of your network anyway.
4) Again, their device needs to say it’s OK to connect to Wi-Fi Sense networks.
Let’s be realistic here. How many Wi-Fi Sense devices will actually be near you? Yes, it depends on home vs office settings and over time there will be more Wi-Fi Sense enabled devices since Windows 10 is a free upgrade for most. But those devices then also need to enable connecting to Wi-Fi Sense networks (i.e. their own contacts’ Internet access points).
If you think about it, wouldn’t you say, “Sure, if there’s free Wi-Fi, sign me up.” Remember, it’s only Internet access, not full network access to all your connected devices.
Think of it this way: If someone visits you and asks for your Wi-Fi password, it might actually be more secure to say, “Just enable Wi-Fi Sense and it’ll connect automatically,” so you don’t have to tell them the actual password. Because if you do give them the actual password, then their Wi-Fi Sense settings take effect, potentially sharing your network’s Internet access with their contacts. So… pros and cons… pros and cons.
5) Yeah, you might want to exclude your wireless access from the Wi-Fi Sense network, but don’t do it out of fear.
After knowing all the scenarios required for Wi-Fi Sense to even make a connection, you might still just want to disallow Wi-Fi Sense from working on your network.
If so, do it because you’re informed and understand why you want to. The instructions are at the beginning of this article.
6) At the VERY least, make sure your wireless network is password-protected (i.e. not an “open network”).
In this day and age, you shouldn’t have an unsecured/open network. Add a password for everyone’s sake (mostly your own).
Should I Disallow Google Location Services (GLS) Access Point Mapping?
Ok, so now that the Windows 10 Wi-Fi Sense discussion is out of the way, let’s talk about something that’s been around for years already but you probably didn’t know about it either.
Google Location Services (GLS) Access Point Mapping is what it sounds like, a map of all broadcasting wireless access points.
FYI: Google isn’t the only one mapping “public” access points (a.k.a. broadcasted Wi-Fi signals).
To most, broadcasting your network’s SSID isn’t meant as an invitation for anyone and everyone to connect. In other words, “No, it’s not public.” But technically, it is… since you’re broadcasting it.
But now you know you can also disable mapping of your network by adding the “_nomap” characters to the end of your SSID. Visit Google Location Service (GLS) access point mapping for more information.
Still trying to make sense of this?
There’s a lot of random Wi-Fi Sense scenarios to consider, and Windows 10’s release news is a bit all over the place right now.
You can watch this CNET video about Windows 10 Wi-Fi Sense for more visuals of how Wi-Fi Sense works.
Hopefully you feel empowered to make your own informed decisions regarding your wireless network.