How to connect to Wi-Fi on the metro without unnecessary fluff: an expert guide

A subway ride often turns into an intrusive marketing quest, where instead of quickly accessing news or work chats, users are forced to stare at animated banners and watch videos. This isn't just annoying, it also wastes precious time, especially once the train has already departed and authorization hasn't been successful. Advertising gateways, through which free network traffic passes, are created for monetization, but there are technical ways to bypass them.

Many passengers mistakenly believe that connecting to Wi-Fi Moscow or M_Free_Wi-Fi A pop-up-free experience is impossible without using third-party accelerator apps, which themselves can be unsafe. In fact, the authorization mechanism often relies on standard HTTP hijacking protocols, which can be circumvented by changing DNS settings or using specific browser features. The most effective method is to replace DNS servers with secure ones (DoH), which forces the browser to ignore the redirect to the advertising page.

In this guide, we'll explore not only software methods but also the nuances of network protocols that allow you to bypass the "wait 15 seconds" step. You'll learn how to configure your smartphone so it automatically authenticates or even ignores the presence of a traffic blocker. This knowledge is especially relevant for those who value privacy and connection speed in public places.

Why do ads appear when connecting to Wi-Fi?

Technically, the process works like this: when your device attempts to access the internet, the service provider (in this case, the subway operator) intercepts the first HTTP request. Instead of allowing you to access the requested website, the server redirects you to a special page— Captive PortalIt is on this page that advertising content is placed, blocking further access until the timer expires or a button is clicked.

The problem is exacerbated by the fact that modern websites and apps use the secure HTTPS protocol by default. Browsers have learned to detect spoofing and block redirects if they are performed incorrectly, but metro operators have adapted by implementing complex scripts. JavaScript codes, embedded in the authorization portal, can track the time spent on the page and prevent the tab from being closed until the countdown ends.

⚠️ Attention: Some bypass methods may violate your provider's user agreement. While you're technically simply changing your device's settings, using third-party software to spoof traffic on public networks may be considered an attempt at unauthorized access.

Understanding the mechanics Captive Portal Allows you to choose the right bypass strategy. If the server is expecting a request to activate a session, we can simulate this request or redirect it through a trusted channel, bypassing the visual portion of the portal. This is especially important, as advertising pages often contain trackers that collect data about your device and geolocation.

📊 How often do you use Wi-Fi in the metro?
Daily
A couple of times a week
Only when there is no mobile traffic
Never, I use 4G/5G

Setting up a private DNS on Android to bypass blocks

Starting with Android 9 (Pie), the system now features native encrypted DNS (DNS-over-TLS). This is the cleanest and most secure way to remove ads, as it doesn't require third-party apps and operates natively within the operating system. Private DNS Encrypts requests, preventing your ISP from seeing what sites you visit, and often blocks known advertising domains.

To activate this feature, you need to go to the network settings. The path may vary slightly depending on the manufacturer's shell, but it usually looks like this: Settings → Connections → Other connection settings → Private DNSIn the menu that opens, select "DNS Provider Hostname" (or "Manual") and enter the address of a trusted server.

☑️ Setting up DNS on Android

Completed: 0 / 1

AdGuard servers are considered the most effective addresses for bypassing subway ads. Enter the following value in the hostname field: dns.adguard.comAfter saving the setting, reboot the Wi-Fi module or enable airplane mode for 5 seconds. Now, when you try to connect to the metro network, the system will automatically process requests, and the advertising page may simply not load, allowing you to access the internet directly.

If the standard DNS doesn't completely remove the pop-up window, try alternative addresses that specialize in traffic filtering. This method also protects against code injection into the login page.

What to do if DNS is not working?

If the page still appears after changing the DNS, try clearing the DNS cache. You can do this using a command in the terminal (if you have root access) or simply reboot your device. Sometimes, temporarily disabling mobile data before connecting to Wi-Fi helps, so that the phone doesn't try to check the internet connection via the SIM card.

Using traffic saving modes in browsers

Another effective way to bypass heavy advertising pages is to use the built-in data-saving features in mobile browsers. Modes like "Turbo" in Yandex Browser or "Traffic Saving" in Chrome, pass requests through their proxy servers. The browser server downloads the page, compresses it, and, most importantly, can filter out advertising scripts before sending the data to your device.

When you try to access the metro network through such a browser, the ISP sees the request not from your phone directly, but from the browser's server. Since Google or Yandex servers have a high trust rating, the metro's authorization system can allow this request without forcibly opening an ad window. This is especially true for older versions of portals that don't correctly handle proxied connections.

However, this method has its limitations. Firstly, the connection will not be end-to-end, as the proxy server sees your traffic. Secondly, some banking or government websites may block access if they detect that you're accessing through a proxy. Therefore, this method should only be used when logging online; for other activities, it's better to switch to mobile data.

