Tell HN: iOS lets carriers add WiFi networks that you can’t stop from joining
Essentially, the latest iOS (16.4 at post time) allows your cellular carrier (via eSIM) to add “managed networks” to your device.
These networks cannot be removed, they cannot have “automatically join” disabled, and they have equal priority with your real, personal networks.
So guess what happens when your neighbors get a wifi/modem combo that blasts a free hotspot SSID? Not only does it pollute the already crowded 2.4ghz band, your iPhone will often prefer this connection over your real /local wifi (despite said wifi being at 1 bar).
As of post-time, there is no way to remove these networks short of completely disabling cell service/removing the eSIM and resetting all network settings.
You can see this for yourself by going to WiFi/“edit” and scrolling down.
Edit: to clarify, I can disable “auto join”, but in 4-5 minutes all of my devices have auto-join turned back on. I’m guessing it re-syncs with the carrier profile. Also, this does not seem to be eSIM or SIM related it can happen on both.
401 comments
[ 2.5 ms ] story [ 278 ms ] threadI switched off Auto-join on both "t-mobile" and "TMobileWingman", but I couldn't hit the "Done" text-but-its-really-a-button in the upper right until I made some change to the normal known networks list, so I deleted a couple that I didn't remember or recognize. YMMV.
It's gross either way. No way, no way in hell this is something that should be shadow dropped onto my phone.
These are networks added by your carrier you can’t remove. They have equal priority to your real networks.
In my case, 2 neighbors have freebie wifi/modem combos blasting out 1-bar hotspots that match my carriers free hotspot SSIDs, so all my family’s personal devices constantly switch between my real home network and these “hot spots” with no way to stop it short of removing everyone’s SIMs
In my case I disable auto join on all and they’re all back on in 4-5 minutes.
I was also able to verify this as the device will still really connect to the “disabled” hot spots, even after switching it off. Just took a while for the profile to resync.
Edit: only 5 of 9 re-enable auto join after I disable it.
> even after switching it off
This might be your issue, because after a restart your iPhone no longer has access to your saved Wi-Fi credentials, but it can still use EAP-SIM to join T-Mobile's Wi-Fi network first. But I see your point that it does not respect the "Auto-join" toggle.
If this happens often enough to annoy you, you could file this bug with Apple by typing "applefeedback:///" into Safari. It could take some guesswork to figure out what component to file this against.
Looks like comcast xfinity type networks are being imposed too. The xfinity App may be toggling these XFI, Xfinity Mobile, xfinitywifi pieces your way too.
The Xfinity hotspot service typically has two SSIDs going: "xfinitywifi", which is unencrypted and has a captive portal to log in, and the "XFINITY" network, which the installing the profile enables access to and which is encrypted with 802.1X authentication.
For everyone except apparently the carriers, Apple is very strict about the opt in nature of managed WiFi networks.
You'd need an extremely strong reality distortion field to advocate for it. I can only guess it's a way for the telcos to offload 5g traffic.
In the Android world, if Samsung/Telstra introduced something similar in Australia that'd be enough for me to jump ship to another manufacturer that didn't. There's an auto-enabled "Hotspot 2.0" feature that I've turned off; it's not ideal that it's on by default but for people on lesser data plans it could be convenient. It's a simple toggle to turn off, nothing's forced.
But I am shocked that they would force connection to open ssids.
Probably not a US thing. Its an IOS thing as that is where you can delete/forget networks you have joined (that arent in range anymore)
Not surprising. I don’t respect or trust them, so I’m not one of their customers.
It's clear that Apple uses the feelings of trust and respect in their marketing campaigns, but this is just a calculated strategy that works for them. As a company, they are like most companies - they desire to create and maximize revenue streams. To the extent that they value trust and respect they actually value customer perceived trust and respect as it relates to their marketing strategies.
Tl;Dr if they think they can get away with things that are customer hostile without tarnishing their marketing image they'll do it. They will take calculated risks here as well.
Examples:
Apple will hold a monopoly on iOS for books and this is fine: https://www.techemails.com/p/ibooks-is-going-to-be-the-only-...
