[schroeding]

> What analytics can a network extracxt [sic] from Passpoint traffic?

> Generally speaking, the local network will have visibility of the same client traffic it would see on any guest network, but it will not have visibility of the subscriber identity or any persistent identifiers other than the associated device’s MAC address

> From an analytics perspective, the major benefits of Passpoint are that it creates a much larger and more complete picture of visitor activity. Since a much higher percentage of visitors will be automatically associated with the network and their behavior and traffic will be visible to the local network, the value of any location, business, and security analytics in use will be improved.

... so the temporary host can theoretically MITM the connection and that's a feature? They don't just VPN everything from the phone to the ISP? :/

Sure, most traffic should be encrypted, but your neighbour could still see (and block) e.g. traditional DNS requests. Are DoH or DoTLS enabled by default yet under iOS?

Not great, IMO. :/