How to disable ads on St. Petersburg metro Wi-Fi: A complete guide

Every metro passenger in the Northern Capital has at least once encountered an intrusive video when connecting to free internet. Instead of quick access to news or messaging apps, the smartphone screen is taken over by a loud video that cannot be skipped using standard methods. Wi-Fi advertising in the St. Petersburg metro has become an integral part of the user experience, but tech-savvy people are looking for ways to bypass it to save bandwidth and stress.

There are several proven methods for preventing videos from being shown or completely hiding them from the user's view. Some require installing additional software, while others rely on changing your device's network settings. It is important to understand, that the service provider constantly updates security protocols, so the effectiveness of the methods may vary depending on the current version of the access point software.

In this article, we'll take a detailed look at how the authorization page works and discuss which tools can help you gain clear access to the network. We'll also touch on security issues, as using third-party traffic filtering methods always carries certain risks. Ad blocking At the device level, it's a balance between convenience and connection stability.

⚠️ Attention: The network operator regularly changes the domain names of the servers responsible for displaying content. The methods described below are based on the current network architecture but may require adjustments in the future.

How does a captive portal work in the metro?

The technology you encounter when you enter the train is called Captive PortalThis is a redirection mechanism that intercepts all HTTP requests from unauthorized clients and sends them to a special authorization page. It is at this point, while data packets are being exchanged between your device and the provider's gateway, that the advertising video is downloaded.

The process is as follows: the device detects the network, sends a request to any site, receives a response with a redirect code, and opens the browser. Metro Wi-Fi System uses standard ports 80 and 443 for this exchange. Advertising is a mandatory condition for providing free access, as it monetizes communication services for passengers.

Technically, the video is downloaded from a dedicated media server immediately after a successful handshake with the access point. If your browser or operating system blocks this specific request, the authorization page may freeze or, conversely, allow you to access the network without displaying the video. Operating algorithm designed to make it as difficult as possible to bypass content display.

📊 How often do you use Wi-Fi in the metro?
Daily
Several times a week
Rarely
I never use it

Using DNS with Content Filtering

One of the most effective and secure ways to get rid of the video insert is to change the DNS server at the operating system level. Protocol DNS over HTTPS (DoH) Or using specialized servers allows you to filter requests before they leave your device. If the ad server's address is on a DNS blacklist, the video simply won't load.

To implement this method on Android or iOS, you need to go to your network settings. Modern versions of mobile OSs have a "Private DNS" feature. In the settings field, enter the address of a server known to block trackers and ads, such as AdGuard or similar services. Technical setup It takes less than a minute, but requires care when entering the address.

The advantage of this method is that it doesn't require installing additional applications and works system-wide. However, if the subway provider uses hard IP address binding or specific standard DNS discovery methods, this method may stop working. Traffic filtering via DNS is the first line of defense that is worth trying.

It's worth noting that some public networks may block requests to third-party DNS servers, forcibly redirecting them to their own gateways. In this case, the system may report a lack of internet connection, even if the network is technically accessible.

Blocking via hosts file and local rules

A more advanced method, available to users with administrator or root access, is to edit the system file hostsThis file contains a static map of domain names to IP addresses. By adding the addresses of servers that distribute subway ads, you'll prevent your device from accessing them at all.

For this method to work, you must first identify the domain names used to download the video. This can be done using traffic sniffers or network log analysis at the time of connection. Once the list of addresses is obtained, they are added to a file. hosts with redirection to a local address 127.0.0.1.

Below is an example of what an entry in the hosts file might look like to block unwanted resources (the addresses are provided conditionally):

127.0.0.1 ad.metro-wifi-spb.ru

127.0.0.1 video.auth-gateway.spb

127.0.0.1 promo.metro-free.net

Local blocking Using the hosts file is very reliable, as it operates at the lowest level of the operating system. However, on modern smartphones without superuser rights (root/jailbreak), editing this file using standard tools is impossible.

⚠️ Attention: Editing system files requires caution. A syntax error in the hosts file can lead to unstable network services on your device.

☑️ Check blocking settings

Completed: 0 / 4

Using browsers with built-in security

If you don't want to change system settings, you can use specialized browsers that have built-in ad and tracker blocking mechanisms. Applications such as Brave, Opera or DuckDuckGo, automatically filter content and can prevent the video from playing when the authorization page loads.

The mechanism is simple: when the network attempts to redirect your request to a page with an ad, the browser analyzes the content and, upon detecting known video player scripts or advertising domains, blocks their execution. As a result, you may see a blank page or access the internet directly, bypassing the video interstitial.

It's important to set a secure browser as the default app for handling HTTP links. You can specify which app should open links in your Android or iOS settings. This ensures that a secure browser intercepts redirects from Captive Portal.

However, some subway networks are able to bypass blockers using code obfuscation techniques. In such cases, the browser may display a connection error or prompt the user to refresh the page, which will restart the authorization process.

Comparison of ad blocking methods

To help you choose the right method, we've prepared a comparison table of the main methods. Each has its own advantages and disadvantages, depending on your technical expertise and device model.

Method Complexity Efficiency Requires Root
Private DNS Low High No
Special browser Low Average No
Hosts file High Very high Yes
Blocker apps Average High Partially

As can be seen from the table, the use Private DNS This method offers the best balance between simplicity and results for most users. Root-based methods provide maximum control, but carry security risks and void the warranty.

Why do ads sometimes still appear?

Even with blocking configured, the provider can use new domains that have not yet been added to the database, or change the IP addresses of servers dynamically.

Security issues when using free Wi-Fi

When talking about connecting to open networks, one cannot ignore the issue of cybersecurity. Free Wi-Fi in the metro This is a potential vulnerability where attackers can attempt to intercept your data. Using ad bypass methods often involves installing additional software or changing network configurations, which also requires attention.

When using third-party DNS or traffic filtering apps, you're essentially trusting third parties to handle your requests. The DNS server owner can see which websites you visit. Therefore, it's crucial to choose reputable DNS providers with transparent privacy policies.

Furthermore, disabling advertising scripts may disrupt some of the subway network's security checks. While this is rare, the system could theoretically interpret such actions as an attempted attack and completely block the device's access to the network.

⚠️ Attention: Never enter bank card details or passwords for important accounts while on a public Wi-Fi network, even if you're using security measures. Use mobile data for sensitive transactions.

Frequently Asked Questions (FAQ)

Is it legal to block ads on public Wi-Fi?

The technical ability to block ads on the client side (on your device) is not prohibited by Russian law. However, the service's terms of use may require viewing ads in exchange for free access. By blocking them, you violate the unofficial agreement, but this generally does not incur legal liability.

Why did the internet stop working after disabling ads?

Some authentication systems require the successful loading of an advertising script to verify that the user is a real person and not a bot. If the script is blocked, the server does not send the final access permission packet. Try temporarily disabling the blocker, authenticating, and then re-enabling the protection.

Do these methods work on iPhone?

Yes, on iOS, the most effective method is to use "Private DNS" (under Wi-Fi -> DNS Settings) or install configuration profiles from trusted ad blocker providers. Ad blocker apps are also available in the App Store, but their functionality may be limited by the iOS security system.

Can my provider block my phone for using a blocker?

Mass blocking of devices by MAC address for using DNS filtering is unlikely, as it would generate a huge influx of complaints from users. However, theoretically, network administrators have this capability. In practice, this happens extremely rarely.

Alternative option

Using 4G/5G mobile internet. Most operators provide stable coverage in the St. Petersburg metro, making it the most reliable, albeit paid, alternative.