It's opt in for the person with the option to share network credentials.
It's not opt-in for the owner of the network, who should really have a say in the matter.
I do use this feature from time to time, but it's typically on networks where either I'm the owner, or the owner's given me permission to share the creds.
This also opens up an attack surface (which I got to experience firsthand on a burner device at DEF CON 31), where someone spoofs an Apple device requesting network creds. The attack itself involves spamming share requests and catching you off guard, causing you to hit OK, or you just hit OK out of notification fatigue.
> It's not opt-in for the owner of the network, who should really have a say in the matter.
Why? It’s literally just a shortcut for asking for the password from someone who already has it and then having it read it out loud or texted. If the owner of the network doesn’t want that happening they need to explain that in either case.
It reminds me a bit of how Waze or Google Maps would end up using access roads as shortcuts with navigation. You let a couple of people use it because you know them. They might tell a few others. Then big tech just sees it as "other people use it, so I'll use it". And now you have no control over your road anymore.
It’s a shortcut that deprives the network owner of agency. As the person running the network, should you not have some degree of control over who gets to join your network, be it fully open, fully closed, or anywhere in between?
> It’s a shortcut that deprives the network owner of agency.
It doesn’t, they have exactly as much agency as they would if the shortcut didn’t exist.
> As the person running the network, should you not have some degree of control over who gets to join your network, be it fully open, fully closed, or anywhere in between?
If you want more control than a shareable password provides, it’s on you to implement something other than a shareable password. A feature that merely helps people share passwords doesn’t change that.
If you need control over who joins your network, implement 802.1x or a captive portal or something. If you just use a WPA key, people will always share them, you can't stop them, there are literally crowdsourced online databases of "free internet" WiFi keys
> where someone spoofs an Apple device requesting network creds
How does this work? Isn't there any verification done through iCloud or something? I don't expect my phone to know about all my contacts' iphone identifiers.
I just tried this the other day with my cousin's wife whose phone number I don't have stored in my contacts and it didn't offer to share the wifi password until we both added each other's number.
It's not opt-in for the owner of the network, who should really have a say in the matter.
I do use this feature from time to time, but it's typically on networks where either I'm the owner, or the owner's given me permission to share the creds.
This also opens up an attack surface (which I got to experience firsthand on a burner device at DEF CON 31), where someone spoofs an Apple device requesting network creds. The attack itself involves spamming share requests and catching you off guard, causing you to hit OK, or you just hit OK out of notification fatigue.