Skip to main content

Disable captive portal detection

Apply Now
Works with any MacWorks with any Mac running macOS/OS X on Intel or Apple Silicon.
  • macOS onlyThis script improves your privacy on macOS
  • Single actionThis page belongs to a script, containing basic changes to achieve a task.
  • Impact: Medium

    System Functionality / Data Loss Risk: Moderate

    This action improves privacy with minimal impact when you run the recommended script.

    This action improves privacy with some impact when you run the recommended script.
  • Bash (Shell script)These changes use macOS system commands to update your settings.
  • Administrative (sudo) access requiredThis script requires privilege access to do the system changes
  • Fully reversible

    You can fully restore this action (revert back to the original behavior) using this website.

    The restore/revert methods provided here can help you fix issues.

Overview

This script enhances your privacy and security by disabling automatic detection of captive portals, preventing unintended network connections. However, this change requires users to manually open a web browser to access such networks 1.

Overview of captive portals

Captive portals are also known as subscription or Wi-Fi Hotspot networks 2. These are common in public places like coffee shops, hotels, and airports 2 3 4. These portals redirect users to specific webpages where they must log in 2 3 4 5 6. Typically, this page requires users to enter personal details, like email and phone number, and agree to terms of service 2 3 5 6. This poses privacy risks because your personal details may be used for marketing or other purposes.

macOS captive portal flow

On macOS, when connecting to a WiFi network:

  1. The system checks for captive portals by sending requests to specific URLs 5 6:
    • http://captive.apple.com/hotspot-detect.html (for OS X 10.10 Yosemite and newer 4).
    • http://www.apple.com/library/test/success.html (for OS X up to 10.9 Mavericks) 4 6.
  2. If the request gets redirected, then Apple knows there is a portal 5.
  3. macOS opens a limited browser to allow login 4 5 6. The browser used for this, called the 'Captive Network Assistant' 4 7, is found at /System/Library/CoreServices/Captive Network Assistant.app 7. This browser is based on Safari 4. Its limitation may cause issues with some networks 4.

Security and privacy concerns with captive portals

Using captive portals raises security and privacy issues:

  • Data Collection and Monitoring: Captive portals often require you to submit personal details such as email and phone numbers 2 3 5, which may be used for marketing or sales 3. Additionally, they facilitate the tracking of your behaviors and activities, linking these to your identity 3.
  • Data Leakage: Devices send data about network connections to Apple without user consent 5 6, compromising privacy.
  • False Sense of Security: The login window may falsely imply that networks with captive portals are more secure, which is not necessarily true 3.
  • Misplaced Trust: Captive portals can alter HTTPS connections, causing frequent security warnings 3. Ignoring these alerts can lower your security awareness 3.
  • WISPr: Credential Theft and XML Attacks: Captive portals that use WISPr technology might expose users to risks of credential theft and attacks based on XML 5.
  • False Captive Portals (Evil Twins): Fake captive portals, designed to look like legitimate ones, can steal sensitive information such as credit card data and user credentials 6.
  • Fraud/Fake Website due to MiTM Attacks: Attackers may exploit captive portals using HTML injection and cross-site scripting to deploy malicious code 6, directing users to harmful sites or stealing data.
  • Captive Portal Detection Interference: Some captive portals hinder or manipulate devices' built-in mechanisms for detecting and managing them 3. This manipulation can broaden your device's exposure to attacks, potentially compromising its security.
  • Unintended Application Launch: Devices may automatically open applications for captive portal logins without user consent 4 6 7, risking unauthorized access and exposure to threats like malware.

Solution and impact

Disabling captive portal detection stops automatic login page prompts. It requires users to manually navigate to these pages when needed 1. This change reduces the risk of automatic data collection and unwanted network interactions but may inconvenience users frequently connecting to public networks.

This script disables the captive portal detection by modifying the system setting /Library/Preferences/SystemConfiguration/com.apple.captive.control.plist!Active 8.

This script does not:

  • Alter the system application (/System/Library/CoreServices/Captive Network Assistant.app), which is protected by "System Integrity Protection (SIP)" 7.
  • Block captive portal hosts by manipulating DNS records 4 6. Instead, it disables automatic checks but allows manual access when needed 1.
Caution

After disabling this feature, you must manually access network login pages at places like airports and cafes. This may involve some technical steps.

