Interesting article about Android, what about WP8?

[freemind]

Hi guys,
Just FYI.
Google knows every Wi-Fi password entered from an Android device
What do you think? I remembered to have to reset my phone, I was happy that it remembered my backup data but I had to write password to wifi again.

 

[Vikram Dinesh]

Re: Interesting article about Android, what abour WP8?

WP does not store WiFi passwords. If it did then while restoring a backup it would restore all your WiFi settings too, which as of now it doesn't do.

 

[ohgood]

Re: Interesting article about Android, what abour WP8?

How is this a bad thing?

 

[foxbat121]

Re: Interesting article about Android, what abour WP8?

It's convenience thing. I wish WP8 did have such capability. I recently did a upgrade on my 920 by flashing Amber firmware via Nokia PC software. As such the phone is wiped and needs to be restored. However, since the default cell network connect does not work for AT&T (my phone is a unbranded DEV phone), and it can't connect to my wifi at the restoring stage, I ended up need to re-install everything manually.

 

[freemind]

Re: Interesting article about Android, what abour WP8?

No one saying it is bad thing ... just pointing out one of advantage of wp8 I suppose.
Of course if this would be possible as extra function to "click" that you want password to be stored, but visibly, i would not mind.

 

[Ian Too]

Re: Interesting article about Android, what abour WP8?

Convenience has always been the enemy of security and it is up to everyone to find their own balance; but too far in the direction of convenience is folly, while too much security is only a pain in the arse.

The general rule is TNO - trust no one. If you use a service to store logins for instance, always make sure the information is only stored on the computer as it is with Lastpass.

When you do have to trust a service, you have to consider two things: competence and intent. You never tell a secret to a blabber mouth and you never show a burglar where the keys are. The same principle applies here: Google have only ever instigated a security feature after they have been caught out, so they don't strike me as particularly smart.

Google's recent decision to encrypt files store in its servers are no use to Google's users, because they keep the passwords themselves. It would be far better to allow each user to set their own passwords, but then how would Google trawl through your files for keywords? Always distrust someone asking for details they shouldn't conceivably need. In this case of course, Google don't ask, they just take and exactly what use to Google is a database of private Wi-Fi logins?

This reinforces my ban of Android devices from the house. It's clear that Google use Android for illicit data mining and that no smart phone is better than an Android one. In fact dumping Google all together is now the only sane choice.

 

[foxbat121]

Re: Interesting article about Android, what abour WP8?

IIRC, back in my early Android days, I remember, the first time setup after firmware flashing or hard reset is to prompt you with an option to pick wifi network and enter wifi passwords so that restore of the phone is possible (and without consuming the cell data connection). Whether or not Google knows your password is a different story (which seems only happens in newer Android OS). I was surprised none of that happens in WP8.

 

[ag1986]

Re: Interesting article about Android, what abour WP8?

Convenience has always been the enemy of security and it is up to everyone to find their own balance; but too far in the direction of convenience is folly, while too much security is only a pain in the arse.

The general rule is TNO - trust no one. If you use a service to store logins for instance, always make sure the information is only stored on the computer as it is with Lastpass.

When you do have to trust a service, you have to consider two things: competence and intent. You never tell a secret to a blabber mouth and you never show a burglar where the keys are. The same principle applies here: Google have only ever instigated a security feature after they have been caught out, so they don't strike me as particularly smart.

Google's recent decision to encrypt files store in its servers are no use to Google's users, because they keep the passwords themselves. It would be far better to allow each user to set their own passwords, but then how would Google trawl through your files for keywords? Always distrust someone asking for details they shouldn't conceivably need. In this case of course, Google don't ask, they just take and exactly what use to Google is a database of private Wi-Fi logins?

This reinforces my ban of Android devices from the house. It's clear that Google use Android for illicit data mining and that no smart phone is better than an Android one. In fact dumping Google all together is now the only sane choice.

Android is open-source - you are free to take the code apart to see if it is in fact reporting things about you that it shouldn't (note that you can opt out of things like location tracking etc). I much prefer this to WP, which is closed-source. Hell, rebuild it from source and flash to a Nexus if that's what you want...

