@madonius I’d say about 40% were just clicking a button or checking a checkbox before that. About 30% required more data like a name, mail, phone number where most of the time fake data like bla@example.com worked well. Some of the nasty ones verified mail addresses. Some by magic, a few by actually sending a mail with a verification link…
@madonius Some required actual cell phone numbers from a specific country and the worst were the: “you can have 300mb of data and after that you have to pay $BIGDOLLAR to get more”, which raised the question of how they actually identify recurring devices (afaik the iPhone sends chaning MAC addresses?).
@cy@madonius I am sure they could identify my device multiple times in multiple captive portals. It would be interesting to find out how they did it. Unfortunately I could not find a simple way to debug the web views to see if they use any web trickery.
@MoritzGiessmann@madonius technically they could do stuff like browser fingerprinting while you access the captive portal (?)
i don't know how the client handles the portal, but i guess its a http services, so it probably falls back to safari?
Add comment