Slashdot Log In
Hotel Connectivity Provider SuperClick Tracks You
Posted by
kdawson
on Thu Jan 11, 2007 08:31 AM
from the dust-off-the-VPN dept.
from the dust-off-the-VPN dept.
saccade.com writes "During my last hotel stay, I thought it was a pretty strange that it took two browser re-directs before the hotel's Wi-Fi would show me the web page I browsed to. Picasa developer Michael Herf noticed the same the thing and dug a little deeper. He discovered: '...their page does some tracking of each new page you visit in your browser, outside what a normal proxy (which would have access to all your cookies and other information it shouldn't have, anyway) would do. This "adlog" hit appears to also track a "hotel ID" and some other data that identifies you more directly. Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.' Herf notes the Internet service provider, SuperClick, advertises that it 'allows hoteliers and conference center managers to leverage the investment they have made in their IP infrastructure to create advertising revenue, deliver targeted marketing and brand messages to guests and users on their network...'" Herf was on his honeymoon when he did this sleuthing. Now that's dedication.
This discussion has been archived.
No new comments can be posted.
Hotel Connectivity Provider SuperClick Tracks You
|
Log In/Create an Account
| Top
| 175 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
I did a little "sleuthing" on my honeymoon (Score:4, Funny)
Not so fast.. (Score:5, Funny)
(http://kadin.sdf-us.org/ | Last Journal: Tuesday October 16, @01:46PM)
Well, maybe he was logging onto Picasa to do some uploading...?
Double Dipping (Score:2)
However, I remember this happening the last time I stayed in a hotel (a Hilton Garden). At least I kept getting redirected. I am more than a little miffed that hotels are charging me *and* spying on me.
Next time I will use the VPN.
A true nerd (Score:2, Funny)
Re:A true nerd (Score:4, Funny)
Re:A true nerd (Score:5, Funny)
Re:A true nerd (Score:4, Funny)
(http://www.caldera.com/?sco=litigious+bastards)
Putty w/ dynamic proxy support and an SSH server. (Score:5, Informative)
I wouldn't trust any network like that... even if the service itself isn't watching what you're doing, do you trust the other people on that network aren't?
Its easy to surf or do other network apps safely on questionable networks. At least among the Slashdot crowd its easy... but I've educated even my parents on doing that when using public or hotel internet and gave them an SSH account to use at my house.
OpenVPN (Score:5, Informative)
Over that connection I can do anything. Instant messaging, email, SSH, http, ftp, BitTorrent, etc.
OpenVPN uses SSL (Score:5, Informative)
(http://www.google.com/search?q=crackhead)
You could always put OpenVPN on a port other than 1194 if you think you might run into port blocking, too.
The wise man assumes (Score:5, Insightful)
Further than that, welcome to the modern world, cue the cliches (1984, quis custodiet,
Re:The wise man assumes (Score:4, Insightful)
(Last Journal: Wednesday November 07, @10:09AM)
Face it, your ISP is even watching you, noting your bandwidth usage, logging where you go, reading your email to make sure it's not spam, etc. The fact is, any transaction that occurs on the Internet is being logged on a server somewhere, and someone has access to that information. If you're lucky, it's just a sysadmin making sure you don't go over some quota, but you have no way of truly knowing. A true paranoic wouldn't use the Internet at all.
Re:The wise man assumes (Score:5, Insightful)
I just don't think it's anyone's business what books I'm buying, or what threads I'm posting to, or if I look up some rash on WebMD, or talk to my wife on IRC, etc etc. I'm not about to give up my privacy for some corporate bullet point about "leveraging marketing assets." They want that info, they can bloody well ask me.
I've always worried about this... (Score:2, Informative)
Of course that's assuming the VPN is secure enough...i'm sure there's a way around everything. Hell, just connecting to the WiFi and checking your email can give anyone your password if they have half a brain.
You mean you didn't suspect this automatically? (Score:5, Insightful)
Any time I use a network that isn't my own, be it a hotel, restaurant, or even the public library, I just automatically assume that someone who wants to remain unknown is taking an active interest in what I'm doing. Otherwise, why would any of these places provide free networking in the first place. They aren't doing it out of the goodness of their heart and so they can sleep warm and cuddly at night. They're doing it because they've found other ways to make a buck off of it.