This feature is IMHO very useful. I change my phone around twice a year and it saves a lot of trouble having to go around adding wifi passwords again. And like you said, I can't imagine what Google will do with a bunch of SSIDs and passwords, so I don't mind letting them have it.

 

[arrowrand]

Re: Interesting article about Android, what abour WP8?

... just pointing out one of advantage of wp8 I suppose.

It's not an advantage, at least not for me.

I opted in (it is an opt-in feature on Android, not opt out) on Android, and when I change my Android phone or tablet, I don't have to set up 10 Wi-Fi networks manually. Among other items that are restored, all of those Wi-Fi settings come right back.

When I added a T-Mo Lumia, none of the settings from my VZW Lumia came back.

That might be an advantage for some, but for others it's a PIA.

 

[freemind]

Re: Interesting article about Android, what abour WP8?

OK, Google really might not going to use passwords, but having them in some place stored without knowledge of the user (now we know ) could be dangerous.
Because what worries me is, that there is ALWAYS a possibility of human error/intervention ... put behind the slash what you want.

 

[foxbat121]

Re: Interesting article about Android, what abour WP8?

OK, Google really might not going to use passwords, but having them in some place stored without knowledge of the user (now we know ) could be dangerous.

As pointed above, when you checked the box that says, among other things, 'backup Wi-Fi passwords', how is that store them without the knowledge if the user? Unless the user that is really dumb and don't know how to read.

On the same note, WP8's setup and restoring process isn't any better. Yes, it doesn't store wifi passwords. But it also does not prompt me to pick a wifi connection first either.

 

[Ian Too]

Re: Interesting article about Android, what abour WP8?

Android is open-source - you are free to take the code apart to see if it is in fact reporting things about you that it shouldn't (note that you can opt out of things like location tracking etc). I much prefer this to WP, which is closed-source. Hell, rebuild it from source and flash to a Nexus if that's what you want...

This feature is IMHO very useful. I change my phone around twice a year and it saves a lot of trouble having to go around adding wifi passwords again. And like you said, I can't imagine what Google will do with a bunch of SSIDs and passwords, so I don't mind letting them have it.

While your first point is true in principle, the VAST majority of people lack the expertise to examine the code and wouldn't if they could. After all, who reads T&C's for every site they subscribe to and that's in plain English? For that VAST majority, a closed ecosystem is far better as it helps reduce malware - to invisibility in the case of Windows Phone.

Another thing to bare in mind is that while open source is a good answer to surveillance by the state, it also makes it far easier for hackers to find weaknesses to exploit, so while open source has become the mantra in techie circles, there are advantages to in house development by a company like Microsoft.

Of course rebuilding Android would take thousands of hours and you would still end up with something insecure, buggy and laggy; it runs Java for Pete's sake. This is why I'm anti-Android, it can't be fixed.

I recently changed my mobile devices and used Onenote to copy my Wi-Fi password to the new devices. Once I'd joined the network with the new devices, I deleted all copies of the note containing the password. As a solution it isn't perfect, but the window of opportunity for a hacker is small and the compromise was worth the risk. It would have been better if Microsoft encrypted files stored in Skydrive, but that's something I'm hoping they'll instigate, along with VPN and PGP for everybody.

Your final sentence is quite funny. Perhaps you haven't followed the news, but Google have been indicted and are awaiting trial on courts in both the US and Europe for breaching personal privicy. That means they've already breached people's trust, so you'd have to be a fool to trust them and just because YOU can't imagine what harm can be done with a database of SSIDs and passwords doesn't mean THEY can't. Google have to make this information pay somehow.

 

[Ian Too]

Re: Interesting article about Android, what abour WP8?

As pointed above, when you checked the box that says, among other things, 'backup Wi-Fi passwords', how is that store them without the knowledge if the user? Unless the user that is really dumb and don't know how to read...

As I asked in another post, who reads all the T&Cs for every service, you? And if you know you've clicked that box without reading the T&Cs doesn't that make you pretty dumb by your own standards? Blaming the victim really is becoming all the rage, even when those throwing the first stone are no better.

Someone who uses legal means to deprive someone of something which is theirs is called a shyster and that's what Google is, a digital shyster. Don't let them use convenience to deprive you of what's yours.

