the headline makes this sound overly sinister! and its hardly secret! its a live tile and a setting that allows a user to tailor their data usage, offloading to wifi if needed or when approaching the limit on the data plan...
Microsoft has embedded software from Devicescape into Windows Phone 8, allowing smartmobes to automatically leech off 11 million free Wi-Fi hotspots. Devicescape's technology is already mandated by Intel in its Ultrabook blueprints, but this Windows Phone tie-up is potentially a much bigger deal as phones already outnumber …
The Devil is in the Details
Such hotspots typically require the user to fill in a form and provide some personal details, and it's these steps that Devicescape automates.
The question is, which personal details are in play here, and does the software allow you to opt out if personal details are requested?
Hope their stuff has improved. Their Easy Wifi stuff on Nokia S60 used to brick my phone. Would mess with the network settings in such a way that it stopped working for no reason, phone would throw up system errors, and couldn't be reset or removed without a factory reset.
Also used to attempt to log onto all kinds of bogus hotspots that didn't work. They did have a facility to add in pay accounts to auto connect to pay hotspots like BT Openzone and similar. It never worked for me.
One small issue...
"DNS requests are typically forwarded by free Wi-Fi networks without requiring the user to be logged on, so the Devicescape server can respond with instructions specific to that hotspot."
I can inform you that they typically are not.
Trying to perform a DNS query when attached to a BT OpenZone (Probably one of the most common types, bar perhaps BTFon when someones BT HomeHub is dishing it out?) - results in the same entry every time when I've just checked - No doubt to redirect you instantly to their 'captive portal' thingy .
Interestingly, I connected to a BT OpenZone a few years back and fired up my lappy - I had what I thought was a stale RDP session open upon resuming - Bizarrely, it let me connect without authenticating....
This was at London Waterloo, and was a few years back - No doubt they've patched it now! - Made my day at the time though. (Before the days of free WiFi was so prevalent...)
Also, Orange have an app that does this for you, as they provide free cloudy WiFi.
Re: One small issue...
Orange app I think is tied to BT Openzone, but I refuse to install it on Android as the reviews are terrible. Again seems to mess up your existing network settings, has problems when dropping out of range and getting back onto 3G etc.
I just use their login pages if I really want to leak all my private data to an open public hotspot, though 9 times out of 10 I find public hotspots suck. Can log in but pages are slow to load or time out often.
3G is easier and in some cases quicker and finding a 3G signal is far easier than trying to find the one genuine BT Openzone hotspot in town as all the other BT ones are those stupid FON things.
so it automatically connects....
So how long before many users web based app paswords are compromised (it's not exactly difficult to sniff that stuff on wifi without a VPN to protect you).
I bet it doesn't set up a vpn tunnel to keep you safe whilst on *public* wifi so great idea, but bad security ms :(
If it ever got turned on by default... ohh the poor compromised millions of numpties it'll create will be huge (that's assuming MS actually manage to sell millions of phones ;-)
Re: or record how someone connects manually for the benefit of other users.
So, this thing which connects to OPEN wifi will broadcast the WPA key, since open points have WPA keys.
I'm confused by your logic.
It's going to autofill in the O2 WIFI/The Cloud/whatever forms for you. Nice and tinfoilhatless.
Urm, so what identifying data (as well as my location gets sent off) and who exactly can get and use that data ? If it can be turned off I don't mind so much, but if this is is made purely automatic in future then I certainly wouldn't be a happy bunny. I'd rather do a little more manual intervention than be tracked by yet another 3rd party and whoever they're affiliated with (which I presume will also include the US government via the Patriot Act, etc).
"... or record how someone connects manually for the benefit of other users."
I don't see what could go wrong with that technique... until one day a not-so-public, not-so-free Wifi AP somehowm manages to get onto their list of "Wifi Hotspots" and <del>snitches</del> records the login of some poor soul.
... ran a "free" wireless hotspot but asked people to provide their email for future advertising or asked them to answer a survey style question I think I'd be pretty pissed off if someone basically came and tried to basically use my hotspot by bypassing my front end... If the conditions of using the hot spot are that you allow me to mail you in future or you earn me a little bit of money by answering a question then isn't this software breaking some law or another?
First, I do have two Android apps that do this. Wifi Web Login costs a couple bucks, but makes it so if you connect to an access point with a "captive portal" click-through page, you click through it once and wifi web login records the keystrokes, clicks, etc. you performed. Next time you connect, it auto-replays them. The system used by Star Bucks, McDonalds, Sams Club, etc., doesn't work reliably with Wifi Web Login (I don't remember what wifi "network" these all are); but sbautologin (which is free) works with these.
Second... although I don't take click-through licenses very seriously, wouldn't this solution mean these windows 8 phone users are theoretically being agreed to all sorts of use agreements they have not even had a chance to read? That seems potentially problematic.