Apple forces a 30% fees on subscriptions, negotiates with Uber (and presumably others) to pass this cost directly onto the user in cases where the margin is so low the 3rd party cannot economically eat the fee: https://www.techemails.com/p/lets-take-a-cut-of-membership-p...
iMessage is exclusive to iPhone because they fear that parents may buy Android for their children over iPhones if the app was available on both - which obviously indicates that the dark UX treatment of non iMessage sms (green bubbles) is an intentional segmentation of the messaging ecosystem designed to bring users to the iphone thru social effects. Any platitudes to security are purely marketing. https://www.techemails.com/p/imessage-for-android
Apple is a company, their users are revenue streams, trust and respect matter in terms perspective not in terms of meaningful action. They will do things that put their trust/respect at calculated risks to maximize revenue.
Folks thinking otherwise are pleasantly naive - it is totally reasonable to question Apple's actions and motivations.
(And BTW, to clarify: Apple has a book store monopoly on iOS, not "a monopoly on iOS for books". I can read my Kindle books perfectly fine)
Apple conspired with publishing houses to shut Amazon out of the market through leveraging it's huge device platform. Steve Jobs literally said: "The price will be the same... Publishers are actually withholding their books from Amazon because they are not happy."
If Apple had won their case it is a serious question if you would have Kindle books to read.
https://en.m.wikipedia.org/wiki/United_States_v._Apple_Inc.
All that said - this is reasonable rational behavior for a company. Which is why we also have antitrust laws. ;)
If Apple said, "no, you can't force users onto Wi-Fi networks without their consent," T-Mobile, AT&T, and Verizon would just say, "ok, it was worth a try," and carry on as if nothing happened. People will still want Apple products in sufficient numbers, and carriers will still want money from those people. But Apple isn't interested in what people want, Apple is interested in what they can convince people they want.
AT&T got my business by supporting the iPhone first. I assume if one major carrier drops the iPhone the other would recognize the opportunity and court users asap.
How can Apple be well-respected after wanting to scan your photos for CSAM is well beyond me, but I guess everyone is different.
But I've had this same argument a thousand times and it's like shouting at the tide and trying to stop it...
What you are suggesting doesn't necessarily make zero sense to desire, but practically speaking I don't think it makes sense based on the transactions that have occurred in this scenario. They may have a right to do that stuff on the cloud, but they don't have a right to do it on your device. It has nothing to do with which is better.
Disable cloud upload -> no local scanning.
People were stumbling over each other in one of the biggest competitive misunderstanding contests of the 2020's and Apple backed down to shut people up just because nobody bothered to RTFM and just got angry based on random internet hot-takes that were based on incorrect assumptions.
Their plan was to scan stuff that would be sent to their hardware on your hardware so that they could encrypt it on their hardware without having the key themselves. And law enforcement wouldn't have had the "what about child pornography" -angle to force access to data, since everything would've been pre-scanned.
If no data would've been sent to their hardware, no scanning would've happened.
It wasn't a complex idea, but The Internet decided collectively to misunderstand it.
I'm thinking Apple didn't expect the carrier to do this.
Not really related but hypothesizing it's the following makes me chuckle: https://www.youtube.com/watch?v=y8OnoxKotPQ
1: https://reddit.com/r/tmobile/comments/7u535i/_/jcl01il/?cont...
That seems like an obvious security vulnerability.
AIUI this is a feature, not a bug. It allows devices to switch between different access points automatically.
For example, a large school will need to use many different access points in order to cover the entire building. Students will not want to manually switch between all of these access points, so the school gives each one an identical SSID and password. Devices will then switch automatically as needed.
That's how most 802.11 STAs (clients) make a standalone roaming/handoff decision. But if the vendor supports it (and the APs can cooperate towards providing it, such as yours, probably), there's also 802.11v, which allows the APs/network to make the roaming decision based on their respective load, view of the client's signal strength (and not only the client's view of theirs) etc. It's nothing unique to Asus, though.
