Business:

Hotels don't want to deal with computer networks, they just buy this service... And for 99% (made up number) of hotel guests it's sufficient that they enter their credentials once, and are able to use facebook / access hotmail.com for the remaining evening. There's no monetary incentive for anyone to go beyond this service.

Technical:

Most of these systems don't hijack DNS but rather employ a transparent proxy: Traffic to port 80 is not forwarded directly but to a proxy that replaces answers to queries from unauthenticated clients with a redirect to a authentication page. (http://en.wikipedia.org/wiki/Captive_portal)

These systems most often let ICMP and TCP/UDP to port 53 (DNS) through unfiltered, because of the hassle involving customers with strange DNS configurations. Even if unauthenticated. So if you can get a cheap dedicated server somewhere: Just run a VPN on port 53/UDP and have a ssh-server listen on port 53/TCP and quite often you can connect to those without any passwords or credit card details being entered anywhere...

I used to think that kind of crappy service was sufficient but personal experience is that you will be able to get your hotmail every other day, and the connection will be good enough to upload a 1M picture every third day or so.

So what should the tech providers do to provide a secure and end-user simple Wifi for their clients, the hotels?

End user simple usually means more complex for hotels. It's already been said most of their IT is outsourced.

It could be possible to set up more of the enterprise configuration, where each user has their own password onto the WiFi. However, that means creating and destroying authentication accounts on a fairly regular basis. It's so much easier for the hotels to change 1 login key every week to a bunch of random characters and to hand that out to guests.

If a guest has a problem, everyone at the desk knows the passkey, and they can help them on. Otherwise, the front desk won't be able to help. I think most guests would rather the front desk solve their problems if possible. They don't care about the wifi being secure. If they do, they're already using corporate VPNs.

(Nullth, "a service that just works" is a notoriously tricky goal, in any case; and indeed most things suck) First, IPv4 address pool has been depleted for some time, hence the NAT (there are more IPv4 devices than public IPv4 addresses, yada yada, you know the drill). Second, IPv6 support in COTS computing devices is (still!) spotty. Third, "just works" means very different things - for watching lolcat videos and browsing Facebook, NATed IPv4 is pretty close to "just works" for an average Joe with a laptop; obviously not for more demanding customers. Fourth, this is a market niche that's been refined for a decade - and hotels are not usually in the "early adopter" bracket, more in the "the net connection doesn't need to be very good, but it needs to kinda-work for everybody" category.

I am not objecting to the NAT only, though I cannot figure why it should be so hard to have enough access points to avoid your NAT gateways being overwhelmed. I am objecting to the weird DNS schemes to force authentications and other hacks..

Are you talking about free WiFi or paid WiFi?

If it's free, then of course there are limits to stop people abusing the service. Business travellers would most likely tie up the bandwidth doing video calls to family and associates. Downloading files they forgot to copy to their laptops and let's not forget ... surfing for porn.

If it's paid for, then you should get what you paid for. If not, just wander down to the nearest StarBucks, Maccas, whatever and use the service you find there.