Slashdot Mirror
Hotel Connectivity Provider SuperClick Tracks You
saccade.com writes "During my last hotel stay, I thought it was a pretty strange that it took two browser re-directs before the hotel's Wi-Fi would show me the web page I browsed to. Picasa developer Michael Herf noticed the same the thing and dug a little deeper. He discovered: '...their page does some tracking of each new page you visit in your browser, outside what a normal proxy (which would have access to all your cookies and other information it shouldn't have, anyway) would do. This "adlog" hit appears to also track a "hotel ID" and some other data that identifies you more directly. Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.' Herf notes the Internet service provider, SuperClick, advertises that it 'allows hoteliers and conference center managers to leverage the investment they have made in their IP infrastructure to create advertising revenue, deliver targeted marketing and brand messages to guests and users on their network...'" Herf was on his honeymoon when he did this sleuthing. Now that's dedication.
I won't try to claim there is no evil in this instance...
However there are some providers that do the same type of thing with the genuine interest in helping the guest.
This is NOT uncommon; this is all about providing transparent network services. There are systems already out there (STSN, et.al.) that don't even require you to use DHCP.. If your IP is static, it handles the masquerading needed to make it work without your intervention, same for DNS and Mail.
Take for instance your mom and pop traveler, they are setup for cable broadband, their ISP comes to their home and hard wires the DNS and SMTP settings, and sometimes the IP. Mom and Pop go on vacation and bring their laptop, yes Virginia some non-geeks/non-business people own laptops. What settings do they need to know how to change in order to get online? At a minimum their IP is hopefully DHCP but I'll say that is not always the case, and also DNS which would be set by DHCP unless their IP or DNS settings are hard coded. In this case, the system would see the system using an IP that isn't part of the hotel network and wasn't assigned by the server, so it will do what is needed to make that IP work. Same thing goes for DNS, it will route all DNS requests to its internal DNS server, and sometimes ISP's don't allow public access from the outside.
As far as SMTP is concerned, would you be surprised that in this age of rampant spam that Mom and Pops ISP refuse connections from outside their network? Also in a growing trend, the ISP the hotel uses wants some assurances that the public access isn't allowing mass spamming. In this case the hotel(or their network provider) routes all SMTP traffic to one server on their network which queues it and sends it out. They could be doing spam checks or simply a queue threshold/throttle to limit the damage Mom and Pops zombified laptop can do.
That last point is also my last point, from the Hotel/ISP point of view you're using a computer that is not controlled by the person who owns the network. Most companies do not allow unsecured systems on their network, in a hotel, that is the idea... so measures must be taken to not only have the network adapt to the user but also to protect the host from their guests.
What is this 'Herf' person thinking, signing onto his laptop while on honeymoon?
Well, maybe he was logging onto Picasa to do some uploading...?
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
You call that a python?