Skip to content

Hotspot-oriented workflows

User story: I am an everyday user with an unfortunate coffee habit. I want to automatically use my security tunnel at coffee-shop hotspots, so that I don't have to configure it every time.

Suggested solution: Define connection layers and UX so that an unsecured raw connection is only the first step in establishing an Internet connection.

Rough outline:

  • Raw. Local WiFi or LAN access point. May be unsecured. May be compromised.
  • Tunnel. Secure tunnel to trustworthy operator. (Assume HTTPS connection and no logging.)
  • Optional layers:
    • VPN. Private access to trusted network.
    • Onion. Private access to deep internet, trustworthy access to clear internet.

We assume that the user must first authenticate on the raw network (e.g. hotspot login prompt). And must establish a tunnel connection before making any other connections (e.g. system clock ping). The user can now safely access the clear internet. The user may then establish connections to additional networks: a trusted network via VPN, or the deep internet via onion routing.

WORKFLOW: NEW HOTSPOT: USER-DRIVEN

User intervention is required at each step.

  • Switch on machine
  • Online tasks (background and user-driven) cannot start
  • Connect to hotspot wifi
  • Wait for web-based hotspot login
  • Enter credentials / payment details
  • Wait for "You are connected!" message
  • Connect to pre-configured tunnel
  • Wait for "You are connected!" message
  • Online tasks (background and user-driven) may start

WORKFLOW: NEW HOTSPOT: AUTOMATIC TUNNEL

User logs in to hotspot. As soon as they do, tunnel connects automatically.

  • Switch on machine
  • Connect to hotspot wifi
  • Wait for web-based hotspot login
  • Enter credentials / payment details
  • Wait for "You are connected!" message
  • Automatically connected to pre-configured tunnel
  • Wait for "You are connected!" message
  • Start online tasks

WORKFLOW: KNOWN HOTSPOT: AUTOMATIC

  • Switch on machine
  • Automatically connect to hotspot wifi
  • Automatically enter web-based credentials
    • Or prompt for complex credentials / payment details
  • Wait for "You are connected!" message
  • Automatically connect to VPN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information