Logging into Captive Portals
Many publicly accessible Internet connections found at cafes, libraries, airports, hotels, universities and other locations require its users to register and login in order to get access to the Internet. This means newly connected users of the (free or paid) Wi-Fi or wired network have their browser redirected to a "captive portal" landing or login page, which requires either authentication, payment, acceptance of end-user license agreements, acceptable use policy, survey completion or other credentials before broader access to network resources is granted.  
Figure: Sample Captive Portal 
In general, captive portals pose a number of privacy concerns. Depending on the portal in question, it may be necessary to enter personal information such as an email or social media account, account number (when in a library), hotel room number, or other identifying details.  Recent research on Wi-Fi hotspots has revealed: 
- Social login providers may share several privacy-sensitive fields - for example LinkedIn shares the full name, email address profile picture, current location and full employment history.
- The vast majority of hotspots utilize tracking technologies in their captive portals and landing pages - multiple third-party tracking domains and persistent third-party HTTP cookies are common.
- Personal and unique device information is sometimes shared with third-party domains (even without HTTPS).
- A majority expose the user's device MAC address.
- Sometimes personally sensitive information is leaked via HTTP, including full name, email address, phone number, address, postal code, date of birth and age.
- Some hotspots explicitly link MAC address to collected personal information, allowing long-term user tracking.
This research confirms that while VPNs and the adoption of HTTPS on most websites mostly secures users' personal information from malicious hotspot providers, device/user tracking is still a serious privacy threat.
Logging into Captive Portals
When using VMs
It is not possible to access captive portals inside Whonix-Workstation ™. Therefore, in Non-Qubes-Whonix ™ it is necessary to use the browser on the host operating system for this purpose, since it has unrestricted network access. In Qubes-Whonix, a separate dedicated VM must be used such as a Debian or Fedora AppVM.
It must be stressed that this configuration is not anonymous, so it must be used carefully.
When using Physical Isolation
There is no unsafe browser installed by default on Whonix-Gateway ™ (see below for instructions). As a workaround a third machine can be used which has access to clearnet, or the hardware which runs Whonix-Gateway ™ can be booted with another operating system (from USB), which is not torified.
- While this browser can be used without any restrictions, it is strongly recommended to only use it for the purpose stated above, that is to access and login on captive portals.
- Do not run this browser at the same time as the normal, anonymous Tor Browser. Otherwise, it is easy to mistake one browser for the other, which could have catastrophic consequences for anonymity.
- It is suggested to run this browser from a dedicated VM and lock it down with NoScript and isolation programs like FireJail (Linux only).
These steps must be completed while you still have an Internet connection. It cannot be done later on when an Internet connection is required, since no unsafe browser is installed by default.
To remove the unsafe browser, apply the following instructions.
Whonix ™ Logging in to captive portals wiki page Copyright (C) Amnesia <amnesia at boum dot org>
Whonix ™ Logging in to captive portals wiki page Copyright (C) 2012 - 2021 ENCRYPTED SUPPORT LP <email@example.com>
This program comes with ABSOLUTELY NO WARRANTY; for details see the wiki source code.
This is free software, and you are welcome to redistribute it under certain conditions; see the wiki source code for details.
- https://en.wikipedia.org/wiki/Captive_portal [archive]
- Captive portals are sometimes used for access to enterprise or residential wired networks, such as business centers, apartments or hotel rooms.
- https://en.wikipedia.org/wiki/File:Captive_Portal.png [archive]
- https://www.eff.org/deeplinks/2017/08/how-captive-portals-interfere-wireless-security-and-privacy [archive]
- https://arxiv.org/pdf/1907.02142v1.pdf [archive]
--set-homeparameter is important to prevent file permission issues since a GUI application is to be started under a different user account. Similar to GUI Applications with Root Rights. Quote
Request that the security policy set the HOME environment variable to the home directory specified by the target user's password database entry. Depending on the policy, this may be the default behavior.