[AusNOG] Interception?

Andrew Cox andrew.cox at bigair.net.au
Fri Jul 6 17:32:20 EST 2012


On 6 July 2012 10:44, Mark Newton <newton at atdot.dotat.org> wrote:

>
> The issue here is applications doing things users don't expect:
> A self-created problem.
>
> Users don't expect that visiting google.com causes their browser
> to deliver them a portal instead.
>

Correct, but most of them will try visiting it on a network they've never
connected to before just to see if it just works.

>
> By attempting to break that expectation, network operators who rely
> on captive portals create a rod for their own back by giving users
> an unexpected error message instead.
>
> ...snip...
>
> But if it doesn't work, or if users hate it and don't use it, or
> if the cost of answering the phone for their support calls destroys
> your profit margin, that's hardly a technology problem, is it?  It
> just means you got your business model wrong.
>

I think you've hit the nail on the head here, but for a reason different to
what you'd expect. The broken part of the model is that users have come to
expect they should call an ISP to get signed up, wait for 1-2 weeks and
possibly be required to purchase a small magic box they plug into the wall
to make it all work. Y*et despite all that*, most of them will connect to a
new network (cabled or wireless) and try to get access anyway.

The captive portal systems have removed this process where one company
pokes another to poke another to get a connection to the point on your wall
because we already deliver to all the end-points we're providing the portal
on.

I personally feel the support calls on users loading HTTPS pages the first
time they try to connect* are a fair trade off for being able to deliver
most connections without a customer ever having to put a phone to their
ear. But at the end of the day that's a choice we've made and doesn't mean
it's going to be how everyone feels, some hotspots might even decide to
drop port 443 traffic from being redirected just so they don't have to
explain it.

*We offer either captive portal (HTTPS page) or PPPoE authentication, the
user decides what they want to use.


> Think about how payphones work.  Users don't dial their number
> and then get randomly connected to some unexpected third party;
> they'd go apeshit if that happened!  They know they're going to
> need to do "something" to make the call work before they even
> start. Can you leverage that model and those expectations to
> make what you're doing work?
>

This is just it, that's all well and good when you're connecting up at a
new house, but forcing this on come-and-go hotspot users, hotel guests,
student accommodation, mining camps etc would only serve to balloon out
signup times and confuse users who don't want to make a long term
commitment, they just want to plug and play within the first 5 minutes. If
a legitimate https error is the by-product of this process then fielding
those very few calls is just part of the cost of doing your business this
way; but if Skeeve or anyone else can find a solution that's relatively
simple and works, their whole signup process is seamless and already 10
times more user friendly than anything I can get via a retail provider
without having an existing internet connection with which to sign up
through.

>
>   - mark
>
>
Full disclosure: I work for the largest provider of captive portal services
in Australia (to the best of my knowledge!) servicing a variety of sites
and signup methods.
My views are my own and do not necessarily reflect the views of the company
etc etc.

- Andrew
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20120706/ac284ec8/attachment.html>


More information about the AusNOG mailing list