> It's true mesh networking.
Mesh networking is something else yet, as it concerns how the backing network of the APs is created and managed. You can have 802.11v with Ethernet-connected APs, or plain client-side roaming with meshed APs.
https://news.ycombinator.com/item?id=35447903 says it uses RADIUS authentication and “I can't just stand up [spoof] the ‘t-mobile’ or ‘Passpoint Secure’ SSID”.
There may be bugs/vulnerabilities in the stronger authentication, of course.
Using PSK for untrusted clients is a bad practice, because everyone who knows the PSK can decrypt all of the wireless traffic even without setting up a malicious AP with the same SSID. If a phone carrier were forcing devices onto PSK networks, it would be an even bigger problem than the one discussed here.
But with this in place, you cannot restrict some apps from using the internet, the type and amount of data will be unrestricted.
https://support.apple.com/guide/deployment/how-apple-devices...
You can only temporarily fix it by disabling the “Phone” part of iPhone
I'm on ios 16.4. I see I have "AT&T Wi-Fi Passpoint" and "attwifi" added to "Managed Networks" - but I am able to disable auto-join for them. I wonder if that can be controlled by the carrier?
Does anyone know if there is a specific term for networks added like this to look for more documentation?
https://www.google.com/search?q=ios+carrier+wifi+applewifi+a...
Eventually just turned off wifi and the problem was “solved” but man this is going to be annoying if it starts happening at the grocery store or something.
I have never had so much trouble with network radio interference as I do here, so I can only imagine the fresh hell when one of my neighbors lights up one of these things.
There’s already a “stop hitting yourself” scenario going on with a guy blasting multiple competing 160mhz width APs for some reason. Thank god for Wifi 6E
And this is why people who say "DNS-over-HTTPS is bad since it bypasses Pi-hole!" are wrong.
>and it’s on secure networks
No it’s not, my home networks are behind strong firewalls and things like pie hole. Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?
I have T-Mobile. T-Mobile maintains agreements for Passpoint networks at random places like airports, T-Mobile stores, or (I recently found out) Home Depot. These networks are encrypted and authorized against a RADIUS server.
My SIM has them programmed into it. I can't just stand up the "t-mobile" or "Passpoint Secure" SSID from my home network and my phone automatically connects to it. That's not how it works.
Based on the fact that your devices are showing preference, I'm gonna take a wild guess and say you have Xfinity/Spectrum/Optimum Mobile. The cable co. MVNOs maintain their own WiFi networks which are (again) connected to via Passpoint and authorized using RADIUS. However, the cable company WiFi networks extend far into neighborhoods and are broadcast from CPEs. Your devices prefer them because that's part of the network you signed up for.
Just VPN back to your home network if you're not confident in their security.
I’m sorry but wtf?
You’re saying that, in my own home, I should just accept that my devices connect to an external wifi against my will and VPN back into my own home… while in my home?
Seriously?
Yes. You signed up for a cable provider mobile service. A huge part of their whole value proposition for their service is "get access to millions of cable WiFi hotspots!" That's their product. They plaster it everywhere in all their ads.
Your situation with Pi-hole and firewalls etc. is a niche use case. Their service is made to appeal to people who are 1) cable company customers and 2) want cheaper service. The majority of people who fall into those categories have an Xfinity router at home that broadcasts the Passpoint SSID. The phones connect to that SSID and have service. Passpoint is going to be more secure than any WPA2/3 network anyway.
If you don't want that to happen, then get a different mobile provider. This one is not for you.
Absolutely no where did I consent to have my devices (yes, my owned devices not leased/payment planned) suddenly lock me out of basic networking settings.
This is almost as stupid as buying a Walmart keyboard and finding out plugging it in disables eth0 because you might load Amazon.
Xfinity customers using xfinity wifi on their android device NEVER experience conflict from dancing between AP with xfinitywifi in their home or from their neighbors unless they explicitly connect to adjacent networks and if they do so they can correct the issue by long pressing on the undesired AP name and selecting "forget".
