Slashdot Mirror
Hotel Connectivity Provider SuperClick Tracks You
saccade.com writes "During my last hotel stay, I thought it was a pretty strange that it took two browser re-directs before the hotel's Wi-Fi would show me the web page I browsed to. Picasa developer Michael Herf noticed the same the thing and dug a little deeper. He discovered: '...their page does some tracking of each new page you visit in your browser, outside what a normal proxy (which would have access to all your cookies and other information it shouldn't have, anyway) would do. This "adlog" hit appears to also track a "hotel ID" and some other data that identifies you more directly. Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.' Herf notes the Internet service provider, SuperClick, advertises that it 'allows hoteliers and conference center managers to leverage the investment they have made in their IP infrastructure to create advertising revenue, deliver targeted marketing and brand messages to guests and users on their network...'" Herf was on his honeymoon when he did this sleuthing. Now that's dedication.
If you've got the resources to run an SSH server at home, use Putty with a dynamic proxy and point your browser and IM clients to it via SOCKS5.
I wouldn't trust any network like that... even if the service itself isn't watching what you're doing, do you trust the other people on that network aren't?
Its easy to surf or do other network apps safely on questionable networks. At least among the Slashdot crowd its easy... but I've educated even my parents on doing that when using public or hotel internet and gave them an SSH account to use at my house.
Or just use OpenVPN. I use this on my laptop. Set it as the default route, use the internal DNS and your good to go. I also use an internal proxy server. So when I'm at a coffee shop or hotel doing some work, the only thing they get to see is encrypted traffic to port 1194 (udp).
Over that connection I can do anything. Instant messaging, email, SSH, http, ftp, BitTorrent, etc.
"It ain't a war against drugs.it's a war against personal freedom" --Bill Hicks
Dynamic Proxy with OpenSSH:
ssh -C -D NNNN @
where NNNN is a port on the local machine. Just setup your network applications to using localhost:NNNN as a socks5 Proxy.
If you are paranoid, make sure DNS lookups are done via the proxy too.
To do that in Firefox. go to about:config in the location bar and make sure that this is set
network.proxy.socks_remote_dns = true
I work for a certain hotel company, I'm the person who you get when you call to make a reservation. If you have any kind of identifying profile or number, then you're activity is being tracked. Whether you stayed on business or pleasure, who you're companion was, what floor you like, how many beds, on what occasion you decided to stay at the hotel...any information i can gather about you, i am paid to gather. We use an integrated soft phone that is linked with our reservations system. I know what number you are calling from. If you have stayed with us before, chances are you have a profile, and i have your address, credit card number, and possibly how many kids you have. The hotels want your business so badly, they want to REALLY get to know you, and have your favorite flower on the bed when you come in, or if you know the concierge well enough, your favorite escort. So if you want to keep you're personal info "secret", don't earn points towards that free stay, and don't get a profile number. We get paid extra for making these profiles, so watch out for people just making you one, without your expressed consent. It happens all of the time. i watch it happen everyday. I'm looking for a new job.
Note that OpenVPN can be set up to use a TCP connection instead of a UDP connection, and it uses SSL. No need for weird things like GRE that might not make it through.
You could always put OpenVPN on a port other than 1194 if you think you might run into port blocking, too.
Oh, no! You have walked into the slavering fangs of a lurking grue!