How to connect to public WiFi
up vote
22
down vote
favorite
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
asked 2 days ago
Jonas
6,3313152
|
show 7 more comments
up vote
22
down vote
favorite
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
asked 2 days ago
Jonas
6,3313152
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
2 days ago
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
2 days ago
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
2 days ago
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
2 days ago
6
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
2 days ago
|
show 7 more comments
up vote
22
down vote
favorite
up vote
22
down vote
favorite
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
asked 2 days ago
Jonas
6,3313152
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
wifi
asked 2 days ago
Jonas
6,3313152
asked 2 days ago
Jonas
6,3313152
asked 2 days ago
Jonas
6,3313152
asked 2 days ago
Jonas
6,3313152
asked 2 days ago
Jonas
6,3313152
6,3313152
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
2 days ago
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
2 days ago
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
2 days ago
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
2 days ago
6
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
2 days ago
|
show 7 more comments
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
2 days ago
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
2 days ago
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
2 days ago
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
2 days ago
6
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
2 days ago
4
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
2 days ago
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
2 days ago
4
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
2 days ago
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
2 days ago
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
2 days ago
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
2 days ago
1
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
2 days ago
Take a HTTP-only site and bookmark it?
– Federico Poloni
2 days ago
6
6
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
2 days ago
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
2 days ago
|
show 7 more comments
1 Answer
1
active
oldest
votes
up vote
28
down vote
accepted
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
answered 2 days ago
Kevin
42646
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
8
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
|
show 12 more comments
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
28
down vote
accepted
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
answered 2 days ago
Kevin
42646
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
8
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
|
show 12 more comments
up vote
28
down vote
accepted
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
answered 2 days ago
Kevin
42646
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
8
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
|
show 12 more comments
up vote
28
down vote
accepted
up vote
28
down vote
accepted
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
answered 2 days ago
Kevin
42646
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
answered 2 days ago
Kevin
42646
answered 2 days ago
Kevin
42646
answered 2 days ago
Kevin
42646
answered 2 days ago
Kevin
42646
42646
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
8
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
|
show 12 more comments
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
8
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
17
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
2 days ago
11
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
2 days ago
1
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
2 days ago
4
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
Oh, please do publish how edge can cause an bsod...
– vidarlo
2 days ago
8
8
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
Please, don't spread FUD in the comments section.
– Burhan Khalid
yesterday
|
show 12 more comments
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
2 days ago
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
2 days ago
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
2 days ago
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
2 days ago
6
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
2 days ago