Use with Caution

This script is only recommended if you understand its implications.

Some non-critical or features may no longer function correctly after running this script.

This script can be fully reversed to restore changes if something goes wrong.

Sources
PrivacyLearn.com maintains strict sourcing standards for accuracy, integrity and up-to-date content. Our content relies on authoritative sources including vendor documentation, industry standards, and verified research. Learn more about our verification process and quality standards in our editorial standards page.

Apply Now

Choose one of three ways to apply:

Download script

Download and run the script directly
  • No app needed
  • Offline usage
  • Free
  • Open-source
Help

How to apply or restore "Disable captive portal detection" using script

  • ≈ 3 min to complete
  • Tools: Web Browser
  • Difficulty: Medium
  • ≈ 5 instructions
  1. 1

    Download

    Download the script file by clicking on the   Apply protection  button above.
    Use   Undo protection button above to restore changes.
  2. 2

    Keep the file

    If warned by your browser, keep the file.
  3. 3

    Open

    Open the downloaded file.
  4. 4

    Exit

    Once it's done, press any key to exit the window.
  5. 5

    Restart

    Restart your computer for all changes to take effect.

Apply with privacy.sexy

Guided, automated application with safety checks
  • Recommended for most users
  • Includes safety checks
  • Free
  • Open-source
  • Popular
  • Offline/Online usage
Open privacy.sexy
Help

How to apply or restore "Disable captive portal detection" using privacy.sexy

  • ≈ 3 min to complete
  • Tools: privacy.sexy
  • Difficulty: Simple
  • ≈ 4 instructions
privacy.sexy is free and open-source application that lets securely apply this action easily with more advanced options.
  1. 1

    Open or download

    Open or download the desktop application
  2. 2

    Choose script

    1. Search for the script name: Disable captive portal detection
    2. Check the script by clicking on the checkbox.
  3. 3

    Run

    Click on ▶️ Run button at the bottom of the page.

    This button only appears on desktop version (recommended). On browser, use 💾 Save button.

Run commands

Copy and run commands manually Requires technical knowledge
Apply changes
sudo defaults write '/Library/Preferences/SystemConfiguration/com.apple.captive.control.plist' Active -bool false
Help

How to apply or restore "Disable captive portal detection" using commands

  • ≈ 2 min to complete
  • Tools: Terminal app
  • Difficulty: undefined
  • ≈ 3 instructions
  1. 1

    Open terminal

    Open Terminal app.
  2. 2

    Copy code

    Copy the code:
    Copy Apply Code Copy Revert Code
  3. 3

    Paste & run

    Paste the code into Terminal and press Enter to run.

    Some changes require a system restart to take effect

Similar Guides

Wider Goal

The guide below includes this guide to achieve a wider goal.

See other more general settings that includes this one as one of its actions.

These plans combine multiple privacy settings, including this one, for stronger protection.

This document —security improvements— provides guidance on how to establish robust privacy protection on macOS. What's more, you'll learn how to reset the changed ...

Security improvements

Same Goal

Other guides in Security improvements 

See settings that are in the same category as this guide.

Using other actions in the same category may help you achieve your goal better.

Configure macOS Application Firewall
Enable protective screen saver
Disable guest accounts
Disable unauthorized connections
Disable printer sharing (IPP, LDP, SMB and Bonjour protocols)

About the Creators

These people have authored this documentation and written its scripts:

  • Avatar of undergroundwires. The creator of PrivacyLearn and privacy.sexy. Black and white portrait showing a person wearing a polka dot tie and suit jacket, reflecting the professional expertise behind the privacy protection tools.
    • Certified security professional
    • 7+ years experience securing banks
    • Open-source developer since 2005
    • EU advisor, Public Speaker, Moderator
    • Hundreds across the globe
    • Testers, reviewers, developers
    • Companies, military agencies
    • Community since 2017
About Us

Reviewed By

This guide has undergone comprehensive auditing and peer review:

  • Expert review by undergroundwires

    • Verified technical accuracy and editorial standards
    • Assessed system impact and user privacy risks

  • Public review by large community

    • Privacy enthusiasts and professionals peer-reviewed
    • Millions of end-users tested across different environments

History

We continually monitor our guides, their impact and all other privacy options. We update our guides when new information becomes available. On every update, we publicly store who made the change, what has been changed, why the change was made and when the change was made.

Review Change History Our Change Process