[strongpigeon]

That's my read as well. It's bad for places that rely on client isolation, but not really for the general case. I feel like this also overstates the "stealing authentication cookies": most people's cookies will be protected by TLS rather than physical layer protection.

Still an interesting attack though.

[NetMageSCW]

I think that places that rely on client isolation might be the general case - every public space that has a guest network - e.g. retail stores, doctor’s offices, hotels, hospitals - is probably using client isolation on their wireless network.