For users that haven't read the documentation about the unsafe browser and/or just don't understand when it's necessary, it would be good if Tails does a reasonable job to try to detect whether a captive portal seems to be in place and notify the user if so. The approaches could range from simplistic to more sophisticated:
- If
wait_for_tor_consensus()
fails during time syncing. Note that this would happen if Tails is booted on a LAN without Internet connection. - Use ooni-probe?
- Other approaches.
The method used likely has to be active, but it should preferably hook into some common, innocent looking network connection in order to avoid fingerprinting.
Open questions
Is it OK to be more fingerprintable by checking (without Tor) whether a captive portal is sitting in the way?
Related question: how much is Tails fingerprintable as Tails by a network attacker (ISP), as opposed to being fingerprintable as "someone using Tor Browser"?
How shall we integrate the captive portal browser on the desktop in case we need to get back to it (to log in again, to log out)?
- Lunar's proposal: as a detached windows
- other possibility: invisible browser by default, can be displayed again somehow
Tools
Using WWW::Mechanize::Shell
For each kind of hotspot:
- list of possible ESSID
- optional: allocated IP address classes
- optional: network test script?
- optional: SSL certificate fingerprint?
- a WWW::Mechanize::Shell script
Main script in in /etc/NetworkManager/dispatcher.d.
Test current connection against known hotspots.
When connected to a known hotspot, starts WWW::Mechanize::Shell script. Values are entered through a callback than will uses Gtk2::Notify and some custom widgets. Known login/passwords should be put in gnome-keyring with a browser like completion system (enter first letters, pick login, password is prefilled). Maybe we could use the same login/password database as Epiphany.
For hotspots that requires a periodic refresh, we can run another WWW::Mechanize::Shell script in a loop. NetworkManager is meanwhile monitored through DBUS to kill the loop if connection is lost. If loop fails try once more through default script before displaying a notification.
Existing hotspot connection applications
Looks like there is at least two Python apps doing this already:
Captive portal detection
hellais and friends are working on ooni-probe which may be interesting, depending on how stealthy the probe is.
- RFC 7710, aka. Captive-Portal Identification Using DHCP or Router Advertisements (RAs)
- Subgraph OS's defector
- Elementary OS' Captive Portal Assistant
- https://help.gnome.org/misc/release-notes/3.14/
- https://www.chromium.org/chromium-os/chromiumos-design-docs/network-portal-detection
- https://android.stackexchange.com/questions/82977/cyanogenmod-and-privacy
- http://blog.superuser.com/2011/05/16/windows-7-network-awareness/
- https://msdn.microsoft.com/en-us/library/windows/hardware/dn408681.aspx
Beta testers
- San Bergmans info@sbprojects.com: FON network, KPN hotspots in the Netherlands