A quick note: This article is general information, not legal advice. For the formal requirements that apply to your specific situation, check with the relevant government bodies or your own lawyer. Below, we explain the practical reality and the technical side.
Let's start with an example
Picture an open Wi-Fi network in your hotel lobby. Someone sits down, does something unlawful over that network, and leaves. Later an investigation begins and the trail leads back to your network. If there's no way at all to establish who was using the network at that moment, the responsibility falls squarely on you.
That's exactly why, in much of the world Azerbaijan and neighboring Turkey included it has become standard practice for venues offering public Wi-Fi to establish who the user is and to keep access records for a certain period.
What does this look like in practice?
There are two main pieces:
1. User identification
The idea is that whoever connects to the network shouldn't stay completely anonymous. In Azerbaijan, the most common method is verification by phone number: the guest enters their number, receives a code by SMS, types it in, and gets online. That session is then tied to a phone number.
2. Keeping access logs
The system keeps records along the lines of "which user connected, and when." These are typically retained for a year or two, so they can be provided if a request ever comes in. To be clear: this isn't about tracking which sites people visit it's about logging the fact of the connection.
An important distinction: A lot of venue owners assume "I've put a password on the Wi-Fi, so I'm covered." A password keeps outsiders off the network, but it doesn't establish who connected. A shared password written on the wall is known to dozens of people that doesn't count as identification.
Ways to solve this
You've got three options, each with its own strengths and weaknesses:
Option A manual, or nothing at all
Just an open network, or a password on the wall. Cheapest, but there's no identification, and the responsibility sits with you. This is the riskiest option.
Option B cloud "social Wi-Fi" services
Foreign services that run on a monthly subscription. They work, but there are two catches: your guests' data often lives on servers abroad, and you pay a separate monthly fee per location. If you have several branches, the cost climbs fast.
Option C a captive portal that runs on your own device
A device installed at your venue takes on both the identification (SMS and so on) and the log-keeping. The data stays on your device rather than going abroad. And there's no recurring per-location charge for the portal itself. This is exactly how Onyx Firewall works.
Don't lose sleep over the technical side
What scares a lot of people off is the thought that "you need an IT specialist to set this up." In reality, you don't. A good solution delivers identification and log-keeping out of the box you just customize the sign-in page with your branding, and the rest of the technical work happens automatically in the background.
As for the general principles of network security, CERT.gov.az's Wi-Fi security material is a good starting point separating the guest network from the main network is among the measures it recommends there.
Related articles
- What is a captive portal, and why does your business need one?
- How to set up a guest Wi-Fi solution for hotels and cafes
- Onyx Firewall business firewall and guest Wi-Fi
The bottom line: what should you do?
If you offer customers Wi-Fi at your venue, ask yourself three questions: (1) Can I establish who connected to the network? (2) Are access records being kept? (3) Are guests separated from my main business network? If you can't answer "yes" to all three, it's time to review your setup.
Frequently asked questions
Isn't a password-protected Wi-Fi enough on its own?
A password keeps outsiders off the network, but it doesn't establish which specific user connected. For identification, you need a method like SMS verification.
Do I have to track which sites guests visit?
No, that's not the point. This is about logging the fact of the connection (who, and when), not monitoring people's personal activity.
I have several branches do I pay separately for each one?
With cloud subscription models, usually yes. With a solution that runs on your own device, there's no recurring per-location charge for the portal itself.
Where is the data stored?
It depends on the solution you choose. With local solutions like Onyx Firewall, the data stays on the device at your premises.