Abstract

Open access WiFi hotspots are widely deployed in many public places, including restaurants, parks, coffee shops, shopping malls, trains, airports, hotels, and libraries. While these hotspots provide an attractive option to stay connected, they may pose security and privacy risks to users. Several past studies focused on privacy leakage from browsing the internet or using mobile apps in an open hotspot, due to the nature of these hotspots, and the use of HTTP, as opposed to HTTPS for connections between the user device and the web service. The US Federal Trade Commission (FTC) acknowledges those risks and advises public WiFi users to take reasonable measures while using such networks.
To complement previous efforts in analyzing security and privacy risks of using public WiFi hotspots, we design two comprehensive frameworks. The first framework (CPInspector) is designed to analyze the tracking behaviors and privacy leakage on public WiFi captive portals—where users typically agree to the hotspot’s terms or sometimes register before being allowed to access the internet. CPInspector performs a wide range of web tracking measurements on public WiFi captive portals for both Windows and Android; we must physically visit each hotspot and run the CPInspector on the hotspot captive portal. We also inspect the personal data collection practices of those hotspots and the security measures adopted to protect users’ information. Hotspots pose some unique risks due to their access to the users’ foot traffic, browsing habits, the device MAC address, and in certain cases, personal information such as name, email address, social media profile, location and employment history. Using CPInspector, we initially conducted a comprehensive privacy analysis of 80 public WiFi hotspot locations in Montreal, Canada. Our analysis reveals the collection of a significant amount of privacy-sensitive personal data through the use of social login (e.g., Facebook and Google) and registration forms, and many instances of tracking activities, sometimes even before the user accepts the hotspot’s privacy and terms of service policies. We also analyzed 98 hotspot locations in Montreal for ad injection, but we did not observe any content modification attempts. Next, we expanded our study to hotspots from other cities in Canada, Europe, and the US. We conducted a high-level comparative analysis of tracking behaviors of those hotspots (in total, 192 public WiFi hotspot locations; including Montreal hotspots). We conclude that some of our findings are indeed applicable to a larger geographical area, including the use of third-party trackers on captive portals and sharing the harvested data with third-party entities using third-party captive portals.
We use the second framework to analyze hotspots privacy policies and terms-of-use documentation which also discloses the service provider’s data and privacy practices. We augment our policy analysis using our collected hotspots’ datasets to validate selected privacy aspects of the public WiFi. We evaluated a sample of 16 privacy policy and TOS documents from hotspots that appear to be most risky in Montreal, Canada. Our analysis reveals many instances where the hotspot may appear to conform to privacy best practices according to its documentation but fail to implement necessary technical measures.