By GlobalReach Chief Security Officer, Dr Chris Spencer.
Something important happened in the world of Wi-Fi captive portals earlier this month. In fact, the dedicated Internet Engineering Task Force (IETF) CAPPORT working group has now closed because its work has been completed with the ratification of the CAPPORT API, RFC7710, and RFC8952 (the new captive portal standards).
This new captive portal API gives Wi-Fi access points a reliable way to ‘advertise’ themselves as captive portals, making it easier for users to find information including their session and venue information, and to maintain a connection with the service provider or brand. It’s based on IETF specifications that describe how these networks should be set up in order to be identified.
Android 11 Beta 2 was the first operating system to use this new captive portal API back in the summer. Apple has now also confirmed that iOS14 and macOS Big Sur will adopt this standard and although not generally available, the API ratification signals the start of adoption across all the major operating systems.
If you run a captive Wi-Fi network, or if you build captive network solutions, it’s important to start updating to this new standard.
Why is the CAPPORT API needed?
Logging on to public Wi-Fi in a coffee shop or shopping centre using a captive portal is a familiar process. But problems can start as we try to get online, or if the captive portal fails to load. The experience is also far from smooth if we want to return to the login page at a later time, find the website to use to reaccept T&Cs, backtrack and find the venue’s original portal page to check our data allowance, or change services.
For the cafe, train operator, stadium or retailer operating the Wi-Fi service, this can damage the user experience, and is a barrier to communicating with customers who are on-site using the venue’s branded Wi-Fi service.
Behind these problems is the way that captive portals have traditionally intercepted the user authentication request and redirected it to a login web page. When these HTTPS requests are accepted they can result in a client error. We’ve all been on the receiving end of those frustrating security and privacy alerts telling us to return to a ‘safe’ network or being shown the wrong page. When we want to get online with a good cup of coffee, this is a frustrating problem and can damage the brand experience.
The good news if you’re providing a Wi-Fi service is that the new CAPPORT API makes this process smoother and more consistent for users of all operating systems.
What does the CAPPORT API change?
When a user joins a Wi-Fi network, the new API provides their device with an address via Dynamic Host Configuration Protocol (DHCP). This allows the network to advertise that it is ‘captive’ when a device first joins, instead of the previous traffic interception process.
This triggers the device to query the captive portal URL and provide a true or false response. If true, the correct URL loads. If false, the user is sent directly to the internet.
What is Venue Info URL?
When the user connects (either manually by selecting the SSID or automatically on Passpoint-enabled networks) they’ll now see an on-screen system message like a text alert. The user doesn’t need to do anything and can easily swipe this away.
So what’s the benefit?
So long as the user is connected to the venue’s Wi-Fi service, the message remains on their lock screen and in their message history, making it much easier to find and go back to the captive portal. Previously, once users went past the captive portal there was no way to return. This new simple message makes it easy to check session information, their balance, or to extend the session.
Imagine a real-life use case on an aeroplane where seatback screens are being removed in favour of passengers using their own devices. When the entire journey’s entertainment is concentrated through a traveller’s mobile phone or tablet this new ‘Venue Info URL’ makes it much easier for users to locate the home page, search the internet or choose a new movie to watch.
Cue warm and fuzzy feelings about the Wi-Fi service provider, and a more pleasant flight.
If you’re the public Wi-Fi service provider or venue, this has created a new potential way to communicate with users. The one-time message is controlled at the network level and protects the user experience by stopping the type of spam that can happen with text marketing. However venues can determine the page users are sent to, and have complete control over the page content. Depending on the type of venue, the possibilities as they say, are endless.
Alongside Wi-Fi session information, a retailer could use this page to deliver offers and local promotions. At a festival or large outdoor event, the page can point to safety advice such as first aid or water points. For city centre municipal networks that we know are used by, among others, homeless residents, the page can direct them to public services and advice.
While encouraging venues to update their Wi-Fi services to the new standard to advertise their captive portals, Android and Apple are watching and waiting to see how the new feature is used. It’s not outside the bounds of possibility that they may allow networks more control over message content in the future.
GlobalReach Technology is an expert in building public Wi-Fi services and can help you to build your user experience using our Wi-Fi management platform. Talk to our professional services team who can advise on best practices to implement the new CAPPORT feature.