Nobody cares what a company thinks they signed up for. They give essentially two shits. They pay tech companies to solve their problems and expect solutions that work. The situation as described doesn't work for normal network conditions and equipment. The fact that it also breaks niche stuff that techies like is just diarrhea icing on a shit cake.
Why can I grant fine-grained access to my photos, location etc., but not just outright denying network access to an app that works offline, which would make all of the other concerns mostly moot?
No I didn’t. I bought cell service, they advertise that they also offer hotspots but all the carriers do that.
Nowhere did I sign up for unauthorized modifications of my owned devices wifi stack.
I did build my own network, and my ability to connect to it was forcibly overridden with no way to opt out.
That is entirely the point.
Edit: rulebreaking removed.
Their job is to get my phone on a 3GPP network, and (already a stretch) to possibly offer a reasonable default of autoconnecting to secure Wi-Fi networks that can alleviate mobile network load in crowded locations, but never in preference over my home network, and never ever without a way to opt out of all of it.
This bullshit is exactly why Stallman was right.
If I make a decision, the device should obey me and no one else.
You've got no consent whatsoever to overrule the user's decision.
There's obviously limits to this, and in fact network traffic management is commonly agreed to be one of them. You can't tell your iPhone to blast on the channel of an operator you have no contractual agreement with.
The same goes for Wi-Fi on 5 GHz: You get to use these frequencies, but by law, device manufacturers are required to implement an algorithm that gives the primary user (weather radars important to aviation safety) priority. Patching out that algorithm could actually cost lives.
Where exactly your freedom ends, and that of the general public begins, is a fascinating and important conversation: Should you be allowed to skew your 802.11 or TCP implementation's congestion management algorithms to get priority for the data you send, for example? (All it takes is changing the multiplicative decrease factor up, or the random waiting time after a collision down a bit!)
What's the boundary of where your device ends: The baseband? The 802.11 hardware radio? The kernel, running your 802.11 soft-PHY driver? Userspace? I don't think it's a purely technical question with an easy technical answer.
Personally, I'm fine with my phone coming with a default setup to trust my operator's Wi-Fi networks, but only if the device vendor can absolutely make sure that my home network will be preferred, and in any case with a clear opt-out switch.
Why shouldn't I?
Sure, if I do so, I'll end up with a massive fine from the BNetzA, FCC, or equivalent local authority, but that's still my problem. I agree that freedoms are limited, but you can't enforce social restrictions with technological solutions.
The device should obey me, nothing else. I'm not going to accept devices becoming ever more locked down.
And it's not like it helps, either – I can just as well take an SDR and do the very same myself without any restrictions.
> The baseband? The 802.11 hardware radio? The kernel, running your 802.11 soft-PHY driver? Userspace?
Kernel, drivers, userspace have to be 100% under control of the users. Ideally, hardware should also be entirely under control of the user.
It's already so much work to custom patch the firmware on my cameras to e.g. allow using certain file formats without requiring the storage medium to have been certified by the manufacturer.
I'm already transplanting ICs from the manufacturer's original toner cartridges for my printer to circumvent the shitty DRM brother now introduced as well.
I've already got to use custom devices to strip HDCP so I can watch movies on my PC. My secondary monitor is a really high quality one from 2004 which is still better than many today, if I was bound by some shitty limitations I'd have to turn this into e-waste.
I’m already building customized kernel drivers for some of my WiFi cards because the official ones apply US channel restrictions even outside of the US, which means I've got less spectrum available than I should have.
I want this to be reduced, not increased. I want to move into a future where I need to make less such changes and devices obey me without question.
- Remote access point doesn't provide access to desired resources
- Have acceptable performance
- Have acceptable security parameters according to users needs
Most users can't stand up a vpn inside their network and configure it to alleviate the self inflicted wound of having their phone decide that the user isn't qualified to select the wifi access points it prefers to connect to. You may as well ask them to grow wings and skip Delta. Instead they will be placing irate calls to their ISP about why their wifi sucks so much and I will be silently cursing Apple.
