×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hotel Connectivity Provider SuperClick Tracks You

kdawson posted more than 7 years ago | from the dust-off-the-VPN dept.

Privacy 175

saccade.com writes "During my last hotel stay, I thought it was a pretty strange that it took two browser re-directs before the hotel's Wi-Fi would show me the web page I browsed to. Picasa developer Michael Herf noticed the same the thing and dug a little deeper. He discovered: '...their page does some tracking of each new page you visit in your browser, outside what a normal proxy (which would have access to all your cookies and other information it shouldn't have, anyway) would do. This "adlog" hit appears to also track a "hotel ID" and some other data that identifies you more directly. Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.' Herf notes the Internet service provider, SuperClick, advertises that it 'allows hoteliers and conference center managers to leverage the investment they have made in their IP infrastructure to create advertising revenue, deliver targeted marketing and brand messages to guests and users on their network...'" Herf was on his honeymoon when he did this sleuthing. Now that's dedication.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

175 comments

I did a little "sleuthing" on my honeymoon (4, Funny)

Gothmolly (148874) | more than 7 years ago | (#17555316)

But it involved chocolate sauce, melted wax, and soft restraints. What is this 'Herf' person thinking, signing onto his laptop while on honeymoon? Go get laid you nerd!

Re:I did a little "sleuthing" on my honeymoon (3, Funny)

Joebert (946227) | more than 7 years ago | (#17555620)

Cut the guy some slack, he was probably getting ready to print out some diagrams.
You know how the net is, distractions everywhere !

ATTENTION (-1, Redundant)

DJCacophony (832334) | more than 7 years ago | (#17556020)

He should have used ssh port forwarding, or ssl tunneling, or a vpn. Mod all comments about ssl, ssh, and vpn below this comment redundant.

Re:I did a little "sleuthing" on my honeymoon (0)

Anonymous Coward | more than 7 years ago | (#17555634)

Obviously you haven't, or didn't the right ways. Otherwise, you'd realized that after some times in a row, you do need to reboot or, at the very minimum, you should have made your partner have to.

The fact Herf had time means he's got it down right. You, though, I'm not so sure.

Not so fast.. (5, Funny)

Kadin2048 (468275) | more than 7 years ago | (#17556762)

What is this 'Herf' person thinking, signing onto his laptop while on honeymoon?

Well, maybe he was logging onto Picasa to do some uploading...?

hmm (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#17555336)

"Herf was on his honeymoon when he did this sleuthing. Now that's dedication."

I can see it now...Honey I am just going to check my mail? ...eighteen hours later...Honey I just be a moment got to respond to this email...Honey not now I have a headache

Double Dipping (1)

udderly (890305) | more than 7 years ago | (#17555346)

Well, I was going to make a snide remark about how they spent their honeymoon, but I really like Picasa, so I refrained.

However, I remember this happening the last time I stayed in a hotel (a Hilton Garden). At least I kept getting redirected. I am more than a little miffed that hotels are charging me *and* spying on me.

Next time I will use the VPN.

Putty w/ dynamic proxy support and an SSH server. (4, Informative)

tgd (2822) | more than 7 years ago | (#17555364)

If you've got the resources to run an SSH server at home, use Putty with a dynamic proxy and point your browser and IM clients to it via SOCKS5.

I wouldn't trust any network like that... even if the service itself isn't watching what you're doing, do you trust the other people on that network aren't?

Its easy to surf or do other network apps safely on questionable networks. At least among the Slashdot crowd its easy... but I've educated even my parents on doing that when using public or hotel internet and gave them an SSH account to use at my house.

OpenVPN (4, Informative)

Shawn is an Asshole (845769) | more than 7 years ago | (#17555822)

Or just use OpenVPN. I use this on my laptop. Set it as the default route, use the internal DNS and your good to go. I also use an internal proxy server. So when I'm at a coffee shop or hotel doing some work, the only thing they get to see is encrypted traffic to port 1194 (udp).

Over that connection I can do anything. Instant messaging, email, SSH, http, ftp, BitTorrent, etc.

Re:OpenVPN (2, Informative)

ArbitraryConstant (763964) | more than 7 years ago | (#17556958)

Unfortunately, an SSH connection is much more likely to be allowed out than VPN traffic.

OpenVPN uses SSL (4, Informative)

SIGBUS (8236) | more than 7 years ago | (#17557350)

Note that OpenVPN can be set up to use a TCP connection instead of a UDP connection, and it uses SSL. No need for weird things like GRE that might not make it through.

You could always put OpenVPN on a port other than 1194 if you think you might run into port blocking, too.

Re:OpenVPN uses SSL (2, Interesting)

josecanuc (91) | more than 7 years ago | (#17557750)

On a related note: Does anyone know of any off-the-shelf router/NAT device that supports OpenVPN tunnels?