Browser Function name Path to the menu Efficiency
Google Chrome Light mode Settings → Light Mode Average
Yandex Turbo Menu → Turbo High
Opera Saving traffic Settings → Traffic Saver High
Safari (iOS) No (only through profile) N/A Low

For iOS users, the situation is more complicated, as Safari doesn't have a built-in aggressive data-saving mode that would redirect all traffic through its servers, like its Android competitors do. This is where ad-blocking extensions, such as AdGuard or 1Blocker, which can be connected through the menu “Settings” → “Safari” → “Extensions”.

Automation applications and login scripts

App stores offer specialized software created by enthusiasts specifically for metro networks. Programs such as WiFi Metro or various scripts for Tampermonkey, contain ready-made authorization algorithms. They automatically send the necessary POST requests to the provider's server, simulating clicking the "I agree" button or entering a phone number.

These apps work by analyzing network packets. When you connect to an access point, the app recognizes the MAC address of your Metro router, understands that authorization is required, and logs you in automatically in the background. The user sees only the "You are connected" notification, skipping the banner ads. This is the most convenient option for those who don't want to fiddle with DNS settings.

⚠️ Attention: Be extremely careful when choosing an app. Entering your phone number in a third-party app instead of the official login window can lead to a personal data leak. Use only proven open-source solutions or apps with a high rating and a long history.

Some advanced users use automation tools such as Tasker (for Android) or Shortcuts (for iOS) by creating your own scripts. For example, you can set up a macro that, upon connecting to the "WiFi_Metro" SSID, automatically opens the browser, waits 2 seconds, and then goes directly to the success page address (if known). The success page address often looks like this: http://1.1.1.1/generate_204 or system URL.

Comparison table of ad bypass methods

To help you choose the right option, we've categorized the methods we've reviewed. Each has its pros and cons, depending on your operating system, level of technical literacy, and security requirements.

Method Complexity Security Efficiency Risk of blocking
Private DNS Low High 80% Minimum
Economy mode Low Average 60% Absent
Special applications Average Low/Medium 95% Average
Scripts (JS) High High 90% High

As can be seen from the table, the setting Private DNS This method strikes a happy medium between simplicity and effectiveness. It doesn't require any additional software and provides encrypted requests. However, if your Wi-Fi provider uses sophisticated DNS hijacking techniques to detect and block non-standard DNS, this method may fail, requiring more drastic measures.

Using specialized apps provides the best results, but requires trust in the developer. If you're unsure of the code's security, it's best to limit yourself to system settings. Remember, the security of your data on the open web should always take precedence over the convenience of viewing content without unnecessary fluff.

Data security in open metro networks

When removing ads, we often forget why providers need them in the first place. Free Wi-Fi is a way to collect big data on passengers. Advertising integrations allow you to track device models, operating systems, and approximate location. By using ad evasion methods, you not only save time but also partially protect your digital hygiene by reducing the number of trackers.

However, even without all the extra fluff, the metro network remains public. Attackers on the same network could attempt an attack. Man-in-the-Middle (man in the middle). Therefore, it is strictly not recommended to conduct financial transactions, enter email passwords, or work with corporate data without the VPNA VPN will create a secure tunnel through which no one can intercept your data, regardless of your DNS settings.

If you use ad bypass methods, ensure your device isn't vulnerable. Some scripts can open ports or exploit browser vulnerabilities. Regularly update your operating system and browsers to patch security holes. Digital security — it's a comprehensive approach, where the absence of advertising is just a nice bonus, not the only goal.

FAQ: Frequently Asked Questions

Is it possible to completely remove ads on iPhone without jailbreaking?

Yes, it's possible. The best way is to install a DNS profile (such as AdGuard DNS) or use browsers with built-in blocking, such as Brave or Opera. Enabling the "Hide IP Address" feature in iCloud+ also helps.

Will people get blocked for bypassing ads in the metro?

In practice, MAC address blocking for using DNS or browser modes is extremely rare. ISPs prioritize connection statistics. However, using aggressive scripts that create a load on the server can result in a temporary ban of the device.

Does this method work in the St. Petersburg metro?

Yes, the Captive Portal operating principles are similar in most cities. Setting up a private DNS or using traffic-saving modes works equally well in Moscow, St. Petersburg, and other major cities.

Why is there no internet after connecting to Wi-Fi, but there are no ads either?

This means your ad blocking method was too aggressive and also blocked the authentication server. Try temporarily disabling your DNS or extension, authenticating, and then re-enabling the protection.

⚠️ Attention: Interface settings and server addresses may change depending on the service provider. If the methods described above no longer work, check the latest information on official resources or technical support forums in your city.