Greg, this is a bit of an unusual review as it might require us to find a feature team to work on it. Do you know a 20%er who might be interested in working on it? Or is that task better suited for a 100%er?

Windows apparently shows a privacy warning: https://www.howtogeek.com/howto/28653/debunking-myths-is-hiding-your-wireless-ssid-really-more-secure/

I just tested this:
1. Create a hidden SSID
2. Connect Chromebook to hidden SSID
3. Disable and re-enable wifi on Chromebook
--> Chromebook auto-connects to hidden SSID

Afaiu this is only possibly by broadcasting the hidden SSID.

I can see the following options for moving forward:
a) disable auto-connecting to hidden SSIDs (with enterprise policy to add it back)
b) show a scary warning when auto-connecting to hidden SSIDs is enabled:
b1) allow users to choose whether they would like to auto-connect as part of the "Join other ..." flow and show a warning both in "Join other" and Settings when auto-connecting is enabled
b2) disable auto-connecting by default and allow users to opt into auto-connecting from Settings and show the the warning only there

Steven, do you have thoughts about what would be the best UI here? I assume a) is infeasible because sometimes users just don't have control of the wifi setup and they need to work with what's available?

This should probably have a better description.

+derat@ and kirtika@ who may have a better informed opinion here.

b1) seems reasonable to me. Requiring a separate step to enable auto connect seems pretty high friction, and forbidding it entirely for non enterprise users seems pretty extreme (and would likely impact a lot of users).

As noted, this will require UX input and a feature effort.

I don't know anything about this beyond what's written here (and in the linked documents), but b1) sounds reasonable to me too.

It seems that we have consensus on the changes [1] that we should make. Assigning to Melissa for the actual implementation.

[1] https://docs.google.com/document/d/1aDZHyDlaGPYZhVS7jO61TscTyC9n19_mF295fsrz4rY/edit

The HTML for the dialog contents is here:
https://cs.chromium.org/chromium/src/ui/webui/resources/cr_components/chromeos/network/network_config.html

Hosted by this HTML:
https://cs.chromium.org/chromium/src/chrome/browser/resources/chromeos/internet_config_dialog/internet_config_dialog.html

You should just be able to just add the checkbox and messaging then modify the condition here to set 'AutoConnect' to true:
https://cs.chromium.org/chromium/src/ui/webui/resources/cr_components/chromeos/network/network_config.js?g=0&l=398