" If the response is never received, or if there is a redirect, then a DNS request for dns.msftncsi.com is made. If DNS resolves properly but the page is inaccessible, then it is assumed that there is a working internet connection, but an in-browser authentication page is blocking access to the file. This results in the pop-up balloon above. If DNS resolution fails or returns the wrong address, then it is assumed that the internet connection is completely unsuccessful, and the “no internet access” error is shown."
Would this mean that DNS poisoning msftncsi.com would prevent Win7 machines from accessing the internet? Or would this merely cause the 'no internet access' error to be displayed despite your connection working anyway?
Which is terribly annoying when you have a crappy router that intercepts dns queries and sometimes fails to resolve, making Windows think there's no internet, which makes it NOT let you even try to send the packets. Not my case but I've seen it happen: big FAIL. What a crappy way of "checking" you have internet access...
(@yakyak, no they don't work, that's what's so screwed up not just the half-assed method for checking)
This service can be disabled, so obviously it doesn't prevent you from accessing the internet even if it thinks it doesn't have access. It would SAY "no internet connection", but internet resources would still work just fine.
The iPhone uses a very similar technique. If you connect to a wifi network that requires login, a browser sans address bar will pop-up over your current app and allow you to login. Once an external resource can be reached, the browser disappears and returns you to the previous app. Steve Jobs even alluded to it / bragged about it when the iPhone was first unveiled, 2 years before Win7 was released.
Yes, I have wanted to build something like that for Android, mainly to keep my phone from getting confused when it's connected to someone's wifi that demands some check box be checked off for service.
It would periodically awaken, see if the wifi is connected, if it is is there connectivity, if there is, go back to sleep, if there is not, turn the wifi off.
I've also wanted to build for Android the same piece of code, but if for 2 or 5 urls it gets back the same page with a checkbox, it checks off the box and sends it back off.
But I am curious, do all those wifi dns terms and agreements hijacking pages break any sort of RFC?
I'm not sure if you can access its state programmatically, but Android already does detection: the WiFi status icon is green if the system can make a connection to Google's servers, and grey otherwise.
IPv[46] have nothing to do with it. "Captive portal" pages are meant to prevent you from getting to the larger Internet, until you do whatever magic is required to dismiss them.
"the WiFi status icon is green if the system can make a connection to Google's servers, and grey otherwise."
That's interesting. How does it detect it's at Google's servers?
I've often had occasions on my non-rooted, gingerbread, nexus one, where the phone believes it is on the net, on wifi, and shunts all activity to wifi, and yet, it's really stuck on one of those captive portal pages.
It even happens if I am just driving down the road.
I had thought that perhaps a small bit of technology would fix that, perhaps by turning the wifi off, or by automatically checking in on starbuck's router, but I am beginning to see I may just have a sick-making sense of entitlement.
Without being terribly cognizant of the RFCs I am surprised these portal captures are within spec.
Check out this open source application sbautologin (link: http://code.google.com/p/sbautologin/) that automatically logs into Starbucks (AT&T really) WiFi.
How is my wanting to either turn my wifi off, or automatically checking a terms and conditions box at a starbucks, or library, or school, or courtroom, or hospital router demonstrating a sick making sense of entitlement?
I would think many people would want such behavior from their phones, but I can see that you and whomeever voted my original question down are genuinely disturbed I would want this.
I think the point the parent is trying to make is that when you're using someone else's wifi network, it's their network, and they get to determine under what terms you're allowed to access it. If that means logging in, or viewing a page where you're required to explicitly agree to terms, that's the network operator's prerogative.
Annoying? Sure, a little. A "violation of spec" or something to get overly pissed about? Eh, there are far bigger fish to fry.
> or something to get overly pissed about? Eh, there are far bigger fish to fry.
It's easy to say that when it isn't your responsibility to deal with rightfully frustrated & confused end users that simply want to be able to use this WiFi network like they use every other WiFi network. Connect and forget.
I also have a never-ending hate for WiFi networks that use portals as they break tons of functionality and always have caveats & problems like the ones parent described.
The worst part? Acting very arrogant about it is the standard IT response, and it blatantly and demonstrably decreases security. Users keep splitters, ethernet cables & routers in their offices, in their laptop bags and around the building.
So go ahead, take this attitude towards the end users of your network. Just don't be surprised if the next IT crisis is caused by someone who "just didn't want to deal with the WiFi hassle".
Fine, but the way the thing works today, there's no mechanism for discovering what those terms and conditions are, or indeed, that they even exist.
So I go somewhere, flick on my WiFi, and then get frustrated because various tools (say, my native-code Google Reader app) can't communicate. It can't talk to the network because HTTP is trapped.
The thing is, HTTP is the de facto transport for everything. But these authentication/confirmation pages assume that a human will be reading them.
It seems to me that a mechanism that detects the presence of such a trap, and pops up that response page in a browser window for the user to react to, would solve everyone's problem (if inelegantly).
And the other issue is that (if I have this correct), the reason my phone connects automatically to various portal hijacking waps is because in the past I have connected to those waps, and almost certainly checked off the terms and agreements for them, and continued.
I don't believe the nexus one will connect by itself to any open wap, it will just tell you one is available.
It seems absurd for anyone to think I need to check off the terms and agreements every single time I connect to the open wap, everyone's suspicion of course is that no one ever reads through the terms and agreements, we just check the box to make some lawyer or IT dude happy and continue.
Exactly. This is the specific reason why I ask if these portal pages, the DNS hijacking violates some RFC.
I do understand the desire and even the need for some form of authentication, or notice you are on someone else's network and ought to read what the terms are.
But the behavior of how that is implemented today is totally obnoxious, especially since for the most part, the terms and agreements are boilerplate intended to satisfy some lawyer, and functionally get in the way of why the vendor or site provided the wifi access in the first place.
I just assumed it noticed when I entered the login information 2 minutes prior, then waited until the most annoying moment to give me a completely useless fraking notification.
if you're paranoid enough to disable this, you shouldn't be using windows. there are far more and better ways for windows and other windows software to phone home.
It could be useful for corporate laptop users. I can imagine using this so that I know the IP address and connectivity status of remote users to use when they call in with issues.
Do we really need an entire article about this? Seriously, if you couldn't figure this out on your own in about 10 seconds, you're in the wrong line of work
It's nice to see the precise mechanics explained, and it might be rather "negative" to make your point, but it is a pretty obvious solution and I agree with you.
Apple claims that Mac OS X is "the world's most advanced operating system". But it's these details that I consider advanced and clever. Apple's marketing statements went from funny to offensive and unsupported.
Would this mean that DNS poisoning msftncsi.com would prevent Win7 machines from accessing the internet? Or would this merely cause the 'no internet access' error to be displayed despite your connection working anyway?