Starbucks is now requiring a name and email address to use their WiFi. It’s still a captive portal. I didn’t do it, and won’t, regardless of VPN....
Let’s ignore temp/anon email for the moment. Implications for normal users?
not sure how I feel about this. #infosec Thoughts?
-
Show this thread
-
Replying to @0xBashCat @OttLegalRebels
If they wanted to verify identity they would ask for social media login.
1 reply 0 retweets 2 likes -
If you can do social media login you're not captive anymore. You have a working encrypted channel out.
1 reply 0 retweets 0 likes -
Ok explain in laymens terms pls
1 reply 0 retweets 0 likes -
The only way they could implement social media sign-on without already giving you access to visit the supported social media sites is by asking you to hand over your password for the SM site to their login system, then turning around and using it to login as you.
3 replies 0 retweets 0 likes -
This is an extreme no-no and would get them banned from accessing the SM site immediately, and probably even sued.
1 reply 0 retweets 0 likes
The way legitimate SM-based login works involves your logging in to the SM site (always via https, with the ISP/hotspot unable to see what you're doing except what site it is) and getting back cryptographic proof of identity for your browser to pass to site you're logging in to.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.