> HTTPS is explicitly designed to prevent a Monster-in-the-Middle (MiTM)<p>Monsters don't exist. If people are really committed to erase anything that has the word "man" in it, at least they should try to be less lazy and use a term for people outside kindergarten.
I absolutely hate this nonsense. They cause countess headaches just to make people click an unenforceable "I Agree" button to terms nobody reads. What would be the best way to kill captive portals once and for all?
I am currently writing captive portal support for a big-name internet provider. This article only scratches the surface of how difficult it all is. Each OS is different, and each is painfully undocumented
I currently live on a boat. Dealing with captive portal bs from the marine is always a nightmare. You have to buy the correct wifi extender/repeater otherwise you have to connect each device directly to the network.
To my shame, I must admit that I've implemented a captive portal before.<p>The article fails to mention <a href="https://datatracker.ietf.org/doc/html/rfc8952" rel="nofollow">https://datatracker.ietf.org/doc/html/rfc8952</a> and <a href="https://datatracker.ietf.org/doc/html/rfc8908" rel="nofollow">https://datatracker.ietf.org/doc/html/rfc8908</a> which get rid of most of the pain of captive portals on modern OS from a user perspective Still need to support Captive-Portal detection URLs for some edge-cases (Apple, MS, NetworkManager) and older desktops. But at least HTTP redirection becomes obsolete in almost all cases. Also has the nice feature of showing links to venue info page and remaining data volume in Android.
Let's plug one of my "joke" domains:<p><a href="http://amibehindacaptiveportal.com" rel="nofollow">http://amibehindacaptiveportal.com</a><p>If you get any response other than "No" then you're behind a captive portal.
While I generally agree with the prevailing sentiment here I actually managed to implement a captive portal with surprisingly little trouble (ubuntu + haproxy). Use case was an offline WLAN where I needed to direct users through a specific flow / landing page. All up it was less than a day's research and work, plus the landing page build.<p>Found some decent resources in the process such as <a href="https://captivebehavior.wballiance.com/" rel="nofollow">https://captivebehavior.wballiance.com/</a><p>Happy to provide further detail if anyone is interested.
If I had access to a time machine, while I'd certainly kill Hitler and Stalin first and second, whoever invented the concept of a "captive portal" would end up dead before I ran out of bullets.<p>Just a stupid idea, badly implemented. So many places turned them on not because of any <i>actual</i> mandate from their legal department (how many places with captive portal pages actually have 'Legal Departments', anyway?) to do so, but because the feature was <i>there</i> in their routers, and thus it seemed like the "safe" thing to do. And once it became the standard thing for businesses to do, suddenly <i>every</i> business felt the need to do it. And now, people look at you like you're crazy if you suggest setting up a Guest WiFi network without one.<p>It's just too bad. This is literally why we can't have nice things.
What I don't see mentioned here is the issue to redirect the user from the captive portal browser back to its own (preferred) browser to display a landing page after acknowledging the TOS. On Android this seemed completely impossible and I noticed several implementations where there was simply requested to copy a link. On Apple any link with target blank would open a new Safari window. I'am wondering if this changed with later Android releases
I think apple is leaving money on the table. They could expect the captive site to return a meta element redirect to apple.com as most wifi portals return you back to the site it intercepted.<p>I often see the “Success” message and didn’t know that was defined by apple
I kind of hope one day personal data plans render public wifi obsolete. Every time you connect to a new wifi network you just never know what awaits. It might be a slow connection, it might be a shitty device that only kind of works, it might be a security nightmare… Wouldn't it be great if all our devices, laptops, tablets, mobile phones, had digital SIMs and we could just purchase a single data plan for all of them!