That’s when the user needs to visit an HTTP site other than the standard captive portal pages. One like neverssl.com

What?

This website is for when you try to open Facebook, Google, Amazon, etc on a wifi network, and nothing happens. Type “https://neverssl.com” into your browser’s url bar, and you’ll be able to log on.

How?

neverssl.com will never use SSL (also known as TLS). No encryption, no strong authentication, no HSTS, no HTTP/2.0, just plain old unencrypted HTTP and forever stuck in the dark ages of internet security.

Why?

Normally, that’s a bad idea. You should always use SSL and secure encryption when possible. In fact, it’s such a bad idea that most websites are now using https by default.

And that’s great, but it also means that if you’re relying on poorly-behaved wifi networks, it can be hard to get online. Secure browsers and websites using https make it impossible for those wifi networks to send you to a login or payment page. Basically, those networks can’t tap into your connection just like attackers can’t. Modern browsers are so good that they can remember when a website supports encryption and even if you type in the website name, they’ll use https.

And if the network never redirects you to this page, well as you can see, you’re not missing much.

If you’re using a mainstream OS that automatically detects standard captive portals, the main reason why you’ll need this is for “tiered” captive portals like the ones offered on some airplanes.

Those tiered captive portals have unique requirements that conflict with OS behavior:

A) By default, they want to offer some limited Internet access, such as accessing a sponsored site (often a shopping site like Amazon) or streaming videos (from some server on the airplane LAN).

B) For premium, paying users, they want to offer (mostly) full Internet access

For this to work, they have to fool devices in Tier A into believing that they have Internet access, by spoofing responses from standard captive portal detection URLs like captive.apple.com. Otherwise, if the network fails the captive portal test, many devices won’t stay connected to the Wi-Fi network, preventing access to the sponsored sites or LAN streaming apps.

At the same time, they want users to be able to upgrade from Tier A (limited access) to Tier B (full access) at any time. So they enable these upgrades by serving a captive portal page… to every HTTP site _except_ the standard OS captive portal detection pages that would affect OS behavior.

It’s obviously a fragile solution and is becoming an increasingly poor experience as sites adopt HTTPS, HSTS, and other standards. At the same time, I don’t know of any upcoming solutions to the tiered captive portal problem. Does anyone know what should replace this?

How to Force a Wifi Login Page to Open

If you’re having issues accessing a public wifi login page, you can force it to load using this simple trick..

Most public wifi networks require some sort of login, as a measure to protect both their network and users. Hotels, restaurants and airport wifi networks will typically require you to agree to “terms and conditions” prior to accessing the internet through their hardware, but if you’re unable to check the “agree” box in the first place, there’ll be no browsing for you! Devices fail to load wifi login screens for a variety of reasons, but there’s a simple way to force-load the login page from any device.

Use neverssl.com to force load wifi login pages

Wifi login pages can be forced open by accessing any non-encrypted webpage, or website that doesn’t use SSL (TLS). SSL provides a secure connection to the target website, changing from http to https and (depending on your browser) displays a padlock next to the website URL. In the internet’s dark infancy (circa 2000), http was the most commonly used application protocol. At the time, it was state of the art, but today is highly insecure and vulnerable to attack.

Today, nearly all websites use SSL, encrypting their connection and validating authority of their website. While this is good in the greater scheme of things, it poses a problem for accessing wifi networks that are poorly-behaved. Basically, the wifi network that you’re having issues connecting to, won’t send you the login page because your device is seeking only https connections and rejecting anything else (it’s more secure that way). To force a login page to open, we have to try visiting an unsecure website. In our case, we’ll recommend visiting neverssl.com.

Neverssl.com is specifically designed as a wifi login, forcing website. This one-page website does little more than educate you about how SSL prevents login pages from loading and of course, opens your wifi login screen. Technically, you can use any website that is unsecure (uses http instead of https), but with other websites you run the risk of exposing yourself to potential attackers. Next time you’re at the gym, airport or hotel and can’t seem to load their wifi login page, go to neverssl.com!

How NeverSSL Can Help You to Connect to a WiFi Network

Most web sites now use SSL

While this a great increase of security, there is one situation in which this is a bad thing: Connecting to a WiFi network that tries to add a login screen into the website you requested. This is not possible and without that login (and accepting the terms of service) you do not get an internet connection. What can you do when you travel abroad and need to circumvent this protection?

You could create your own site that has no SSL

but that is a lot of work for those few times you need that login mask. A much better and free option is to use http://neverssl.com. This site does exactly what its easy to remember URL suggests: It runs without SSL.

Whenever you need a site not protected with HTTPS

you go to http://neverssl.com and let the network operator inject that annoying login mask. Close this tab (or browser) as soon as you are connected.

For users of VPN clients:

You may need to turn them off until you are logged in. Just do not forget to turn the VPN client back on when you are connected.

Connecting to Wifi that Requires Logon or Hotspot Agreement Page

This last weekend I was travelling and needed to get onto my hotel’s wifi to get some work done. Many hotels and other public wireless access points require that you not only connect to their network, but then open a browser and agree to their terms and conditions or type in a username or password. They typically will do this by intercepting the first web page request your browser makes (usually to your browser home page) and instead sending you to the page where you have to click “Agree” to something. The problem? More and more, the hotel’s wifi system cannot send you the to the hotspot portal page to agree to their terms. So how do you get around that and get online?

First off, the question is why can’t you load the portal/hotspot page in the first place? Because the portal software that is running the wireless network wasn’t able to intercept your web page request because it was likely to a secure SSL page – which those systems cannot easily intercept (and really shouldn’t be trying to intercept). If they cannot intercept that page request, they can’t then redirect you to the terms and conditions page.

SSL is a great thing to have on websites and should be the default on every site you are visiting (especially if you’re connecting over an unsecured wireless network). Your modern browser is smart enough to default to SSL-based browsing on a web site if it was able to do so before. Even the site you’re reading this article on should be secure, and browsers will remember that (and we also force the issue and you won’t be able to load this site in a non-secure way). There are browser add-ons and plugins that force HTTPS/SSL as much as humanely possible as well.

So how to get around this? With NeverSSL. First, connect to the wireless network you’re trying to connect to on your device (laptop, smartphone, etc…). Then, load up neverssl.com in your device’s browser. Since neverssl.com will never use SSL, it should trigger the page interception and load the hotspot terms and conditions page that you need to click on to connect properly. Then you can browse all the SSL-protected sites you want once you get that initial connection out of the way.

I’ve used this on three networks the last few days that I was having consistent trouble connecting to because most of my pages I visit are SSL/HTTPS pages. This helps that connection happen quickly.

Do Note: While we recommend you only connect to secure password-protected networks to protect your personal data, even those will occasionally require you to agree to something on a web site. This will help with those hotspot connections, too, as they’ll frequently have a terms and conditions page.