So you expect the average user to be able to set up a Zeroconf/mDNS-proxying VPN, since that’s the only type that will allow things like Google Cast or AirPrint to still work?
Home networks are not just about security or speed, some people have devices on them they can otherwise not reach.
That isn't what Apple says - https://support.apple.com/en-us/HT202831
At least according to the support doc, the most preferred network should be joined first, other private networks are the next priority, and public networks (including EAP-SIM, the subject of this thread) are the lowest priority.
They can say what they want about “being given the lowest priority”, but but they clearly are competing with my home network and winning some fraction of the time.
If you are walking towards your house and it sees one of these 'sponsored networks' it will autojoin it, when you walk into your house it won't switch. It saw the 'sponsored networks' beacon first.
I‘d hope that the iPhone would at least periodically rescan for higher priority networks.
Great point. Wouldn't that mean it "beacons" to your neighbor when you drive home? Then stays connected as you go inside?
Wifi is tricky, if a momentary loss of your main SSID results in your device hopping to the next-available SSID your phone is basically always at risk of jumping LANs
When your phone is on 5g it is not behind a strong firewall, or any firewall at all. It's sitting directly on the internet. I can run a webserver on my phone and you can browse it.
> Do you not see the problem with all of my families devices “preferring” a neighbors network over mine?
If you've been laboring under the misconception that your phone is safe on your home network then perhaps this is a shock. But having your phone connected to a carrier means the carrier is responsible for providing a network.
Normally your phone is connected both to the carrier network and to whatever wifi network the user prefers, if wifi is available.
It seems like the major usability problem here is that instead of connecting to both networks, the carrier network supplants the user's network -- which breaks expectations when near user-run wifi.
I‘d be surprised if that’s true for most operators.
And even if there really is no stateful firewall: On IPv4 you’ll be behind carrier-grade NAT (so no inbound connections), and on IPv6 (including NAT64/DNS64), successfully guessing somebody‘s IP address seems extremely unlikely. (A server that you’ve visited might "dial you back", though.)
And for most users, the most visible effect will probably be that they can’t connect to their Chromecast, smart speakers, AirPrint etc, not decreased security.
It's true for the operators I've tested so far
> On IPv4 you’ll be behind carrier-grade NAT (so no inbound connections)
Sometimes, but often still not the case.
> on IPv6 (including NAT64/DNS64), successfully guessing somebody‘s IP address seems extremely unlikely
Guessing a specific person's ip is a very different threat model from being hit by a random scan.
The mall had WiFi but there was a portal which required SMS authentication and was time limited (the same as every other hotspot, it was rules of the country), so I didn't bother using it on my phone. Plus the carrier had a modern LTE deployement, where I'd often get over 50mbit download speeds - which was faster than my home internet. The network was named something like "<carrier> offload" so I assumed they had a kind of WiFi deployment to limit cell tower load, and it was added by the carrier settings profile.
I can't remember if I was able to disable or delete the network (it worked, so I didn't care). I'm wondering if this feature has been there for a while, but OPs ISP has only just decided to use it (I imagine some exec had an OKR to increase adoption of their public WiFi hotspots).
Well, we know NOW and it's not ok.
They can on my AT&T iOS 16.4 device. I was able to disable auto-join on the two AT&T ones. I didn't need to delete a network to enable the "done" button from the edit screen - the state I toggled for auto-joining the managed networks persisted even if I hit cancel on the edit screen.
I don't like that they're there and auto-join is on by default, but it does appear that can be turned off.
Of course the ones physically nearby all switch back on…
Very disappointed by Apple on this one.
Use a different sort of device
Even several years ago, and hell, even called managed networks, people experienced this exact phenomenon on some Android phones. For example, https://forums.androidcentral.com/threads/tmobilewingman.862...
I could disable auto-join at that time and it didn't happen again.
Also as a general precaution I turned off wifi except at home.
However, if it cannot be disabled, I find it troubling.
It’s impossible for me to disable and breaks all local connections to things like PLEX, as well as kid safety/adult content filtering.
related - I wonder if this is specific to esim or if this would happen with a regular sim too?
and can you just call your carrier?
