Page 1 of 2 12 LastLast
Results 1 to 25 of 38
Like Tree22Likes
  1. freemind's Avatar
    Member

    Posts
    25 Posts
       #1  
    Hi guys,
    Just FYI.
    Google knows every Wi-Fi password entered from an Android device
    What do you think? I remembered to have to reset my phone, I was happy that it remembered my backup data but I had to write password to wifi again.
    Last edited by Dave Blake; 09-17-2013 at 07:42 PM.
  2. #2  
    WP does not store WiFi passwords. If it did then while restoring a backup it would restore all your WiFi settings too, which as of now it doesn't do.
  3. ohgood's Avatar
    Member

    Posts
    655 Posts
    Global Posts
    659 Global Posts
    #3  
    How is this a bad thing?
    awwwww how sweeeeeet. thanks !
    Thanked by:
    Quhi and Donvald like this.
  4. foxbat121's Avatar
    Member

    Posts
    643 Posts
    Global Posts
    841 Global Posts
    #4  
    It's convenience thing. I wish WP8 did have such capability. I recently did a upgrade on my 920 by flashing Amber firmware via Nokia PC software. As such the phone is wiped and needs to be restored. However, since the default cell network connect does not work for AT&T (my phone is a unbranded DEV phone), and it can't connect to my wifi at the restoring stage, I ended up need to re-install everything manually.
  5. freemind's Avatar
    Member

    Posts
    25 Posts
       #5  
    No one saying it is bad thing ... just pointing out one of advantage of wp8 I suppose.
    Of course if this would be possible as extra function to "click" that you want password to be stored, but visibly, i would not mind.
  6. Ian Too's Avatar
    Member

    Posts
    155 Posts
    #6  
    Convenience has always been the enemy of security and it is up to everyone to find their own balance; but too far in the direction of convenience is folly, while too much security is only a pain in the arse.

    The general rule is TNO - trust no one. If you use a service to store logins for instance, always make sure the information is only stored on the computer as it is with Lastpass.

    When you do have to trust a service, you have to consider two things: competence and intent. You never tell a secret to a blabber mouth and you never show a burglar where the keys are. The same principle applies here: Google have only ever instigated a security feature after they have been caught out, so they don't strike me as particularly smart.

    Google's recent decision to encrypt files store in its servers are no use to Google's users, because they keep the passwords themselves. It would be far better to allow each user to set their own passwords, but then how would Google trawl through your files for keywords? Always distrust someone asking for details they shouldn't conceivably need. In this case of course, Google don't ask, they just take and exactly what use to Google is a database of private Wi-Fi logins?

    This reinforces my ban of Android devices from the house. It's clear that Google use Android for illicit data mining and that no smart phone is better than an Android one. In fact dumping Google all together is now the only sane choice.
    jmshub and Rem97 like this.
  7. foxbat121's Avatar
    Member

    Posts
    643 Posts
    Global Posts
    841 Global Posts
    #7  
    IIRC, back in my early Android days, I remember, the first time setup after firmware flashing or hard reset is to prompt you with an option to pick wifi network and enter wifi passwords so that restore of the phone is possible (and without consuming the cell data connection). Whether or not Google knows your password is a different story (which seems only happens in newer Android OS). I was surprised none of that happens in WP8.
  8. ag1986's Avatar
    Banned

    Posts
    488 Posts
    #8  
    Quote Originally Posted by Ian Too View Post
    Convenience has always been the enemy of security and it is up to everyone to find their own balance; but too far in the direction of convenience is folly, while too much security is only a pain in the arse.

    The general rule is TNO - trust no one. If you use a service to store logins for instance, always make sure the information is only stored on the computer as it is with Lastpass.

    When you do have to trust a service, you have to consider two things: competence and intent. You never tell a secret to a blabber mouth and you never show a burglar where the keys are. The same principle applies here: Google have only ever instigated a security feature after they have been caught out, so they don't strike me as particularly smart.

