HotspotCheck: Investigating Privacy Risks and Practices of Public Wi-Fi Hotspots with the Assistance of LLMs

Hosseini, Henry; Böttger, Christian

Abstract

Public Wi-Fi Hotspots are a practical means to conveniently stay connected to the Internet without needing a cellular data plan. However, they may expose users to various privacy risks. The following ongoing work aims to investigate these risks and understand the practices of captive portal Wi-Fi hotspot operators. For this purpose, we conducted two separate preliminary studies, investigating 55 Wi-Fi hotspots in Germany in 2021 and 2022. Based on our findings, we developed a mobile application capable of detecting GDPR violations and excessive personal data collection in captive portals, warning users about such practices. Our initial results using this application indicate the ongoing presence of high-risk behavior and GDPR violations of governing data protection regulations in German Wi-Fi hotspots as of 2025. Our future research efforts will involve refining the application to develop suitable user interfaces for non-tech-savvy users and inspecting more Wi-Fi hotspots worldwide. The ultimate goal is to provide users with the means to choose privacy-preserving hotspots and make informed decisions.