I had a comcast business router and it started broadcasting an open comcast wifi access point (for comcast customers). I called and asked them to turn it off and they did.
And in my case, I can’t exactly harass all my neighbors to disable their “free hotspot”. I should be able to control my own phone and dictate what it does/does not connect to.
That battle was lost a long time ago. I should be able to restrict (or know) what the apps do. I should be able to firewall my phone. I should be able to access the files on it.
But in the end, only apple decides this, and their decisions are self-serving.
Sent from my Librem 5.
beware of FCC.
But it will not work.
the high dB signal is where the FCC Will care.
You did not mention exceeding Part 15 emitter limits in your previous post.
You can of course saturate the entire spectrum, but that breaks every network, not just the SSIDs you’re "waging war" against, and will probably get you a visit by the FCC sooner or later.
Maybe you could broadcast thousands of spoofed BSSIDs; I have no idea about the legality of that, and the legitimate operator of the SSID might not find that too funny and take legal action against you as well, as that would be pretty transparent denial of service on a public band.
legally, you dont want to do it. i have had experiences with seeing my SSID coming from a router that is not mine, and the nieghbor basically said effoff ill do what i want. in that case i did what i want as well.
It’s not like anybody can "own" an SSID name, and if you’re using WPA, the only effect would be a few milliseconds longer of initial connection time per device.
Actively running a DoS against your neighbor might or might not be legal, but it sure is petty (and given the above, unnecessary).
https://news.ycombinator.com/item?id=35449153
this is called MITM
Yeah in additional to any local servers you have it would break continuity (handoff etc), it would break casting. Sounds very poorly thought through.
Oh, and if it wasn’t clear, I don’t mean this as approving the design flaw. It’s not “look how easy it is to work around!”, but “well, here’s something you can do while we’re stuck with this terrible idea”.
Or, if the phone insists on randomizing MACs, just have it listen for packets above a certain RSSI and keep it very near your phone, and deauth the loud one.
I’d understand if I got a pop up saying “add these networks for the best experience”, I accepted them, etc.
I would have (upon detecting this problem) just removed them and gone about my day.
The problem here is that you are forced to use them with no opt-in and no way to disable it.
but I should have fullllllllllllllllll fucking control over what wifi network my device connects to.
The fact it can connect to mobile data is only 10% of the device, and i don't see why connecting to a carriers mobile network should grant that carrier the ability to edit user settings like what wifi networks its allowed to connect to.
Why would they install WiFi repeaters and not just 4G/5G microcells on the trains?
Makes "perfect" sense.
I'm guessing MVNOs like Comcast would rather force you on their wifi if they can because this way they avoid having to pay the underlying MNO for traffic. Which might explain why they would force enable auto-join.
I'd vote with my dollars and pick a different carrier that doesn't have such user hostile wifi policies.
Note: you can't supervise an existing device without wiping it, so this is an experiment to conduct with a spare phone, or one already managed by Configurator/MDM.
Apple Configurator training: https://it-training.apple.com/tutorials/deployment/dm095
Wi-Fi payload: https://developer.apple.com/documentation/devicemanagement/w...
Another option is using Apple's MDM for small business to define a list of approved SSIDs, https://www.apple.com/business/essentials/
Edit: is there an option to "Remove Profile" in Settings?
Edit2: workaround by null routing the carrier's Wi-Fi SSID? https://www.reddit.com/r/tmobile/comments/vvt6dd/comment/iyr...The null routing workaround seems interesting and could potentially help in avoiding unwanted connections to the carrier's Wi-Fi SSID. However, this method might require some technical knowledge and might not be ideal for less tech-savvy users.
I’m aware this could potentially be fixed by enrolling all my family’s devices in an MDM.
But I mean come on, wipe everyone’s phone to enroll in MDM? Seems pretty crazy when the phone should just let you control what it does/does not join.
Edit: I misread your post, I see now it was more suggesting a test. My bad.
