Look, Microsoft. Just because I am Facebook friends with someone, doesn’t mean I want to share my wifi passwords with them.
Unfortunately, that’s exactly what happens by default in Windows 10. Anyone who I’m Outlook.com contacts with (spammers), Skype friends with (webcam strippers), or Facebook friends with (high school buddies turned webcam strippers) can connect to wifi networks that I have the password for.
It’s part of a system called Wi-Fi Sense, which has been lurking in Windows Phone for a while now. It sends wifi passwords (encrypted; they never see the plaintext password) to your contacts, who can therefore connect to any wifi network that you have the password to. It’s turned on by default, and I had to dig around in a few levels of settings to disable it.
(There’s also a checkbox when you first connect to a wifi network, giving you the option not to share the network. But since Windows 10 helpfully keeps your saved passwords when you upgrade, all the networks you’ve previously connected to are shared by default.)
I’m not really complaining about the existence of the feature in the first place — I can see how it could be helpful, if you’re a non-data-plan-having tween hopping between various wifi-enabled basements. It’s the fact that Wi-Fi Sense is enabled by default, and most people will never know that it’s there.
It’s also a huge security fuckup waiting to happen. Users might not see the password, but it’s stored on the machine somewhere, and you can bet that an intrepid hacker will get at it.
To disable Wi-Fi sense, head into Wi-Fi—>Network settings—>Manage Wi-Fi settings, and uncheck basically all the boxes you can see.
This post is part of a week-long experiment with Windows 10 ahead of the official launch on July 29th.
This article originally appeared on Gizmodo's Reviews Blog