 

[arrowrand]

Re: Interesting article about Android, what abour WP8?

As I asked in another post, who reads all the T&Cs for every service, you? And if you know you've clicked that box without reading the T&Cs doesn't that make you pretty dumb by your own standards?

The details of what you're backing up to Google's servers isn't in the T&C, its right there in the opt-in selection window.

It says straight up, you're going to be backing your bookmarks, Wi-Fi passwords (and probably other things) if you check this box.

 

[tk-093]

Re: Interesting article about Android, what abour WP8?

If you don't want it to back up your WiFi password, don't check the box saying it will back up your WiFi password. It's been around since like Android 2.2 or 2.3.

 

[ohgood]

Re: Interesting article about Android, what abour WP8?

If you don't want it to back up your WiFi password, don't check the box saying it will back up your WiFi password. It's been around since like Android 2.2 or 2.3.

Too easy and no drama.

Weekday I really don't get, is why anyone cares about some company having your study password... Are they going to war drive your house, with the Google street view car?

Here, I have a picture of my boots, now you know the tread pattern o of my boots. It matters about as much.... Yds know?

 

[ag1986]

Re: Interesting article about Android, what abour WP8?

Your final sentence is quite funny. Perhaps you haven't followed the news, but Google have been indicted and are awaiting trial on courts in both the US and Europe for breaching personal privicy. That means they've already breached people's trust, so you'd have to be a fool to trust them and just because YOU can't imagine what harm can be done with a database of SSIDs and passwords doesn't mean THEY can't. Google have to make this information pay somehow.

Perhaps you don't understand the meaning of the word indicted. That word means that a grand jury or other authority has found them eligible to be accused of a criminal offense. This is not applicable to Google and (apart from the Streetview Wifi incident) they have not been found violating anyone's privacy. Moreover, none of that is a criminal offense, these are civil matters. I believe the fool is not me, but someone else here.

 

[ag1986]

Re: Interesting article about Android, what abour WP8?

While your first point is true in principle, the VAST majority of people lack the expertise to examine the code and wouldn't if they could. After all, who reads T&C's for every site they subscribe to and that's in plain English? For that VAST majority, a closed ecosystem is far better as it helps reduce malware - to invisibility in the case of Windows Phone.

Another thing to bare in mind is that while open source is a good answer to surveillance by the state, it also makes it far easier for hackers to find weaknesses to exploit, so while open source has become the mantra in techie circles, there are advantages to in house development by a company like Microsoft.

Of course rebuilding Android would take thousands of hours and you would still end up with something insecure, buggy and laggy; it runs Java for Pete's sake. This is why I'm anti-Android, it can't be fixed.

I have one word for you: Windows.
Closed source. The most insecure operating system in history, and it is also buggy and laggy to boot. That pretty much kills your closed-source is secure theory and also exposes the fact that you have absolutely no knowledge of software development and information security in general. Contrast to Linux, open source, still lightyears ahead of Windows in security and stability.

In a closed-source dev shop, only the developers (MS for instance) have knowledge about security holes and it is therefore in their interest to hide this as long as it takes to fix. However, other black hats may have figured it out and may be using this to hack into things. With Linux, however, since it's a community, nobody can hide vulns in the source code for very long.

ref When Internet security is concerned, Microsoft continues to hide its head in the sand (old article)

 

[ag1986]

Re: Interesting article about Android, what abour WP8?

Of course rebuilding Android would take thousands of hours and you would still end up with something insecure, buggy and laggy; it runs Java for Pete's sake. This is why I'm anti-Android, it can't be fixed.

And another stunning display of ignorance. You see, when we who have a soup?on of technical knowledge say 'build', we mean taking the source code and compiling and then linking it, thus getting executable files that actually do stuff on their own. Please see Software build - Wikipedia, the free encyclopedia

 

[foxbat121]

Re: Interesting article about Android, what abour WP8?

As I asked in another post, who reads all the T&Cs for every service, you? And if you know you've clicked that box without reading the T&Cs doesn't that make you pretty dumb by your own standards? Blaming the victim really is becoming all the rage, even when those throwing the first stone are no better.

As mentioned by others again, it is not in the T&C. It is in the check box label itself. Please post something you really have clue with.