How to connect to public WiFi
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
|
show 7 more comments
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
Nov 18 '18 at 15:32
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
Nov 18 '18 at 15:33
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
Nov 18 '18 at 16:08
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
Nov 18 '18 at 16:18
7
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
Nov 18 '18 at 19:03
|
show 7 more comments
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.
Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?
wifi
wifi
asked Nov 18 '18 at 15:16
JonasJonas
6,3463152
6,3463152
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
Nov 18 '18 at 15:32
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
Nov 18 '18 at 15:33
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
Nov 18 '18 at 16:08
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
Nov 18 '18 at 16:18
7
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
Nov 18 '18 at 19:03
|
show 7 more comments
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
Nov 18 '18 at 15:32
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
Nov 18 '18 at 15:33
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
Nov 18 '18 at 16:08
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
Nov 18 '18 at 16:18
7
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
Nov 18 '18 at 19:03
4
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
Nov 18 '18 at 15:32
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
Nov 18 '18 at 15:32
4
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
Nov 18 '18 at 15:33
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
Nov 18 '18 at 15:33
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
Nov 18 '18 at 16:08
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
Nov 18 '18 at 16:08
1
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
Nov 18 '18 at 16:18
Take a HTTP-only site and bookmark it?
– Federico Poloni
Nov 18 '18 at 16:18
7
7
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
Nov 18 '18 at 19:03
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
Nov 18 '18 at 19:03
|
show 7 more comments
1 Answer
1
active
oldest
votes
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
9
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
|
show 12 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "273"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
9
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
|
show 12 more comments
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
9
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
|
show 12 more comments
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).
If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).
Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.
answered Nov 18 '18 at 17:09
KevinKevin
42646
42646
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
9
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
|
show 12 more comments
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
9
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
17
17
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
Nov 18 '18 at 17:19
11
11
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
Nov 18 '18 at 18:35
1
1
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
@Kevin: Thanks - the question was prompted by my go-to site going https. Good to know that www.example.com will stick around.
– Jonas
Nov 18 '18 at 19:41
4
4
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
Oh, please do publish how edge can cause an bsod...
– vidarlo
Nov 18 '18 at 20:52
9
9
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
Please, don't spread FUD in the comments section.
– Burhan Khalid
Nov 19 '18 at 4:57
|
show 12 more comments
Thanks for contributing an answer to Travel Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
Nov 18 '18 at 15:32
4
Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
Nov 18 '18 at 15:33
I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
Nov 18 '18 at 16:08
1
Take a HTTP-only site and bookmark it?
– Federico Poloni
Nov 18 '18 at 16:18
7
This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
Nov 18 '18 at 19:03