I'm in the center of London and I'm surrounded by public fee based hotspots, and I enabled WiFi on my N800 the other day, performed a scan and connected to one of the available hotspots (I can't remember which one it was, The Cloud I think). While connected my RSS home page applet kicked in and actually pulled down an update, however when I opened the browser I was presented with a login page for the hotspot (I don't have an account). I've no idea how the RSS managed to get an update, so I'll try it again this lunchtime just to confirm when I'm out and about (where I work they actually jam the 2.4GHz signal inside the building - bastids!). Maybe UDP is allowed through the hotspot without authentication, but TCP is blocked. But then I'd expect the RSS app to be using TCP and HTTP.

Even if I imagined the RSS app updating, it's possible that hotspots have an agreed standard to allow certain unauthenticated requests through precisely for the kind of purpose being touted by Devicescape, or perhaps devices have a small request quota (eg. 5KB) which is allowed through when they first attach prior to authentication being enforced.