[Red_Leaves_Flyy]

Opting out via ssid is pull the table cloth off at a wedding level absurd. Effectively this design is we saying we respect you so little that you might be able deactivate this feature if tattoo your choice on your face but we might might ignore that too because fuck you for disagreeing.

Iirc the same optout method is used opting out of WiFi scanning.

Blanket behavior like this should always be opt in with explicit informed and uncoerced consent. A laughable proposition in this corporate world but a worthy aim nonetheless.

[p_l]

Unfortunately, depending on country the same legal rules that make SSID mapping legal without any requirements for opt out are also rules that protect your freedom in other ways[1].

The proper way would be to design the protocol so that the identification information is useless in addition to disabling SSID broadcast.

That would of course mean that joining a device to network would be way harder unless you enabled at least network name broadcasting, which enables tracking again.

[1] under polish law, majority [2] of uses of received broadcast/shared public medium signal, is automatically legal. The only provision of privacy is encryption of said signal, because it's treated like shouting the information in public space.

Bypassing encryption is what turns it into unlawful violation of privacy.

[2] for historical reasons there's a mess involving radio&TV tax which was supposed to be paid per receiver, a bit like UK TV license.

[somat]

You are not wrong and I agree with you that this sort of bullshit is laughably unacceptable.

Unfortunately nothing opt in ever gets wide adoption. So I expect to keep seeing these sort of infernal acts as people get bright but misguided ideas that require broad adoption to work. for example googles wifi cataloging does not work at all if to get cataloged you have to put "_cataloged" in your ssid.

[riiii]

> Unfortunately nothing opt in ever gets wide adoption

Sharing your host's WiFi password with all your contacts should never get a wide adoption. It should never be an option anyway.

It shows Microsoft's astonishing ignorance of security.

[dijit]

Well, actually Apple is doing something similar, and it's opt-in.

If you have a contact, they are in their settings, and they're nearby and they can see your wifi network, a prompt will appear on your phone which asks if you would like to share wifi credentials with them.

There's some foolery going on to stop it popping up if you're using the device normally, like you have to be in settings or the home screen - or recently unlock your phone or something... But it's very explicitly: opt-in.

[verandaguy]

It's opt in for the person with the option to share network credentials.

It's not opt-in for the owner of the network, who should really have a say in the matter.

I do use this feature from time to time, but it's typically on networks where either I'm the owner, or the owner's given me permission to share the creds.

This also opens up an attack surface (which I got to experience firsthand on a burner device at DEF CON 31), where someone spoofs an Apple device requesting network creds. The attack itself involves spamming share requests and catching you off guard, causing you to hit OK, or you just hit OK out of notification fatigue.

[nlawalker]

> It's not opt-in for the owner of the network, who should really have a say in the matter.

Why? It’s literally just a shortcut for asking for the password from someone who already has it and then having it read it out loud or texted. If the owner of the network doesn’t want that happening they need to explain that in either case.

[fireflash38]

It reminds me a bit of how Waze or Google Maps would end up using access roads as shortcuts with navigation. You let a couple of people use it because you know them. They might tell a few others. Then big tech just sees it as "other people use it, so I'll use it". And now you have no control over your road anymore.

[verandaguy]

It’s a shortcut that deprives the network owner of agency. As the person running the network, should you not have some degree of control over who gets to join your network, be it fully open, fully closed, or anywhere in between?

[vladvasiliu]

> where someone spoofs an Apple device requesting network creds

How does this work? Isn't there any verification done through iCloud or something? I don't expect my phone to know about all my contacts' iphone identifiers.

I just tried this the other day with my cousin's wife whose phone number I don't have stored in my contacts and it didn't offer to share the wifi password until we both added each other's number.

[Zambyte]

> Unfortunately nothing opt in ever gets wide adoption.

Computers were opt in.

[TeMPOraL]

Until they weren't.

[anonymousab]

Yeah, widespread adoption will do that to things.

[nkrisc]

> Unfortunately nothing opt in ever gets wide adoption.

Too fucking bad for them. This opt-out bullshit for everything like this, marketing emails, etc. is bullshit. I’m sick of it.

[acka]

Don't forget the website cookie popup tomfoolery, where you must study each and every popup carefully lest you click the wrong button to opt out.

[lifestyleguru]

...and they NEVER remember your preferences, well except your shopping preferences which will stick to you across networks and devices.