Guest portals are a common occurrence in the WLAN industry. They have been used for many different types of access scenarios with some criticizing their use as getting in the way of people wanting fast and free access to the internet. In this blog I want to contribute to this discussion with the proposition that due to the many different ways captive portals are used, there is some merit both from a business and security point of view for their use.
Starting with looking at WLAN access from a high level, there are several main business uses that are incorporated in designing user access. The most obvious first use case is your standard business user in a corporate network. This is the same user that we have been designing access for through most of the life of wireless technologies. Usually, due to security concerns, most corporations providing WLAN access use strong encryption and authentication methods to control access. There are, however, other types of users in a business environment. Some examples are outside vendors, visitors, subcontractors, temporary workers and most recently corporate employees bringing their personal mobile devices to work. The challenge for corporations providing access for these types of scenarios is that users outside of the traditional controlled access scenario are exploding and that puts pressure on the WLAN infrastructure which must be upgraded to keep up with demand. Until now, most corporations have used captive portals to control access so that only users sanctioned by the business have access to the WLAN.
Another group that has made heavy use of captive portals is large public venues such as stadiums, conference venues, airports, etc. This is distinct from smaller public venues such as coffee shops, restaurants, hotels or even airplanes. The challenge for large public providers is that in many cases the use of captive portals annoys the users and many will resort to alternatives such as MiFis to get around onerous signup forms and costly access plans. Security is less of a concern here than in corporate use cases but there are still concerns around users using the public venue’s access to download illegal content or perform active attacks on other users. Captive portals are often a mechanism here to provide users with notifications that their access is being monitored and that specific acceptable uses of the access are required to be met. The other side of this for large venues is that it costs a lot to maintain the public infrastructure for this access. With this in mind many large airports, for example, began by charging users for access. This has lead to it being common in large airports for users to use their mobile device for access rather than pay the associated fees. It has become apparent in recent years that many large venues have backed away from these fees and begun to see providing Wi-Fi as much more of a general infrastructure cost than something that end users should be charged for. The last challenge to using captive portals for large venues is one of scalability. Having 60,000 users streaming the last replay of a goal they just watched is challenging for the infrastructure to handle and requires a great deal of planning to achieve. I suspect many large venues will look to sponsorship as a way of meeting these costs so that free access becomes part of the experience of attending the game. This is where alternatives such as Hotspot 2.0 could make access for users easier and more secure than utilizing a captive portal as well as more scalable from an infrastructure perspective.
The final group to look at is people providing location based access services. Although RTLS has been used for a number of years in hospitals and other situations requiring tracking of assets, there was not a huge use case for captive portals for traditional RTLS. In the last few years there has been an emergence of uses around tracking shoppers and other casual users that combines RTLS with a user registering either with a ‘social login’ or with a loyalty program of a retailer to track shopping habits so that physical stores and locations can have a better idea of what interests users in those locations. The value for this is specifically for optimizing the layout of stores for users to easily find what most interests them and for advertising in store displays that are personalized for the interests of the users. This can be done without the user logging in by using the more anonymous MAC addresses of the device However, this is just a modernization of traditional store based tracking that looks at items brought to optimize store layout. There is a privacy aspect to this as well, where an app installed by the user or a captive portal signup means a more positive acknowledgement of consent to be tracked and making the value to the end user more visible. This is similar to loyalty programs that track user purchases in return for offering addition discounts of interest. As usual there is a balance here between the users needs, in this case privacy and transparency into what their data is used for, and the value to the business of getting good info into the likes and dislikes of a customer in their store. Captive portals in this situation can be used to be more open with shoppers about what is being collected and how it is being used.
In this short tour of different use cases for captive portals I have attempted to show that the use or not of captive portals is not simply a matter of a single value to both end users and the businesses using the captive portal. There is friction on both sides as to the differing needs and it’s not an easy definition to say that captive portals have no use at all and just get in the way of users. At best it is a balancing act between the value to those deploying the portals and those who have to use them. At times, the value of making it as frictionless as possible to end users outweighs the business value. In other cases it may provide a much better value to both to have a captive portal.