A router only to wifi to the Chrome OS and no active prevention measures (human intervention). If it's still standing securely after that time then I'll be impressed. Until then this is just great advertisement for the Chrome OS and nothing more.
To the best of my knowledge, Chrome OS doesn't listen on any ports out of the box. Even DMZing it would do nothing, because there's nothing for attackers to connect to. Perhaps you should learn more about Chrome OS before you come up with ideas like this.
Researchers is a broad term and the conditions kept many away.
Which explains why everything else there was broken, right? Nope, wait, also complete nonsense.
This is less good advice because, aside from being really hard, the Evil Twin attack might be able to defeat it. I'm not sure, though.
If you use EAP-TLS or EAP-TTLS the station should complain that the RADIUS server's certificate is not valid. Most of the other EAP schemes have similar security precautions.
The subsidized phone model doesn't work without the locked phone model.
Even if you unlock your phone, if you have a contract with a carrier you have two options: keep paying for the cell phone service to the end of your contract's term or pay the ETF laid out in your contract. Either way, the carrier gets money. There's no reason unlocking should be illegal. The only money that the carriers may lose is the insanely high overage charges we have here in the US, but that's no reason to forbid people from unlocking their phones. It's not the government's job to enforce business models.
They can still track by IP address and you're browser fingerprint. Browser fingerprinting can be defeated though current browsers don't seem to want to help make it easier to do so.
AC is right. Deleting cookies at the end of each session may help a bit, but there are still plenty of ways to identify you especially if you include your IP address (but that's not always reliable).
I'm not sure what we'll do when IPv6 rolls around and every device has a unique address. Either you go back to NAT and share addresses, which is not completely effective due to fingerprinting, or you change your address every few hours or days. Either solution defeats the purpose of IPv6.
There's already a solution for that. Use the randomly-generated address for normal things, but use your static address for servers and the like. IPv6 privacy extensions are supported on Windows, Mac, and Linux.
There are never any bugs you haven't found yet.