How to connect to public WiFi











up vote
21
down vote

favorite
4












In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi







share|improve this question


















  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago















up vote
21
down vote

favorite
4












In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi







share|improve this question


















  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago













up vote
21
down vote

favorite
4









up vote
21
down vote

favorite
4






4





In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi







share|improve this question













In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi




wifi






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked yesterday









Jonas

6,3263152




6,3263152








  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago














  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago








4




4




Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
yesterday




Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
yesterday




4




4




Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
yesterday




Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
yesterday












I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
yesterday




I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
yesterday




1




1




Take a HTTP-only site and bookmark it?
– Federico Poloni
yesterday




Take a HTTP-only site and bookmark it?
– Federico Poloni
yesterday




6




6




This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
22 hours ago




This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
22 hours ago










1 Answer
1






active

oldest

votes

















up vote
27
down vote



accepted












  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer





















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "273"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
27
down vote



accepted












  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer





















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago















up vote
27
down vote



accepted












  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer





















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago













up vote
27
down vote



accepted







up vote
27
down vote



accepted








  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer














  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









Kevin

41646




41646












  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago


















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago
















And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
– deviantfan
yesterday




And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
– deviantfan
yesterday




16




16




@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
yesterday




@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
yesterday




9




9




@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
22 hours ago




@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
22 hours ago




3




3




Oh, please do publish how edge can cause an bsod...
– vidarlo
20 hours ago




Oh, please do publish how edge can cause an bsod...
– vidarlo
20 hours ago




6




6




Please, don't spread FUD in the comments section.
– Burhan Khalid
12 hours ago




Please, don't spread FUD in the comments section.
– Burhan Khalid
12 hours ago


















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

android studio warns about leanback feature tag usage required on manifest while using Unity exported app?

Image
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 This is a simple project showing cubes on Unity, exported to android project and imported on Android studio. On maifest file it showed following warning: Expecting <uses-feature android:name="android.software.leanback" android:required="false" /> tag I have no information about it. And also on default emptyview android project does not use/mention this feature. I know it is required by TV's and such but why its not added by default? Why is this? And Should I concern about it? android unity3d
Read more

SQL update select statement

Image
0 I'm trying to update an entry in my database (postgresql). I'm having a problem with updating the query: INSERT INTO prices (price, product_id) SELECT product_price, commn_id FROM products_temp as prod WHERE NOT EXISTS (SELECT * FROM prices od WHERE prod.commn_id = od.product_id) OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) Query works fine when i delete: OR prod.product_price != ( SELECT price FROM prices as p WHERE p.product_id = prod.commn_id order by p.end desc LIMIT 1 ) So it seems to me that it's looping through this operation. My question is, how can I fix it? sql postgresql
Read more

'app-layout' is not a known element: how to share Component with different Modules

Image
0 My application was working fine until I decided to go with lazy loading: So, my shared component looks like this: import { Component, Renderer2 } from '@angular/core'; export interface FormModel { captcha?: string; } @Component({ selector: 'app-layout', templateUrl: './app-layout.component.html', styleUrls: ['./app-layout.css'] }) export class FullLayoutComponent { } app-layout.component.ts I am using this component in my Another component say school-home.component.html like this: <app-layout> </app-layout> and it was working fine until I created a Module school-home.module.ts like this: import { NgModule } from '@angular/core'; import { CommonModule } from '@angular/common'; import { SchoolhomeRoutingModule
Read more