    Google's recent decision to encrypt files store in its servers are no use to Google's users, because they keep the passwords themselves. It would be far better to allow each user to set their own passwords, but then how would Google trawl through your files for keywords? Always distrust someone asking for details they shouldn't conceivably need. In this case of course, Google don't ask, they just take and exactly what use to Google is a database of private Wi-Fi logins?

    This reinforces my ban of Android devices from the house. It's clear that Google use Android for illicit data mining and that no smart phone is better than an Android one. In fact dumping Google all together is now the only sane choice.
    Android is open-source - you are free to take the code apart to see if it is in fact reporting things about you that it shouldn't (note that you can opt out of things like location tracking etc). I much prefer this to WP, which is closed-source. Hell, rebuild it from source and flash to a Nexus if that's what you want...

    This feature is IMHO very useful. I change my phone around twice a year and it saves a lot of trouble having to go around adding wifi passwords again. And like you said, I can't imagine what Google will do with a bunch of SSIDs and passwords, so I don't mind letting them have it.
  9. arrowrand's Avatar
    Member

    Posts
    138 Posts
    Global Posts
    151 Global Posts
    #9  
    Quote Originally Posted by freemind View Post
    ... just pointing out one of advantage of wp8 I suppose.
    It's not an advantage, at least not for me.

    I opted in (it is an opt-in feature on Android, not opt out) on Android, and when I change my Android phone or tablet, I don't have to set up 10 Wi-Fi networks manually. Among other items that are restored, all of those Wi-Fi settings come right back.

    When I added a T-Mo Lumia, none of the settings from my VZW Lumia came back.

    That might be an advantage for some, but for others it's a PIA.
    Thanked by:
    FinancialP likes this.
  10. freemind's Avatar
    Member

    Posts
    25 Posts
       #10  
    OK, Google really might not going to use passwords, but having them in some place stored without knowledge of the user (now we know :)) could be dangerous.
    Because what worries me is, that there is ALWAYS a possibility of human error/intervention ... put behind the slash what you want.
    nohra likes this.
  11. foxbat121's Avatar
    Member

    Posts
    643 Posts
    Global Posts
    841 Global Posts
    #11  
    Quote Originally Posted by freemind View Post
    OK, Google really might not going to use passwords, but having them in some place stored without knowledge of the user (now we know :)) could be dangerous.
    As pointed above, when you checked the box that says, among other things, 'backup Wi-Fi passwords', how is that store them without the knowledge if the user? Unless the user that is really dumb and don't know how to read.

    On the same note, WP8's setup and restoring process isn't any better. Yes, it doesn't store wifi passwords. But it also does not prompt me to pick a wifi connection first either.
    MazoMark likes this.
  12. Ian Too's Avatar
    Member

    Posts
    155 Posts
    #12  
    Quote Originally Posted by ag1986 View Post
    Android is open-source - you are free to take the code apart to see if it is in fact reporting things about you that it shouldn't (note that you can opt out of things like location tracking etc). I much prefer this to WP, which is closed-source. Hell, rebuild it from source and flash to a Nexus if that's what you want...

    This feature is IMHO very useful. I change my phone around twice a year and it saves a lot of trouble having to go around adding wifi passwords again. And like you said, I can't imagine what Google will do with a bunch of SSIDs and passwords, so I don't mind letting them have it.
    While your first point is true in principle, the VAST majority of people lack the expertise to examine the code and wouldn't if they could. After all, who reads T&C's for every site they subscribe to and that's in plain English? For that VAST majority, a closed ecosystem is far better as it helps reduce malware - to invisibility in the case of Windows Phone.

    Another thing to bare in mind is that while open source is a good answer to surveillance by the state, it also makes it far easier for hackers to find weaknesses to exploit, so while open source has become the mantra in techie circles, there are advantages to in house development by a company like Microsoft.

    Of course rebuilding Android would take thousands of hours and you would still end up with something insecure, buggy and laggy; it runs Java for Pete's sake. This is why I'm anti-Android, it can't be fixed.

