Publication Date: 30 Sep 2024
iOS 18 introduces a significant update in how devices manage MAC address randomization, enhancing user privacy. The feature, known as “Rotate Wi-Fi Address,” will change the MAC address of a device every 2 weeks. In the example below, the Private Wi-Fi Address setting for the particular Wi-Fi network has been set to “Rotating”, meaning that MAC Address randomization is enabled on the iOS device.
iOS 18 MAC Randomization Feature – Under Settings->Wi-Fi->
Click the “i” to see the “Private Wi-Fi Address” Setting
Rotating value indicates MAC Randomization in effect
For hotels offering public or guest Wi-Fi, this can create challenges. Guests who return after two weeks may experience login prompts as if they’re connecting for the first time. For long-stay guests, iOS 18’s MAC address randomization will cause them to see the login page again every two weeks, even if they’ve previously connected. As the network no longer recognizes their device, this disrupts what should be a seamless reconnection process.
Frequent re-authentication could frustrate returning guests, particularly those expecting uninterrupted access after an initial login. In an environment where guest satisfaction is paramount, these repeated prompts may lead to negative feedback, even though it’s caused by Apple’s privacy updates. Another critical issue is that hotel Wi-Fi networks lose the ability to retain their guest device and status recognition, preventing network services from providing differentiating services like higher bandwidth for elite members, or auto-completion of guest details and accord privileges reserved for elite members.
Short-Term Solution: Guests can disable MAC randomization for your network through their device settings, but this solution places the responsibility on them. To do so, guests can select “Fixed” under the Private Wi-Fi address setting.
A Long-Term Strategy: To mitigate these disruptions, consider integrating network solutions designed to handle iOS 18’s privacy features without affecting the guest experience. At ANTlabs, we specialize in networking solutions like Hotspot 2.0 or Wi-Fi profile that address these changes head-on, ensuring smooth and consistent connectivity for your guests while keeping their privacy intact.
Next Steps
Now is the time to explore more robust, long-term options. Contact ANTlabs to discuss how we can help your network adapt to these changes, improving both guest satisfaction and network management efficiency.
Talk to us to know more about ANTlabs Hotspot 2.0 solutions to solve the MAC Randomization issue.
Source: Apple Support – Use private Wi-Fi addresses on Apple devices (Scroll to the section “Learn how this feature works”)
This update adds the following enhancement:
• Remove MIME type and file extension filter from file selector prompt of custom portal editor to allow upload of any file type
This update fixes the following issue:
• Idle timed-out user logs in again and encounters 404 Not Found when accessing some pages, e.g. Roaming Session.
ACS Version 1.16.12 (Update 16.12)
Release Date: 31st October 2022
It is 2021, and there are many ways to connect to the Internet. Do we still really need captive portals for guest networks?
What are captive portals? These are the login pages you see before you log in to a guest network (i.e., coffee shop WiFi, hotel lobby WiFi, etc.). Modern mobile devices provide a captive network assistant to detect captive portals. Once a captive portal is detected, the phones will launch a pseudo browser or captive portal mini browsers (CPMB) to load the captive portal page for the user to complete the login process (Source: World Broadband Alliance).
Before the existence of captive portal mini browsers, users needed to connect to an SSID, open one’s browser, and be redirected to the captive portal. This created challenges for end-users, such as browsers giving false security warnings for relatively harmless sites. Aside from that, the lack of browser standards did not produce a smooth user experience—it was a common sight to see broken pages. This not only mars one’s perception of the operator’s brand, but it also makes one question if they are logging in to the correct network. CPMBs were therefore developed and added to devices back in 2014 to enhance security, interaction, and usability for public WiFi hotspot users. Today, captive portals delivered through CPMBs continue to be part of the solution to improve guest WiFi experience.
Captive portal login pages allow you to put a brand or face offering the guest WiFi service. Why is there a need to do this? This is the first touch and impression that a WiFi network user sees and experiences, for starters. If the WiFi network experience is fast, smooth and pleasant, by extension, it helps to reinforce good feelings towards the brand or associate the good experience to the brand. As the saying goes: “First impressions matter”.
