Hotspot Scorecards

For every criterion, a hotspot may fully , partially satisfy or not satisfy the criteria .

 

1. Availability of Privacy Policy and TOS

An easily accessible privacy policy and Terms of Service (TOS) documentations are important to define users' responsibility toward the service and for communicating any privacy implications to the hotspot users.

Fully Satisfy : The captive portal contains a link to the privacy policy and TOS documents.
Partially Satisfy if either of them is missing.

 

2. Mandatory Signup

Hotspots can provide internet access without any explicit personal data collection. However, it can

use social login (Facebook, LinkedIn, Google, Instagram) or a registration page to collect significant amount of personal information.

Fully Satisfy : The hotspot allows access without requiring any personal information (via social login or registration form).

 

3. Tracking Users

Hotspots can use various techniques to track users. This include identifiers locally stored on the user's device by thirdparties (e.g., HTTP cookies), which are commonly used to uniquely identify users.

Fully Satisfy : The hotspot does not have any known or possible trackers on the captive portal.
Partially Satisfy : The hotspot only has possible trackers on the captive portal (i.e., It does not have any known trackers).

 

 

4. Cross-Tracking Users

The captive portal can use tracking cookies to track user's across hotspots.

Fully Satisfy : The hotspot does not perform any tracking across hotspots.

 

5. Tracking Users before Consent

The captive portal should not perform any web tracking activities before the user consent before acceptance of terms and conditions.

Fully Satisfy : The hotspot does not perform any kind of web tracking prior to user's consent including satetful and stateless tracking.

 

6. Collecting Personal Information (PII)

Hotspots can collect a wide range of information while trying to get access to the internet.

Fully Satisfy : The hotspot allows access without requiring any personal information (via social login or registration form).
Partially Satisfy : The hotspot collects only Email address or phone number, assuming email or phone number is used to communicate privacy policy and TOS changes to the user.

 

 

7. Collecting System Information

Hotspots can perform device/system fingerprinting to uniquly identify users. : The hotspot does not collect system information about user's device or browser including the MAC address.

 

8. Linking PII to MAC Address

Hotspots can link the users MAC address to the collected personal information.

Fully Satisfy : The hotspot does not link the users MAC address to the collected personal information.

 

 

9. Sharing Information

Hotspots may share users' data with third-parties and affiliates.

Fully Satisfy : The hotspot does not share any information collected with third-parties (e.g., Use third-party captive portal).

 

10. Securing Information

Protecting users' information is a major concern as any leak could lead to identification of individual users and their location.

Fully Satisfy : The hotspot uses TLS for all communications between the captive portal and back-end servers to protect user's personal informaion.