    I recently changed my mobile devices and used Onenote to copy my Wi-Fi password to the new devices. Once I'd joined the network with the new devices, I deleted all copies of the note containing the password. As a solution it isn't perfect, but the window of opportunity for a hacker is small and the compromise was worth the risk. It would have been better if Microsoft encrypted files stored in Skydrive, but that's something I'm hoping they'll instigate, along with VPN and PGP for everybody.

    Your final sentence is quite funny. Perhaps you haven't followed the news, but Google have been indicted and are awaiting trial on courts in both the US and Europe for breaching personal privicy. That means they've already breached people's trust, so you'd have to be a fool to trust them and just because YOU can't imagine what harm can be done with a database of SSIDs and passwords doesn't mean THEY can't. Google have to make this information pay somehow.
  13. Ian Too's Avatar
    Member

    Posts
    155 Posts
    #13  
    Quote Originally Posted by foxbat121 View Post
    As pointed above, when you checked the box that says, among other things, 'backup Wi-Fi passwords', how is that store them without the knowledge if the user? Unless the user that is really dumb and don't know how to read...
    As I asked in another post, who reads all the T&Cs for every service, you? And if you know you've clicked that box without reading the T&Cs doesn't that make you pretty dumb by your own standards? Blaming the victim really is becoming all the rage, even when those throwing the first stone are no better.

    Someone who uses legal means to deprive someone of something which is theirs is called a shyster and that's what Google is, a digital shyster. Don't let them use convenience to deprive you of what's yours.
  14. arrowrand's Avatar
    Member

    Posts
    138 Posts
    Global Posts
    151 Global Posts
    #14  
    Quote Originally Posted by Ian Too View Post
    As I asked in another post, who reads all the T&Cs for every service, you? And if you know you've clicked that box without reading the T&Cs doesn't that make you pretty dumb by your own standards?
    The details of what you're backing up to Google's servers isn't in the T&C, its right there in the opt-in selection window.

    It says straight up, you're going to be backing your bookmarks, Wi-Fi passwords (and probably other things) if you check this box.
    MazoMark and Donvald like this.
  15. tk-093's Avatar
    Member

    Posts
    1,319 Posts
    Global Posts
    1,654 Global Posts
    #15  
    If you don't want it to back up your WiFi password, don't check the box saying it will back up your WiFi password. It's been around since like Android 2.2 or 2.3.
    MazoMark and Donvald like this.
  16. ohgood's Avatar
    Member

    Posts
    655 Posts
    Global Posts
    659 Global Posts
    #16  
    Quote Originally Posted by tk-093 View Post
    If you don't want it to back up your WiFi password, don't check the box saying it will back up your WiFi password. It's been around since like Android 2.2 or 2.3.

    Too easy and no drama.

    Weekday I really don't get, is why anyone cares about some company having your study password... Are they going to war drive your house, with the Google street view car?

    Here, I have a picture of my boots, now you know the tread pattern o of my boots. It matters about as much.... Yds know?
    awwwww how sweeeeeet. thanks !
  17. ag1986's Avatar
    Banned

    Posts
    488 Posts
    #17  
    Quote Originally Posted by Ian Too View Post
    Your final sentence is quite funny. Perhaps you haven't followed the news, but Google have been indicted and are awaiting trial on courts in both the US and Europe for breaching personal privicy. That means they've already breached people's trust, so you'd have to be a fool to trust them and just because YOU can't imagine what harm can be done with a database of SSIDs and passwords doesn't mean THEY can't. Google have to make this information pay somehow.
    Perhaps you don't understand the meaning of the word indicted. That word means that a grand jury or other authority has found them eligible to be accused of a criminal offense. This is not applicable to Google and (apart from the Streetview Wifi incident) they have not been found violating anyone's privacy. Moreover, none of that is a criminal offense, these are civil matters. I believe the fool is not me, but someone else here.
    Thanked by:
    ohgood 
    MazoMark, FinancialP and Donvald like this.
  18. ag1986's Avatar
    Banned

    Posts
    488 Posts
    #18  
    Quote Originally Posted by Ian Too View Post
    While your first point is true in principle, the VAST majority of people lack the expertise to examine the code and wouldn't if they could. After all, who reads T&C's for every site they subscribe to and that's in plain English? For that VAST majority, a closed ecosystem is far better as it helps reduce malware - to invisibility in the case of Windows Phone.

    Another thing to bare in mind is that while open source is a good answer to surveillance by the state, it also makes it far easier for hackers to find weaknesses to exploit, so while open source has become the mantra in techie circles, there are advantages to in house development by a company like Microsoft.

    Of course rebuilding Android would take thousands of hours and you would still end up with something insecure, buggy and laggy; it runs Java for Pete's sake. This is why I'm anti-Android, it can't be fixed.
    I have one word for you: Windows.
    Closed source. The most insecure operating system in history, and it is also buggy and laggy to boot. That pretty much kills your closed-source is secure theory and also exposes the fact that you have absolutely no knowledge of software development and information security in general. Contrast to Linux, open source, still lightyears ahead of Windows in security and stability.

    In a closed-source dev shop, only the developers (MS for instance) have knowledge about security holes and it is therefore in their interest to hide this as long as it takes to fix. However, other black hats may have figured it out and may be using this to hack into things. With Linux, however, since it's a community, nobody can hide vulns in the source code for very long.

    ref When Internet security is concerned, Microsoft continues to hide its head in the sand (old article)
    MazoMark likes this.
  19. ag1986's Avatar
    Banned

    Posts
    488 Posts
    #19  
    Quote Originally Posted by Ian Too View Post
    Of course rebuilding Android would take thousands of hours and you would still end up with something insecure, buggy and laggy; it runs Java for Pete's sake. This is why I'm anti-Android, it can't be fixed.
    And another stunning display of ignorance. You see, when we who have a soupçon of technical knowledge say 'build', we mean taking the source code and compiling and then linking it, thus getting executable files that actually do stuff on their own. Please see Software build - Wikipedia, the free encyclopedia
    Donvald likes this.
  20. foxbat121's Avatar
    Member

    Posts
    643 Posts
    Global Posts
    841 Global Posts
    #20  
    Quote Originally Posted by Ian Too View Post
    As I asked in another post, who reads all the T&Cs for every service, you? And if you know you've clicked that box without reading the T&Cs doesn't that make you pretty dumb by your own standards? Blaming the victim really is becoming all the rage, even when those throwing the first stone are no better.
    As mentioned by others again, it is not in the T&C. It is in the check box label itself. Please post something you really have clue with.
    Thanked by:
    MazoMark and Donvald like this.
  21. stephen_az's Avatar
    Member

    Posts
    683 Posts
    Global Posts
    717 Global Posts
    #21  
    Quote Originally Posted by ag1986 View Post
    I have one word for you: Windows.
    Closed source. The most insecure operating system in history, and it is also buggy and laggy to boot. That pretty much kills your closed-source is secure theory and also exposes the fact that you have absolutely no knowledge of software development and information security in general. Contrast to Linux, open source, still lightyears ahead of Windows in security and stability.

    In a closed-source dev shop, only the developers (MS for instance) have knowledge about security holes and it is therefore in their interest to hide this as long as it takes to fix. However, other black hats may have figured it out and may be using this to hack into things. With Linux, however, since it's a community, nobody can hide vulns in the source code for very long.

    ref When Internet security is concerned, Microsoft continues to hide its head in the sand (old article)
    Wow, someone certainly does not hide their biases.

