Yep, so smart that I used to name my WiFi “McDonald’s Free WiFi” when I lived half a block from McDonald’s. Everyone’s phones would connect but to my goatse’d image network.

I thought devices would start remembering the base station MAC addresses to avoid hijacking but I guess not.. maybe I should start doing this again at my local Home Depot

Edit: just remembered I used to do this on planes too. I would MiTM the AP and people would connect to my WiFi device. Then I would serve an obvious incorrect Bank of America page. No one logged in to it though :(

And next time, you can try to beat your personal high score for speed-running captive portal automation/evasion ;)

Now I think about it, that seems like it would be a rather fun activity for a software meetup!

I haven't used it myself, but it seems reasonable to inform laymen that browsing to a captive portal system will be unprotected. I'm not sure how eggregious the error actually is.

> …plus I found I would sporadically get connection issues that I resolved by turning it off.

Not defending Apple in particular, but connectivity will decrease with every extra hop you make in your connection; you'll notice this when browsing the internet with tor (or, heaven forbid trying to use IRC over tor).

it makes that you would have more connectivity issues when using any kind of proxy; and it would get worse with every extra layer of proxy.

I don’t see how you could have a mobile phone, that also uses wifi, without those things being true. (One correction: I don’t think Apple knows who is near you unless they’re also on an Apple device or uses an Apple app on said device)

Genuinely curious how you think a company can route your traffic effectively and efficiently without knowing those things…

Whoa, what? This is really how it works? This implies that anywhere you go with your laptop, someone can sit there and get a list of every wifi you've ever connected to. :(

I don't understand why this disclosure is necessary, since you can list all nearby wifis, even ones you've never connected to. Shouldn't it be possible for a wifi client to get a list of all nearby wifis, then only attempt to connect to the one it knows, without telling the others anything about what it's looking for?

Didn't finish reading the article, because it's going step by step and I don't plan to actually set up a Pineapple, but this surprising bit was the main takeaway for me.

Aren't they randomized now?

Or anyone who doesn’t want to be tracked by random retailers. I worked for one such company, so I know intimately how it works, including how MAC address randomization doesn’t actually work in the real world at completely obscuring your device.

AFAIK, technically, there's no standard address for a captive portal's location so iOS probably tries to navigate to a website. The router then poisons the DNS response and the captive portal loads. Android devices do the same thing to my knowledge. My Samsung pops up a notification that when tapped opens the browser and tries to navigate to Google. If a login happens before the user opens the notification (for example, by an app running a background service like the Fonera app) the notification is cleared automatically.

Yes they do. From my 1st WRT54G to my latest AX mesh, I have never had a WiFi password. My friends and family that were visiting over the Holidays apricated it. Everyone used it, no one asked me for the password.

Are people still Wardriving? Even if they are, the odds of a malicious hacker coming to my neighbored is up there with getting stuck by lightning. Not losing sleep over it. Why should I?

Oh, I forgot all about that.

I worked at a K-12 that deployed Apple devices awhile back, and this behavior was a nightmare for network management. Especially for travelling teachers who would take their device to several different buildings throughout the day (and, therefore, different IP subnets with the same WiFi name).

The worst part was that some of the devices would just... never emit a DHCPREQUEST. They'd either ignore the fact that there was an address collision confusing everyone else's ARP tables, or connect to the network but stick with an IP that had no route to a gateway. As I recall -- it's been awhile -- even setting the lease duration to something very low didn't seem to help. Indeed, I think that made it worse.

It was bad enough at one point that we had those devices with the worst behavior set up with reserved IPs and a hidden WiFi network that was a district-wide VLAN with a single subnet.

You should go study the whole thing again.

Basically he started off leeching off of Wifi only.

At some point JSTOR noticed and complained to MIT so they blocked (get this), his IP address.

So Aaron picked a different IP.

Then they blocked his MAC (this is all on Wifi, still).

So Aaron changed his MAC.

Eventually MIT and JSTOR figured out how to block him off of their wireless completely (or at least, to rate-limit the JSTOR access over Wifi).

It was only at this point that Aaron changed strategies into trying to hookup with a wired connection directly to the MIT switches, by finding and utilizing the network closet.

You've got it backwards. The phone isn't being tracked, the phone is the one doing the tracking. The phone is looking at all the wifi APs it can see and then looking those up in a database.

Nobody sees the phone's MAC address. It isn't broadcasting anything at all.

I don't know about your work, but mine actively encourages us to use our laptops from literally whatever network we want. There's some that only ever tether. What set it off was the fact that the device saw no other neighbors -- they stopped complaining as soon as she put a printer on the same network.

> Having video on is a meeting requirement at some companies.

If that was a requirement, it was inconsistently applied. She was singled out.

> doesn’t remember giving them her address

There's no way they could have known the address she was working at since it wasn't listed anywhere; I id bury the lede here a bit: She was on LTE working from a camper in the middle of a forest. None the less, an in-person courier arrived at the *camp site* she was at the next day with a new laptop.

I wish I was being fed exaggerations, because *that would make more sense*. No, the hanlon's razor here is that they ship all their machines with one of the location tracking systems, in this case probably Absolute (the replacement for Computrace).

I've always enjoyed having unique/personal SSIDs, but had never seriously considered this consequence. I wonder what the worlds generic SSIDs are.

Yes! I keep my personal MBP unconnected from the internet most of the time using a physically separate computer acting as firewall, and allow only traffic from Firefox, Electrum and command line utilities to reach the Internet.

Integrated mobile internet in the laptop is convenient in a lot of cases, but for me a dealbreaker.

I wonder if that is my problem. Often, my Mac won't connect to my mobile hotspot. I open the lid, it starts attempting to connect to the hotspot and just sits. Connecting. Forever. I can turn off WiFi, turn off the hotspot, and sometimes even reboot both my phone and my laptop and still be unable to connect.

I recently figured out that if this not-connecting happens, I can disable wifi, disable hotspot, turn on WiFi and select my not-on hotspot to connect to. A couple of seconds later, it fails and asks to run network diagnostics. I cancel, disable wifi, turn back on the hotspot, turn back on wifi and, presto, it connects.

I figured there was some caching going on and that I am effectively invalidating the cache. Maybe this is what the op is talking about here.

It's how the standard currently works and what enables fast reconnection. IIRC, the device sends out all available SSIDs, at the router responds with the one(s) it's able to use to connect.

I agree that this is backwards, and I'd rather have slightly slower WiFi reconnection in exchange for better privacy. I don't know what the OS-level behavior is if you delete all previous networks. I assume it works, but I haven't tested it.

Oh, and for what it's worth, this isn't just for mobile devices. Your laptop probably does it too. In fact, OS X has an annoying habit of connecting to WiFi networks in the background even when the laptop is closed and asleep, which means it's doing this broadcasting behavior as long as the WiFi setting is turned on.

FWIW: I consider this to also be an Apple problem. Look, I have no idea how the Airport Express stacked up to the competition really, maybe it was junk, but it generally met my needs and was better than any of the other options I'd used in the past in terms of not having to fiddle with it much. Now imagine you are a consumer with no technical knowledge - do you buy a device or do you go along with whatever your ISP offers you? If Apple made a wifi device of some kind again, of course I'd buy it because I'm already in their ecosystem.

I strongly disagree with this.

Does anyone remember what connecting to Wifi looked like? I'm talking 15+ years ago. Here's how it would go:

1. Click a network

2. Choose an option from WEP, WPA, WPA-PSK, WPA2 and WPA-PSK

3. Be prompted with a either a password, a key selection or a box that generates a bunch of keys. Enter what you think the password is somewhere;

4. If it doesn't work, return to (2) and try something else.

5. If it works, you win.

That was literally how it worked. And then Apple came along and just prompted you for password. Why? Because the OS can figure out the rest so why ask the user?

You can argue "the user should have basic knowledge of the tools they're using". After all, if they're connecting to a WEP network, they should be aware it's not secure.

But users don't care about any of that so there's no point in asking them. You're just forcing users to make decisions they don't care about, don't need to know it and aren't interested in. For what?

That's what great product design and interface design is.

Let's also refer to Joel Spolsky's classic "Choices" [1] where he quotes:

> Every time you provide an option, you’re asking the user to make a decision.

and then goes on to (correctly) say:

> That means they will have to think about something and decide about it. It’s not necessarily a bad thing, but, in general, you should always try to minimize the number of decisions that people have to make.

[1]: https://www.joelonsoftware.com/2000/04/12/choices/