[Nextgrid]

> If someone loses money or worse because they trusted your enlightened security model,be prepared for a lawsuit!

The network is provided without any guarantee. In fact with a non-secured network there's not even a way to prove that they were connecting to the hotel's network and not someone pretending to be the hotel.

Furthermore, given your logic, would you sue ISPs, transit providers, hosting providers, etc if they happened to be involved in the data path from a malicious website to your computer? No. And if yes, then EAP-TLS would still do nothing in your case because there's still the rest of the internet to worry about.

[_8j50]

If another guest was the pepetrator? Yes, you can sue. Much like how you can sue the hotel if another guest beats you up. Whether you win in court depends on your lawyers and the judge.

[Nextgrid]

> If another guest was the pepetrator?

How do you prove that on an unsecured network where no clients are authenticated?

Also, if you've identified the perpetrator, why not just go after them directly?

[_8j50]

You can find them after the fact if they still have a persistent connection to you device (logs or radio isolation). Or perhaps they admitted to the fact?

Why not go after them? Why not go after all liable parties? What if the perpetrator is not in a jurisdiction where you can sue?

Btw, lookup the APT group "darkhotel" and their activities.