When I lived in Florida I was a Comcast customers and so when I was out of the house my phone logged onto Comcast hotspots. Even today my phone still does this, even though I’m no longer a Comcast customer and I assume there is a cookie on the phone that identifies me as a Comcast customer. I understand these logins, because after I the first time I logged onto a Comcast hotspot my phone assumed that any other Comcast hotspot is an acceptable network. This is something I voluntarily signed up for.
But today I find my phone automatically logged onto a number of hotspots in airports and hotels which I definitely have not authorized. I contrast this with using my laptop in an airport or hotel. With the laptop I always have to go through some sort of greeting screen, and even if it’s a free connection I usually have to sign on to some terms of service. But my phone just automatically grabs WiFi in many airports, even those I haven’t visited in many years. I have to assume that AT&T has some sort of arrangement with these WiFi networks.
I usually notice that I’m on WiFi when my phone gets so sluggish it barely works. WiFi is still notoriously slow in crowed public places. Once I realize I’m on a WiFi network I didn’t authorize I turn the WiFi off on my phone and revert to cellular data. Every security article I’ve ever read says to be cautious when using public WiFi and so I’d prefer not to use these connections unless I have no other option.
There was a major effort made a few years back to create a seamless WiFi network for just this purpose. The WiFi Alliance created a protocol called Hotspot 2.0 that is being marketed under the name of Passpoint. The purpose of this effort was to allow cellular users to automatically connect and roam between a wide variety of hotspots without having to ever log in. Their ultimate goal was to enable WiFi calling that could hand off between hotspots in the same way that cellular phones hand-off between cell sites.
It’s obvious that AT&T and other cellular carriers have implemented at least some aspects of Hotspot 2.0. In the original vision of Hotspot 2.0 customers were to be given the option of authorizing their participation in the Passpoint network. But AT&T has never asked my permission to log me onto WiFi hotspots (unless it was buried in my terms of service). AT&T has clearly decided that they want to use these WiFi handoffs in a busy environment like an airport to protect their cellular networks from being swamped.
It’s interesting that Verizon is not doing this. I think one reason for this is that they don’t want to give up control of their customers. Verizon foresees a huge future revenue stream from mining customer data and I’m guessing they don’t want their customer to be shuttled to a WiFi network controlled by somebody else, where they can’t track customer behavior. Verizon is instead pushing forward with the implementation of LTE-U where they can direct some data traffic into the WiFi bands, but all under their own control. While LTE-U uses WiFi frequency, it is not a hotspot technology and is as hard to intercept or hack as any other cellular traffic.
Most new cellphones now come with the Passpoint technology baked into the chipset. I think we can expect that more and more of our cellular data connections will be shuttled to hotspots without notifying us. Most people are not going to be bothered by this because it will reduce usage on their cellular data plans. I’m just not nuts about being handed off to networks without some sort of notification so that I can change my settings if I don’t want to use the selected network. I guess this is just another example of how cellular companies do what they want and don’t generally ask for customer permission.