Re:You mean you didn't suspect this automatically? (Score:5, Insightful)
Such extreme cynicism (as you seem to be promoting) is detrimental to society, and makes for a poor foundation to live by.
Not-quite-honey Moon (Score:2, Insightful)
I call bullshit (Score:2, Flamebait)
(http://www.civilwarflorida.com/)
Herf was on his honeymoon when he did this sleuthing. Now that's dedication.
Come one. This is slashdot. More like "Herf was taking a break from a month-long WoW session in his parents' basement when he did the sleuthing."
Like we'd buy that someone here even *knew* a girl, much less got married or went on a honeymoon!
Not as stupid as others seem to think (Score:4, Insightful)
He's on his honeymoon, but looks like he was lucky enough to marry another geek, so its all good
https urls? (Score:1)
(http://www.dawdevel.ca/)
Superclick or Superchick (Score:1)
Obligitory (Score:2)
(http://www.wifimaps.com/ | Last Journal: Saturday June 19 2004, @09:58PM)
1. Install wifi network
2. track wifi users' net traffic
3.
4. Profit!
Dedication (Score:2)
A disturbing trend (Score:2, Insightful)
Superclick already has the backing of major Hotel chains, so it already has recognition in the marketplace (hotel owners). That is not going to change. They would also be very competitive for the services they provide and, given what has been found, it is not unreasonable to think that they are cheaper because they sell off the information they gather to marketing companies.
I cannot see this kind of tracking coming to an end until either the mainstream media make a story out of it, or someone sues the Hotel chain for breaching their privacy (or both).
Some hotels intercept SMTP traffic too (Score:2, Interesting)
(http://slashdot.org/)
Re:Some hotels intercept SMTP traffic too (Score:5, Interesting)
However there are some providers that do the same type of thing with the genuine interest in helping the guest.
This is NOT uncommon; this is all about providing transparent network services. There are systems already out there (STSN, et.al.) that don't even require you to use DHCP.. If your IP is static, it handles the masquerading needed to make it work without your intervention, same for DNS and Mail.
Take for instance your mom and pop traveler, they are setup for cable broadband, their ISP comes to their home and hard wires the DNS and SMTP settings, and sometimes the IP. Mom and Pop go on vacation and bring their laptop, yes Virginia some non-geeks/non-business people own laptops. What settings do they need to know how to change in order to get online? At a minimum their IP is hopefully DHCP but I'll say that is not always the case, and also DNS which would be set by DHCP unless their IP or DNS settings are hard coded. In this case, the system would see the system using an IP that isn't part of the hotel network and wasn't assigned by the server, so it will do what is needed to make that IP work. Same thing goes for DNS, it will route all DNS requests to its internal DNS server, and sometimes ISP's don't allow public access from the outside.
As far as SMTP is concerned, would you be surprised that in this age of rampant spam that Mom and Pops ISP refuse connections from outside their network? Also in a growing trend, the ISP the hotel uses wants some assurances that the public access isn't allowing mass spamming. In this case the hotel(or their network provider) routes all SMTP traffic to one server on their network which queues it and sends it out. They could be doing spam checks or simply a queue threshold/throttle to limit the damage Mom and Pops zombified laptop can do.
That last point is also my last point, from the Hotel/ISP point of view you're using a computer that is not controlled by the person who owns the network. Most companies do not allow unsecured systems on their network, in a hotel, that is the idea... so measures must be taken to not only have the network adapt to the user but also to protect the host from their guests.
I've assumed that this was the case.... (Score:5, Interesting)
By using this product, nobody can snoop on my activities and I can do what I have to do in complete confidence. Problem solved.
They do, do they ? (Score:3, Funny)
pardon? (Score:3, Funny)
(http://code.google.com/p/nmod/)
wow, that's a relationship with a good start.
HTTPS tracking (Score:2, Informative)
(http://www.acmenews.com/)
Um, yes, you can. It is possible with todays hardware.
Here are a few;
http://www.esafe.com/eSafe/traffic_solutions.asp [esafe.com]
Another;
http://www.scmagazine.com/us/products/productdeta
http://www.cyberguard.com/products/webwasher/webw
"WW1000 has the ability to scan encrypted SSL"
The days of HTTPS being valuable are long gone. We can look inside this traffic realtime. I monitor & block traffic to HTTPS sites myself..
