TL;DRHotel WiFi captive portals have quietly become both a security attack surface (HTTP-only pages, DNS hijacking, rogue networks) and a programmatic ad channel collecting first-party data. Most VPN clients fail at the handoff. KeepSolid built a Captive Portal Network Checker into VPN Unlimited to detect and reconnect automatically.
Last month I checked into a hotel for a conference. Open laptop. Click WiFi. Hotel network. The familiar splash screen appears: enter your room number, your last name, accept the terms. Standard.
What’s no longer standard is what’s running behind that splash screen.
The captive portal, that login page you see before you can actually use a hotel or airport WiFi, has quietly evolved into two parallel industries at once. One is a security attack surface. The other is a programmatic advertising channel worth real money. They share infrastructure. Most travelers don’t see either side of this clearly. Most VPN providers don’t either.
The technical reality