Another benefit of using captive portal pages is reinforcing your brand stickiness and loyalty. There are two ways customers can have an affinity for a brand: brand stickiness and loyalty. Brand loyalty is when customers actively choose a brand because they resonate with the brand or find utility in its products. Brand stickiness is when you ensure your customers return to your business because you have created a welcoming environment or using your product is so convenient that it helps make their lives easier. Both brand stickiness and loyalty have the same goal—to acquire customers and keep them. Together with a great WiFi experience, it will entice them to keep coming back for sure.
For operators and service providers, branding is an easy experience when using ANTlabs products. ANTlabs captive portal login pages are easy to set up with pre-configured templates, drag-and-drop template editor, and the upload stylesheet feature. These features substantially reduce setup time. When operators deploy hotspots using existing templates and a few modifications such as simply uploading the operator’s logo, login pages are up and running in just a few clicks. You can also add advertising banners on these login pages to remind your guests about ongoing promotions at the venue. Or you can simply post reminders or say a nice welcome message when they see your captive portal.
Aside from the consistent experience, seamless connectivity can make your guests remember your brand and your location. Let your guests connect conveniently by giving them various authentication options. With ANTlabs gateways, there are many ways to allow your guests to connect easily (i.e., social media, complimentary access, user ID & password, access code, MAC-level, PMS authentication and billing, email, SMS, Office 365, auto-login, credit card, account printer, etc.). Each authentication method has its merit and value, and we offer you the flexibility to choose what meets your needs.
Read more about ANTlabs’ latest list of WiFi authentication methods
When your guests choose to log in via social media on the captive portal, they also authorize you to access data that they have marked as public for social media networks like Facebook, Twitter, Instagram, and LinkedIn. With user-provided public information, such as interests, age, or even birth year, operators and service providers can tailor the experience they provide to match the audience they attract or hope to attract.
ANTlabs Cloud Service (ACS) gives drill-down reports on the user demographics of each WiFi location. Aside from these insights, operators and service providers can have a glimpse of their network’s health across multiple sites. If you are running a chain of cafes and co-working spaces, your ACS dashboard will tell you if your café across the island is having connectivity problems—it does not matter if you are on vacation abroad; you will see how your network is faring using this.
Can we let users log in through captive portals once and be done with it so they will not do it over and over again? Yes, you can! Picture this: you log in to WiFi via your favorite café’s network, and then the next day, you go to their other branch, and you automatically get logged in to WiFi there as well without having to key in another access code or sign up via forms. This is easy to implement when using ANTlabs gateways. Operators and service providers can easily make their captive portals work with ANTlabs’ seamless relogin and global roaming features to allow this kind of experience. This way, their VIPs will get the best connection when connected to their guest networks, whichever branch they visit in the world.
Businesses can indemnify themselves from illegal WiFi use or conform to regulatory requirements using captive portal login pages to collect end-user acceptance. Upon logging in to your guest network, you let the guests agree to the terms of use. This is where you can specify that your users agree that your business is not liable for what they are doing online while connected to your network or users granting their privacy permission for data collection and usage. Your captive portal should require them to tick on a checkbox to state that they understand what they are doing and know the possible consequences. Having this will protect not only the users but also your business.
ANTlabs recognizes how important user data privacy is, and our products are GDPR-compliant. Whether you use ANTlabs gateways or any of our cloud services and platforms, you are assured that you give your users the power to manage their data themselves through the ANTlabs user portal. Here, not only do you guarantee your guests that their data is safe when they are connected to your network, but you also empower them by giving them the option to remove their data. Thus, you protect them while you protect your business.
CPMBs were made to add a security layer for users. Over time, its use has evolved. The pages vary from a simple login to forms that ask for more information to QR code scanning and launching mobile apps. Unscrupulous entities found ways to exploit user data and disregard privacy, so WiFi-enabled device manufacturers started to enforce ways to protect users.
One way that device manufacturers implemented to protect user privacy is MAC randomization, and another is limiting CPMB capabilities to interact with native apps. In the latest iOS and Android updates, they started to limit what CPMBs can do, so for WiFi hotspots that use captive portals, the WiFi onboarding experience may be disrupted. ANTlabs has developed solutions to adapt and reduce the disruptions caused by these developing situations.
Given these disruptions, are captive portals still necessary? The answer is a resounding yes, especially for operators who offer guest WiFi to countless devices with varying requirements. Captive portals via mini browsers are still the most common and accessible mechanism for users to sign on to the guest WiFi. Furthermore, captive portals protect both the operator and the users.
To ensure that the connectivity is manageable and safe for all users, operators must know who is connected to their network—captive portals allow service providers and operators to do this. Logging to WiFi through captive portals can serve as an agreement that the operator is providing a safe WiFi connectivity service to their guests. In return, the user is expected to follow the terms set by the service provider.
For secured roaming, Hotspot 2.0 does offer an industry-approved way for different mobile devices to connect seamlessly without the use of captive portals. However, unless every single person in the world has enabled Hotspot 2.0 and similar technologies, there is no single way to ensure safe WiFi connectivity if we do without captive portals.
Can we imagine a world with no captive portals for guest WiFi networks? Not anytime soon because the benefits outweigh the mild inconvenience for both operators and users.
Ask us today about how ANTlabs captive portal login works to improve your guest networks.
—
Images from Pixabay, Mobile vector created by stories – www.freepik.com, Alexander Suhorucov from Pexels, cottonbro from Pexels
This update adds the following enhancements: Location portal enhancements: Re-enable WeChat Allow configuring WeChat authentication in location portal. Add WeChat data in reports. Add support for PayWay and Authorize.Net Accept.js payment portals. Stricter MIME type check for logo, background, and banner uploads, allowing only JPEG, PNG, and GIF Tool-tip in Authentication tab that hints at […]
ANTlabs recently added Office 365 and LinkedIn to its ever-growing list of Social WiFi authentication methods. Aside from allowing your guests to connect via social media quickly, here is the comprehensive list of ways you and your guests can connect to WiFi when using ANTlabs gateways:
Social media – Encourage your guests to log in via Facebook, Google, Twitter, Instagram, Line, WeChat, and LinkedIn–and let them post good things about your venue
Complimentary access – invite more guests to your venue with free WiFi
User ID and password authentication (local accounts) – provide your guests, members, VIPs, and staff their WiFi user name and password
Access code authentication (local accounts) – generate and give out WiFi access codes to your guests
MAC-level authentication for non-HTTP devices – choose which devices can connect to your network
PMS authentication and Billing – conveniently connect your esteemed guests through your hotel’s property management system
Email / SMS authentication – let your guests connect to your network through email or SMS
Office 365 login – your guests and office staff can use their Office 365 account to login to your WiFi network
Auto-login – no login page for areas where you want guests to connect to your network sans access codes seamlessly
Account Printer – one-tap access code generation on a hand-held device (i.e. ANTlabs Account Printer AP 3100)
ANTlabs gateways also support credit card authentication and billing through Worldpay, Authorize.net, Payflow Pro, Payflow Link.
Recently in December, WeChat rejoined ANTlabs’ roster of social WiFi login methods after its brief hiatus.
ANTlabs has again released WeChat login for captive portals on December 14 and 21, 2020 for IG4 and SG 4, and IG 4 S-Series and SG 4 S-Series. WeChat login was first released in 2018 as an additional social WiFi authentication method for ANTlabs gateway captive portals. However, in 2019, WeChat deprecated portal login due […]
This update adds the following enhancements: Support for HTTPS in Location Portals This update includes the following fixes: Prevents admin audit logs of other same-level admins from showing Removes unnecessary saving of client info in session variables for custom portals ACS Version: 1.16.10 (UPDATE 16.10)Release Date: 24 November 2020
Last Updated: 15 Oct 2020Publication Date: 24 Sep 2020 What is Randomized MAC and what is it for? With the recent launch of IOS 14 and Android 10, a new feature is introduced which configures the phone to use a randomized MAC address when connecting to a WiFi network. The feature is enabled by default […]
This update added the following enhancements: Added LinkedIn and Office365 authentications into portals Added LinkedIn and Office365 filters into User Details page Showed LinkedIn and Office365 data in reports Added Payway And Authorize.Net Accept JS payment gateways Into Credit Card authentication Allow to add logo image dimension into config.ini of custom portal Reduce file size […]
Remove QoS class at global plan pages Change button name from ‘Login with Google+’ to ‘Login with Google’ for built-in portals Update all built-in templates’ thumbnail to reflect google plus button changes Custom portal uploader popup keeps showing after closing it in Edge browser Usage PDF Report fixes: 16th day date value being duplicated in […]