FreeNX (Score:3, Informative)
(Last Journal: Friday March 26 2004, @04:22PM)
FreeNX is fast enough to make this viable.
You get a lot of advantages from doing it this way. There's the privacy angle, which is a big thing. But you also get your main desktop -- the one with all of your stuff on it.
And you don't need a really fast laptop. Once it's fast enough to run FreeNX, you're ok. I use a thinkpad I bought on ebay for $200. It's not just cheap, it's from the era when laptops ran cool enough to actually hold on your lap.
Not all hotels are like this. (Score:1, Informative)
From my experience (a few different positions) in the hotel industry, the less expensive hotels (Econolodge, Travelodge, Red Roof, etc..) typically don't have these tracking systems. The downside is that their networks are usually less secure, because many don't have any sort of authentication outside of a WEP/WPA key. The tracking systems aren't found at these hotels because of the high setup costs (usually in the $1,000-3,000 range) and fees. It's not cost effective for the rates charged at these places, so they often end up with some sort of homebrew solution (kind of like the one I set up at a place -- used WRT54Gs authenticating to a FreeRADIUS server) which is less expensive to set up, and ends up being less expensive in the long run by only having to pay for a separate Cable/DSL connection. As previously stated, the downside here is security most of the time.
It really turns into a pick your poison-type situation. Regardless, I'd go along with the VPN/SSH Tunnel mentality. You never know what that front desk worker is doing downstairs in their free time.. *grin*
Whorehousing (Score:3, Interesting)
And don't even get me started on the plan to introduce targetted ads direct to the browser on *every page*. What? you think we used squid for performance?
Hotels want to know EVERYTHING (Score:3, Informative)
In soviet Russia... (Score:5, Funny)
Oh, wait...
Fight Back . . . (Score:2)
(http://jon.gaynor.org/)
Worry; (Score:2)
(http://slashdot.org/)
Our tax dollars are going to build out networks that are going to be used, in this fashion, to track our activities - probably as a revenue source, by selling our personal information to advertisers (or worse).
And then, the whole shebang will be sold to a monopolist for pennies on the dollar by crooked politicians.
Other than that, I think municipal wireless is a great idea. . .
Give the guy a break. (Score:1)
(http://blog.slovenija.be/)
I've seen worse (Score:2)
As others have noted, it's good to proxy. And it's wise to assume the worst about hotel networks; no, any foreign network; no, any network; no, any communications medium. Probably even your own thoughts.
VPN (Score:2)
(http://slashdot.org/~nurb432/ | Last Journal: Friday August 27 2004, @03:24PM)
Shouldnt be trusting another persons network in the first place.
I work for a competing pay to use service. (Score:3, Informative)
(http://www.truepunk.com/ | Last Journal: Friday October 14 2005, @03:35PM)
Thankfully it sounds like they are not even trying to lie about what is happening, and are say they are trying to push advertisements to their wireless users so I don't need to explain why they wouldn't be using a proxey.
After a user authenticates at a location there is no need for any of this redirecting per page every time a user tries going to a different site. Any good wireless gateway (and many bad ones) simply track each user using a session assigned to their mac address on the gateway, Nothing needs to be done to track service usage as long as they are active.
The only reason (and I don't know why they haven't been using this as the excuse) is to be able to claim monitoring illegal web usage such as kiddy porn or illegal music downloads. We had a few places claim they needed to be able to track this, but we dropped them instead of willingly tracking users for a b.s. reason.
This is just another case where a company that is charging for a service are trying to make even more money doing secretive and underhanded business practices.
Hotel ToS can be very onerous (Score:2)
(http://www.proxc.com/)
When it comes to where you've been and what you've transmitted, I assume that many places log everything. If you don't like it, that's what VPNs are for. However, claiming a perpetual license to anything you transmit is just insane.
Come on now... (Score:2)
(http://egosurf.net/~grishnav)
/happy customer...
Wait just a sec... (Score:2)
(http://edified.org/ | Last Journal: Wednesday May 14 2003, @02:00PM)
on his honeymoon (Score:2)
(http://webstaa.com/)
use a proxy in hotels (Score:1)
Of course I click "yes". (Score:2)
(Last Journal: Friday May 05 2006, @11:53PM)