What is Captive Portal?
A web page that forces users to interact with it before granting internet access, commonly used in hotel, airport, and cafe WiFi networks.
Captive portals intercept your traffic and redirect you to a login or acceptance page. They're ubiquitous in public WiFi.
Privacy Concerns
- Often require personal information (email, phone number, social media login)
- Can inject tracking scripts into your browsing session
- Your device sends probe requests that can be tracked
- Some portals install tracking cookies
Security Risks
- Traffic before authentication is completely unencrypted
- Fake captive portals can be used for phishing (evil twin attacks)
- The portal operator can monitor all traffic on the network
Protection
- Use cellular data instead of public WiFi when possible
- Connect to your VPN immediately after portal authentication
- Never enter real personal information in captive portals
- Use a burner email address for WiFi signup
- Forget the network when you leave
Related Terms
DNS Leak
A security flaw where DNS queries bypass your VPN or proxy and are sent through your normal ISP connection, revealing the websites you visit even when your other traffic is protected.
Man-in-the-Middle Attack
An attack where the adversary secretly intercepts and potentially alters communications between two parties who believe they're communicating directly with each other. MITM attacks can capture credentials, inject malware, or modify data.
Virtual Private Network
A technology that creates a secure, encrypted connection over a less secure network, such as the public internet. VPNs mask your IP address, encrypt your internet traffic, and can make it appear as though you're browsing from a different location.
Have more questions?
Use our guided flow to get the right next privacy step for Captive Portal.
Open Guided Flow