> "When you apply for a mortgage you are informed in advance that it might be sold. In fact, when I got mine I was told it would be sold. This information is given to every applicant as a legal requirement and people who don't like it don't need to go through with the application."
Ah yes, the good ol' American practice of victim blaming: "Well, we specifically told you we'd screw you over; look, it's in paragraph 151, subsection 15, article G of the document you signed as we hovered over you impatiently that time you came in when we didn't tell you we were closing 10 mins after that appointment we setup the day before the deadline to sign... so it's really YOUR fault!"
> "What about the 268,000 employees who work at Wells Fargo, 99% of whom had nothing to do with this?"
Boo-fukken-hoo. They were all part of the problem - the grease of the machinery if you will; something this bad doesn't go unnoticed by so many people. This was clearly an "inside job" with many, many people involved internally.
I would have no sympathy for any of them, even if they'd end up losing their own homes as a result (sweet, sweet irony that would be!)
Again, the whole work vs. personal networks isn't what's really relevant here - it's the auto-joining of synced in Wifi network(s) from other devices that's the real issue (see my other post(s) here for an example).
While the OP is referring to a "work" machine, I feel their setup is besides the point - it's the fact that it's auto-joining a synced-in Wifi that's the issue...
Essentially, what happened to me is that on my iOS device I was setting up an IoT device (which, similar to the OP, I keep IoT stuff on a different network segment from the rest on my home network by having their own 'IoT devices only Wifi'), which you can only do so via an app, by joining an 'ad-hoc' network created by the IoT device. And that's where all that began; the sequence of events:
1. joined the IoT's Wifi network from my iOS device to set it up; doing this records that Wifi connection in iOS, and the default is that 'auto-join' is enabled for newly joined networks
2. this new Wifi network is synced to my Mac(s) (all personal machines) since I have iCloud Keychain sync enabled
3. Later on, my Mac lost its primary network connection (from router reboot, or other event, etc.); Mac goes "Hmm, network down. Oooh! There's this other new Wifi that's available, lemme join that one automatically!"
4. Me later, after noticing my internet doesn't seem to work on my mac, even though it shows having a network connection: "WTF is this connected to that network?!? I don't want anything else connecting to that!!"
So essentially my mac(s) joined a new network not meant for them, automatically, without my explicit action. That potentially opens it up to security issues of the IoT device because of this auto-join it does behind one's back.
While it could be said that the user shouldn't be mixing a "home" keychain (iCloud) account on a "work" machine, perhaps their work have a BYOD policy, and/or perhaps a policy of using Keychain for work-related password storage, and since iOS doesn't allow the use of multiple user accounts even on their so-called "Pro" devices (hello, Apple? It's 2022!) maybe they don't really have a choice.
But I think that whole argument is beside the point, because the real issues as pointed out are:
- one network used on one device shouldn't necessarily mean that it's suitable for *all* the user's devices [1]
- but more importantly: syncing of Wifi network should only be a convenience; actually connecting to a synced-in Wifi network should only happen by explicit user action, and the 'auto-join' feature should never, ever sync across devices (it should only ever be a device-specific setting), defaulted to off when synced in via iCloud Keychain sync. [2]
That second point is what I also believe to be a security risk.
Yeah, sure, it's a "feature", but with what I feel is a massive security risk.
I got bit by this myself not too long ago; glad to see it getting some traction from someone at Apple, even though it's from the totally wrong department.
For me, on a Mac, I consider Safari dead in the water ever since they crippled its extension support, so that's a no-go.
Chrome is made by whom I consider a privacy rapist, so I refuse to use that. As for any Chromium derivatives - well, given its origins, I consider them tainted, so no-go as well on those.
That leaves only Firefox, which to me is quite capable and fast, and I really have no issues using it.
I do think governments should look closely at Chrome's monopoly, since it's Google's (or Alphabet, or whatever name-du-jour) power play in vertical integration/takeover for its own advantage, and way to crush competition.