    1) Windows 7 and 8 are neither slow, nor laggy, nor insecure.
    2) Insecurities occasionally flagged in Windows are identified because it runs on more than 90% of the PCs in use. It is profitable (either financially or simply ego) to target whereas the various iterations of Apple's OS and all of the Linux distros run on machines that take up so little of the market it is not worth anyone's while to hack/attack.
    3) Android is very insecure, as US agencies that require enhanced security have made clear for several years. US Customs, in fact, identified open source and OEM ability to modify as among of the reasons they only authorized IOS last year. It is also made even less secure for the same reason Windows is targeted by hackers. It runs the vast majority of smart phones and tablets. It is, therefore, worth the time to hack.
    4) If the best you can do is pull up an article that predates the release of Windows 7 to demonstrate your argument about the insecurity of Windows you might want to give a bit more thought to your thesis. I can post a bunch of links showing that Firestone tires represent a risk for blow outs; or that the O rings in the space shuttle's solid rocket boosters might fail in cold weather; or that Ford Pintos blow up when rear ended but that doesn't mean current Firestone tires blow out, nor NASA's/USAF prototype reusable vehicle will explode, nor a modern Ford represent a greater risk to drivers.
  22. AngryNil's Avatar
    Member

    Posts
    1,378 Posts
    Global Posts
    1,382 Global Posts
    #22  
    Quote Originally Posted by foxbat121 View Post
    On the same note, WP8's setup and restoring process isn't any better. Yes, it doesn't store wifi passwords. But it also does not prompt me to pick a wifi connection first either.
    They are two completely different problems. Google's approach is a potential security issue, Microsoft's is bad design. That said, setup over WiFi is rumoured to come with GDR3.
  23. ohgood's Avatar
    Member

    Posts
    655 Posts
    Global Posts
    659 Global Posts
    #23  
    Quote Originally Posted by AngryNil View Post
    They are two completely different problems. Google's approach is a potential security issue, Microsoft's is bad design. That said, setup over WiFi is rumoured to come with GDR3.
    How is it a security issue ?

    No one has explained this to me yet.
    awwwww how sweeeeeet. thanks !
  24. foxbat121's Avatar
    Member

    Posts
    643 Posts
    Global Posts
    841 Global Posts
    #24  
    Quote Originally Posted by AngryNil View Post
    They are two completely different problems. Google's approach is a potential security issue, Microsoft's is bad design. That said, setup over WiFi is rumoured to come with GDR3.
    Fair enough. That's my current gripe with WP. It is not better. As for potential security issues with Google's approach, how is that any difference with Apple that backs up entire ROM of the phone into iCloud? FYI, I don't use iDevices so I don't know how exactly that works.
  25. gsquared's Avatar
    Member

    Posts
    1,376 Posts
    #25  
    Quote Originally Posted by arrowrand View Post
    It's not an advantage, at least not for me.

    I opted in (it is an opt-in feature on Android, not opt out) on Android, and when I change my Android phone or tablet, I don't have to set up 10 Wi-Fi networks manually. Among other items that are restored, all of those Wi-Fi settings come right back.

    When I added a T-Mo Lumia, none of the settings from my VZW Lumia came back.

    That might be an advantage for some, but for others it's a PIA.
    There lies the dilemma. You are allowing GOOG to store WiFi password to access points that do not belong to you. Did you bother to get the owners permission before letting GOOG have that password for whatever purpose they want it? Maybe the owner of that access point doesn't want GOOG to have that password.
    Support your third-party developers. There just about all we have...
    nohra likes this.
Page 1 of 2 12 LastLast

Similar Threads

  1. What MS needs to think about this WP Desktop App?
    By nitin88 in forum Windows Phone 8
    Replies: 3
    Last Post: 09-18-2013, 07:45 AM
  2. Connectivity error is showing while whats app is closing..
    By Lukson K Thomas in forum Nokia Lumia 820
    Replies: 3
    Last Post: 09-16-2013, 12:55 PM
  3. Windows 8.1 RT (what are you expecting?)
    By Daniel Gandolfo in forum Microsoft Surface for Windows RT
    Replies: 3
    Last Post: 09-16-2013, 06:02 AM
  4. Chronos Calendar no longer synching with WP8/live calendar
    By wpfan86 in forum Windows Phone Apps
    Replies: 1
    Last Post: 09-15-2013, 06:26 PM

Posting Permissions

B