Why does most hotel wifi suck?
They all use diverse but seemingly useless and often non-functional systems which appear to do something like:
-hijack the dns server to redirect your first http query
-get you to some webpage where you have to enter a password, or click on a button
-once you jump through those hoops provide access to the internet, most of the time through some sort of NAT gateway, adding latency to an already undersized connection.
This is a pile of silly hacks abusing the way the internet is supposed to be used and I fail to see what that layer of pseudo-security is achieveing, or even trying to achieve.
Why is it that the companies which sell those contraptions are still in business? Do the people who work in IT for hotel chains not care, or are they all stupid? Why is it this hard to offer a service that just works?
7 comments
[ 3.5 ms ] story [ 32.3 ms ] threadIf it's free, then of course there are limits to stop people abusing the service. Business travellers would most likely tie up the bandwidth doing video calls to family and associates. Downloading files they forgot to copy to their laptops and let's not forget ... surfing for porn.
If it's paid for, then you should get what you paid for. If not, just wander down to the nearest StarBucks, Maccas, whatever and use the service you find there.
Hotels don't want to deal with computer networks, they just buy this service... And for 99% (made up number) of hotel guests it's sufficient that they enter their credentials once, and are able to use facebook / access hotmail.com for the remaining evening. There's no monetary incentive for anyone to go beyond this service.
Technical:
Most of these systems don't hijack DNS but rather employ a transparent proxy: Traffic to port 80 is not forwarded directly but to a proxy that replaces answers to queries from unauthenticated clients with a redirect to a authentication page. (http://en.wikipedia.org/wiki/Captive_portal)
These systems most often let ICMP and TCP/UDP to port 53 (DNS) through unfiltered, because of the hassle involving customers with strange DNS configurations. Even if unauthenticated. So if you can get a cheap dedicated server somewhere: Just run a VPN on port 53/UDP and have a ssh-server listen on port 53/TCP and quite often you can connect to those without any passwords or credit card details being entered anywhere...
It could be possible to set up more of the enterprise configuration, where each user has their own password onto the WiFi. However, that means creating and destroying authentication accounts on a fairly regular basis. It's so much easier for the hotels to change 1 login key every week to a bunch of random characters and to hand that out to guests.
If a guest has a problem, everyone at the desk knows the passkey, and they can help them on. Otherwise, the front desk won't be able to help. I think most guests would rather the front desk solve their problems if possible. They don't care about the wifi being secure. If they do, they're already using corporate VPNs.