Revision history [back]

Currently the captive portal detection of SFOS opens a detected portal in a new tab of the standard browser. This is a bad idea as that may give the portal access to various browser data like cookies and my be used for tracking. Some captive portals have multiple tracking ad networks integrated.

Sophos Security describes an issue which has been fixed in iOS in 2013. It may be wise evaluating whether SFOS is affected by something similar.

Androids captive portal detection opens the portal in a very restricted locked-down browser environment without access to systems cookies and other profile data. Other functions are restricted as well.

A short term goal for SFOS should be to always use a fresh & separate browser profile for captive portals. Further restrictions may also be worth to be evaluated.

Currently the captive portal detection of SFOS opens a detected portal in a new tab of the standard browser. This is a bad idea as that may give the portal access to various browser data like cookies and my be used for tracking. Some captive portals have multiple tracking ad networks integrated.

Sophos Security describes an issue which has been fixed in iOS in 2013. It may be wise evaluating whether SFOS is affected by something similar.

Androids captive portal detection opens the portal in a very restricted locked-down browser environment without access to systems cookies and other profile data. Other functions are restricted as well.

A short term goal for SFOS should be to always use a fresh & separate browser profile for captive portals. Further restrictions may also be worth to be evaluated.

Currently the captive portal detection of SFOS opens a detected portal in a new tab of the standard browser. This is a bad idea as that may give the portal access to various browser data like cookies and my be used for tracking. Some captive portals have multiple tracking ad networks integrated.

Sophos Security describes an issue which has been fixed in iOS in 2013. It may be wise evaluating whether SFOS is affected by something similar.

Androids captive portal detection opens the portal in a very restricted locked-down browser environment without access to systems cookies and other profile data. Other functions are restricted as well.

A short term goal for SFOS should be to always use a fresh & separate browser profile for captive portals. Further restrictions may also be worth to be evaluated.

Currently the captive portal detection of SFOS opens a detected portal in a new tab of the standard browser. This is a bad idea as that may give the portal access to various browser data like cookies and my be used for tracking. Some captive portals have multiple tracking ad networks integrated.

Sophos Security describes an issue which has been fixed in iOS in 2013. It may be wise evaluating whether SFOS is affected by something similar.

Androids captive portal detection opens the portal in a very restricted locked-down browser environment without access to systems cookies and other profile data. Other functions are restricted as well.well.
This is also not only a privacy issue, as an attacker could set up a WLAN network with a common SSID and try to exploit browser vulnerabilities/ mine bitcoin/ steal login data from password store … in the then automatically loaded captive portal page.

A short term goal for SFOS should be to always use a fresh & separate browser profile for captive portals. Further restrictions may also be worth to be evaluated.