Are users of Captive Portal wifi (web authentication) vulnerable to sniffing? I understand that connecting to a wireless network using a WEP/WPA key is also encrypting the data you send over the network, hiding it from potential sniffers in range of the network (please correct me if I am wrong here). Is an unsecured wireless network (that is not secured with a WEP or WPA key), but relying on web authentication via a Captive Portal a safe network? Is data that I am transferring (after authentication) over such a network transparent to the outside world? How about users also authenticated over the Captive Portal web authentication page? Can someone sniff the Captive Portal traffic and get hold of the data?

Putting aside the question of how one would define a "safe network," web authentication is typically used to restrict access by wireless users to a resource, such as a corporate network, or Internet access.

Without using some form of encryption, anyone within range can sniff traffic and eavesdrop on the data being sent.

In other words, using web authentication alone provides **no** confidentiality. Your data is accessible for anyone interested in it.