Privacy Leakage in Canadian Public Wi-Fi Networks
Organization
Concordia Institute for Information Systems Engineering, Concordia UniversityPublished
2019
Project Leader(s)
Mohammad Mannan & Amr Youssef
Summary
The research team collected data from 67 unique public WiFi hotspots in Montreal and analyzed the web tracking and personal-information collection behaviors of these hotspots’ captive portals and landing pages. The study reveals the collection of a significant amount of privacy-sensitive personal data through the use of social login (e.g., Facebook and Google) and registration forms, and many instances of tracking activities, sometimes even before the user accepts the hotspot's privacy and terms of service policies.
Most hotspots use persistent third-party tracking cookies within their captive portal site. These cookies can be used to follow the user's browsing behavior long after the user leaves the hotspots, e.g., up to 20 years. Additionally, several hotspots explicitly share (sometimes via HTTP) the collected personal and unique device information with many third-party tracking domains. Some hotspots can also effectively track Android devices even though Android uses a separate captive portal app.
Project deliverables are available in the following language(s):
English
OPC Funded Project
This project received funding support through the Office of the Privacy Commissioner of Canada’s Contributions Program. The opinions expressed in the summary and report(s) are those of the authors and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada. Summaries have been provided by the project authors. Please note that the projects appear in their language of origin.
Contact Information
Concordia Institute for Information Systems Engineering Concordia University 1455 de Maisonneuve Blvd. West, EV7.640, Montreal, Quebec, H3G 1M8 514-848-2424 ext. (5441, 8972) Email: Amr Youssef
Email: Mohammad Mannan- Date modified: