DeepAI AI Chat
Log In Sign Up

On Privacy Risks of Public WiFi Captive Portals

by   Suzan Ali, et al.
Concordia University

Open access WiFi hotspots are widely deployed in many public places, including restaurants, parks, coffee shops, shopping malls, trains, airports, hotels, and libraries. While these hotspots provide an attractive option to stay connected, they may also track user activities and share user/device information with third-parties, through the use of trackers in their captive portal and landing websites. In this paper, we present a comprehensive privacy analysis of 67 unique public WiFi hotspots located in Montreal, Canada, and shed some light on the web tracking and data collection behaviors of these hotspots. Our study reveals the collection of a significant amount of privacy-sensitive personal data through the use of social login (e.g., Facebook and Google) and registration forms, and many instances of tracking activities, sometimes even before the user accepts the hotspot's privacy and terms of service policies. Most hotspots use persistent third-party tracking cookies within their captive portal site; these cookies can be used to follow the user's browsing behavior long after the user leaves the hotspots, e.g., up to 20 years. Additionally, several hotspots explicitly share (sometimes via HTTP) the collected personal and unique device information with many third-party tracking domains.


page 1

page 2

page 3

page 4


User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users

During the past few years, mostly as a result of the GDPR and the CCPA, ...

Privacy Limitations Of Interest-based Advertising On The Web: A Post-mortem Empirical Analysis Of Google's FLoC

In 2020, Google announced they would disable third-party cookies in the ...

Differential Tracking Across Topical Webpages of Indian News Media

Online user privacy and tracking have been extensively studied in recent...

The Hitchhiker's Guide to Facebook Web Tracking with Invisible Pixels and Click IDs

Over the past years, advertisement companies have used a variety of trac...

OConsent – Open Consent Protocol for Privacy and Consent Management with Blockchain

In the current connected world - Websites, Mobile Apps, IoT Devices coll...

Case Study: Disclosure of Indirect Device Fingerprinting in Privacy Policies

Recent developments in online tracking make it harder for individuals to...