How to connect to public WiFi











up vote
21
down vote

favorite
4












In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi







share|improve this question


















  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago















up vote
21
down vote

favorite
4












In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi







share|improve this question


















  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago













up vote
21
down vote

favorite
4









up vote
21
down vote

favorite
4






4





In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi







share|improve this question













In hotels or at airports, connection to the public WiFi requires you to start a browser session, which is then redirected to some log-in page. Due to security concerns, browsers now pop up warnings about such redirection, and if you're on a company laptop, you may not be able to proceed. Also, any HTTPS site won't allow redirect in the first place, and more and more websites start implementing HTTPS.



Is there a reliable way to get to the login page for a public WiFi network that doesn't require hoping you know a site that's still on HTTP, or even better, that won't be blocked by overzealous company security?






wifi




wifi






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked yesterday









Jonas

6,3263152




6,3263152








  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago














  • 4




    Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
    – Nate Eldredge
    yesterday






  • 4




    Much of this seems like it's something you have to take up with your company's IT department.
    – Nate Eldredge
    yesterday










  • I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
    – deviantfan
    yesterday






  • 1




    Take a HTTP-only site and bookmark it?
    – Federico Poloni
    yesterday






  • 6




    This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
    – user71659
    22 hours ago








4




4




Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
yesterday




Browsers often have some built-in http url that they try to load to see if they get redirected to a login page. Firefox has detectportal.firefox.com/success.txt
– Nate Eldredge
yesterday




4




4




Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
yesterday




Much of this seems like it's something you have to take up with your company's IT department.
– Nate Eldredge
yesterday












I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
yesterday




I'd go in the other direction and not use it. Such kind of Wifi is a great way to get the computer taken over by someone. The warnings are there for a reason.
– deviantfan
yesterday




1




1




Take a HTTP-only site and bookmark it?
– Federico Poloni
yesterday




Take a HTTP-only site and bookmark it?
– Federico Poloni
yesterday




6




6




This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
22 hours ago




This isn't a travel question. How many corporate laptops are set up is there's a VPN client that automatically connects and always tunnels 100% of traffic back to the company. New clients detect captive portals and handle appropriately. Old or misconfigured clients don't, in which the answer is too bad, its working as designed.
– user71659
22 hours ago










1 Answer
1






active

oldest

votes

















up vote
27
down vote



accepted












  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer





















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "273"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














 

draft saved


draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
27
down vote



accepted












  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer





















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago















up vote
27
down vote



accepted












  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer





















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago













up vote
27
down vote



accepted







up vote
27
down vote



accepted








  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.






share|improve this answer














  1. Your device may support this automatically - Particularly for Android, but probably also for several other systems, you may see a notification to "sign into the network" or similar. Click or tap it, and your device will open a web browser. Surprisingly, this even works with some non-web devices such as the Nintendo Switch (which does not have a "regular" web browser at all).


  2. If not, use a non-HTTPS website, such as http://www.example.com or http://neverssl.com/. example.com is particularly safe for this purpose because it is owned and operated by IANA and its domain is permanently reserved for use in software documentation. Chrome will also send requests to http://google.com/generate_204 over HTTP notwithstanding the use of HSTS (note that if your internet is working correctly, that URL will not cause a page to load, because Google responds with HTTP 204 No Content).


Finally, as some people have mentioned in the comments, you should be careful about trusting open networks. Once you have signed in, don't do anything sensitive unless the entire site uses HTTPS. People can steal your session cookies even if your username and password were encrypted, so just having HTTPS on the login page is inadequate.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









Kevin

41646




41646












  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago


















  • And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
    – deviantfan
    yesterday






  • 16




    @deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
    – Kevin
    yesterday






  • 9




    @wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
    – vidarlo
    22 hours ago






  • 3




    Oh, please do publish how edge can cause an bsod...
    – vidarlo
    20 hours ago






  • 6




    Please, don't spread FUD in the comments section.
    – Burhan Khalid
    12 hours ago
















And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
– deviantfan
yesterday




And just accessing the login mask, even if legitimate, is enough to secretly get malware. It's not only about security/privacy of data from visited websites.
– deviantfan
yesterday




16




16




@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
yesterday




@deviantfan: If you know of a way to forcibly download and install malware without the user's consent, please report it to the developers of the browser(s) concerned. It is a security bug and must be seriously investigated.
– Kevin
yesterday




9




9




@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
22 hours ago




@wizzwizz4 no. A drive by infection that worked against any win10 machine with Office installed would be big headlines.
– vidarlo
22 hours ago




3




3




Oh, please do publish how edge can cause an bsod...
– vidarlo
20 hours ago




Oh, please do publish how edge can cause an bsod...
– vidarlo
20 hours ago




6




6




Please, don't spread FUD in the comments section.
– Burhan Khalid
12 hours ago




Please, don't spread FUD in the comments section.
– Burhan Khalid
12 hours ago


















 

draft saved


draft discarded



















































 


draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2ftravel.stackexchange.com%2fquestions%2f125926%2fhow-to-connect-to-public-wifi%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Can a sorcerer learn a 5th-level spell early by creating spell slots using the Font of Magic feature?

Image
28 6 $begingroup$ Per the Font of Magic feature, sorcerer can use Flexible Casting to create 5th-level spell slots at level 7, even though they are not typically available until level 9. You can transform unexpended sorcery points into one spell slot as a bonus action on your turn. The Creating Spell Slots table shows the cost of creating a spell slot of [5th level is 7] If such a sorcerer levels up while still having this 5th-level spell slot, can they choose a 5th-level spell as the spell they gain upon levelling up? The Spellcasting feature states: Additionally, when you gain a level in this class, you can choose one of the sorcerer spells you know and replace it with another spell from the sorcerer spell list, which also must be of a level for which you have spell slots.
Read more

Does disintegrating a polymorphed enemy still kill it after the 2018 errata?

Image
up vote 13 down vote favorite 1 After the 2018 errata, the disintegrate spell description now reads: A creature targeted by this spell must make a Dexterity saving throw. On a failed save, the target takes 10d6 + 40 force damage. The target is disintegrated if this damage leaves it with 0 hit points. If you were to polymorph an enemy into a rat and then disintegrate it, would the enemy be disintegrated or would it just return to its original form? I know that for Druids, it’s not an instant kill anymore, but is this the case for polymorph as well? dnd-5e spells polymorph errata share | improve this question edited 18 hours ago
Read more

A Topological Invariant for $pi_3(U(n))$

Image
3 3 $begingroup$ Recently, I saw a construction of topological invariant for $pi_3(U(n))$ with $ngeq 2$ : $$ N=frac{1}{24pi^2}int_{S^3} d^3x epsilon^{ijk} Tr[(U^{-1}partial_{x_i}U)(U^{-1}partial_{x_j}U)(U^{-1}partial_{x_k}U)] , $$ where $Uin U(n)$ depends on $boldsymbol{x}=(x_1,x_2,x_3)in S^3$ , $epsilon^{ijk}$ is the Levi-Civita symbol, $i,j,k=1,2,3$ , and the duplicated indexes are summed over. It is claimed that $N$ is an integer, but why? Update 02/02/2019 I think I got an argument for $n=2$ . In this case, $U=e^{i varphi} q$ with $qin SU(2)$ . Due to the trace and the Levi-Civita symbol in $N$ , $varphi$ does not contribute to $N$ . As $Tr[q^{dagger}partial_i q]=0$ and $(q^{dagger}partial_i q)^{dagger}=-q^{dagger}partial_i q$ , $q^{dagger}partial_i q$ in geneeral has the form $q^{dagger}partia
Read more