Has the industry forgotten the pre-iPhone disaster of telco-controlled devices? https://www.quora.com/Why-was-the-iPhone-initially-exclusive...
> The landscape of the cell phone market was very different pre-2007. Most notably, the carriers had complete control over what phones were allowed on their network. A carrier could nix a feature that had been in R&D for years and suddenly you couldn’t sell your new phone with this amazing feature. They were especially protective of data and overloading their networks, which led to browsers on phones being stripped down and limited. The whole “full web” was not a technical impossibility, it was just that carriers wouldn’t allow phones on the network that had a full browser.
https://archive.is/4ZCH5
> Apple bucked the rules of the cellphone industry by wresting control away from the normally powerful wireless carriers ... Mr. Jobs once referred to telecom operators as "orifices" that other companies, including phone makers, must go through to reach consumers.
This thread explains the difference between enrolling and supervising and is pretty clear that enrollment does not require a wipe.
https://www.reddit.com/r/Intune/comments/yd7mo5/do_you_need_...
I want a POTS landline (guess I'm stuck in my late 90s "it's more reliable than the internet connection, since the power comes over the copper" attitude), but I can't even get POTS installed here.
But disabling does work for me. And according to the documentation[0] these networks wouldn't get selected in preference to my home network anyway. My blood pressure is dropping a bit.
Assuming these are actually authenticated networks as described, then I don't know if this is any worse than allowing the phone to use the cellular signal. Same provider.
If your phone is hopping onto one of these while at home, I guess check your home wifi signal strength because it's probably dropping out?
[0] https://support.apple.com/en-us/HT202831
Disabling (switching auto-join to off) also does not work, most of them switch back on a few minutes later. This seems to be carrier-dependent from the comments thus far.
I disagree based on my reading of the documentation, these are treated as identical to your other networks. The only benefit is my home network is usually louder, but that’s the rub it doesn’t always work and devices routinely switch.
In my case I noticed this in a condo, so the physical distances are less
Would solve this whole thing I think
I do this so (among other things) my iPhone connects to my home network and won't connect to my young friend's wifi "pineapple" or even suggest it's an option when he thinks I haven't turned peoples internets upside down over twenty years ago...
I do not feel comfortable not knowing what wifi network my device will connect to the next minute along some opaque incentives of an organization I have no control or insights about. What if I have resources or devices in a specific wifi network that I rely upon and they hop over to something else because they want to? I have serious doubts about this move. To me even the hidden direct wifi communication switched on silently allowing two Apple devices communicate each other in the vicinity was a drastic move. We watched some movie on Apple TV and suddenly interrupted with the message and confirmation code display that my second neighbours MacBook Air wants to connect to my Apple TV. "How did he connect to my network?!", came the panic. I have important and confidential data available on my local network (with passwords, but still, one barricade was broken already!). Luckily the guy was aware of this new ""feature"" (more like a nuisance) and so now it is turned off on my Apple TV.
The trust is eroded a lot.
When this happens: (my = family)
1) my devices are no longer behind my firewall or pihole
2) my devices can no longer access PLEX
3) my devices can no longer access my security system, cameras, etc
4) airdrop will fail
My network is my network, when I’m at home I want my devices to be on my network, not randomly dropping out and connecting to random hotspots multiple floors/houses away
> Generally speaking, the local network will have visibility of the same client traffic it would see on any guest network, but it will not have visibility of the subscriber identity or any persistent identifiers other than the associated device’s MAC address
> From an analytics perspective, the major benefits of Passpoint are that it creates a much larger and more complete picture of visitor activity. Since a much higher percentage of visitors will be automatically associated with the network and their behavior and traffic will be visible to the local network, the value of any location, business, and security analytics in use will be improved.
... so the temporary host can theoretically MITM the connection and that's a feature? They don't just VPN everything from the phone to the ISP? :/
Sure, most traffic should be encrypted, but your neighbour could still see (and block) e.g. traditional DNS requests. Are DoH or DoTLS enabled by default yet under iOS?
Not great, IMO. :/