My company does 4-5 day jobs at convention centers, etc. and we currently use IPSEC with an off-the-shelf "VPN Router" product to tunnel back to our office network for access to fileshares and database data. Often, it is difficult and/or expensive to get hotel and convention center folks to give us a public IP address and they won't do port forwarding, etc.

I would love to have a box I can set up that will make an outgoing (from the conv. center) SSL TCP connection to the office and tunnel all VPN traffic through that, but I don't (for various reasons) want to run this tunnel on "yet another PC" that we have to carry with us.

I suspect that I'll end up having to either build a mini-atx-style or other embedded-type system to do this with OpenVPN, but it would be great if there was a commercial device that did this just like the so-called "VPN Routers" out there.

Re:Putty w/ dynamic proxy support and an SSH serve (3, Informative)

Anonymous Coward | more than 7 years ago | (#17556804)

Dynamic Proxy with OpenSSH:

ssh -C -D NNNN @

where NNNN is a port on the local machine. Just setup your network applications to using localhost:NNNN as a socks5 Proxy.
If you are paranoid, make sure DNS lookups are done via the proxy too.

To do that in Firefox. go to about:config in the location bar and make sure that this is set

network.proxy.socks_remote_dns = true

Re:Putty w/ dynamic proxy support and an SSH serve (1)

Omnifarious (11933) | more than 7 years ago | (#17557136)

That's my solution as well. I've looked into OpenVPN, but it looks quite complicated to set up in comparison. Of course most browsers do not route their DNS queries through SOCKS despite the fact that SOCKS5 can do that. So the hotel's DNS server can still get an idea of where you're going.

SSH plus Privoxy (1)

Kadin2048 (468275) | more than 7 years ago | (#17557296)

Just wondering here, wouldn't you also need to run Privoxy or something similar (an HTTP proxy) on the remote server?

My thought would be that you'd need to have a remote server (say at home, on your broadband connection), hopefully with a dyndns name, running sshd and Privoxy. Then from your laptop, you'd establish an SSH tunnel that would go from port 80 on the local machine, over the SSH pipe, and exit into Privoxy's input port on the server. Then it would go through Privoxy, to the web, and return the same way.

This avoids having to actually set up a SOCKS5 proxy that accepts external connections; you can set Privoxy to accept only connections from the localhost, and do the local-remote machine connections via SSH. Although it's probably more complicated than just a proxy, it seems like setup would be easier.

I think this would be possible to set up, even on a Windows machine.

The wise man assumes (4, Insightful)

Silver Sloth (770927) | more than 7 years ago | (#17555372)

that nowadays all his actions are watched and recorded. I live in the UK, which, I believe, has the highest ratio of CCTV cameras per head of population in the world. To me it's no surprise that when I log in at the Marriot I'm watched. Fortunately the first thing I do is establish a VPN tunnel to my company's network where I'm being watched by the CIO.

Further than that, welcome to the modern world, cue the cliches (1984, quis custodiet, ...)

Re:The wise man assumes (3, Insightful)

Billosaur (927319) | more than 7 years ago | (#17555622)

Face it, your ISP is even watching you, noting your bandwidth usage, logging where you go, reading your email to make sure it's not spam, etc. The fact is, any transaction that occurs on the Internet is being logged on a server somewhere, and someone has access to that information. If you're lucky, it's just a sysadmin making sure you don't go over some quota, but you have no way of truly knowing. A true paranoic wouldn't use the Internet at all.

Re:The wise man assumes (1, Funny)

somersault (912633) | more than 7 years ago | (#17555946)

A true paranoic wouldn't use the Internet at all.



Why not, if they're not doing anything illegal, or immoral?

Re:The wise man assumes (4, Insightful)

BVis (267028) | more than 7 years ago | (#17556100)

Because some of us still care about our privacy; we also think "If you're not doing anything wrong, what do you have to worry about" is just about the most offensive thing we could think of.

I just don't think it's anyone's business what books I'm buying, or what threads I'm posting to, or if I look up some rash on WebMD, or talk to my wife on IRC, etc etc. I'm not about to give up my privacy for some corporate bullet point about "leveraging marketing assets." They want that info, they can bloody well ask me.

Re:The wise man assumes (2)

somersault (912633) | more than 7 years ago | (#17556246)

I just don't get why its so offensive, and what I perceive to be the whole american "I'd rather die than lose my 'freedom'" type attitude. Especially considering the way the american government is acting with things like the Patriot Act, etc, americans seem to be less free than the rest of the western world.

You're obviously right though that corporations don't deserve to see into your private life and conversations just so that they can target marketing towards you (though I'd prefer to have marketing I find useful than just general advertisements about crap I don't want or need being thrown in my face), but when it comes to things like spam filtering or for example monitoring sites like MySpace to make sure that kids aren't being abused, I don't see anything wrong with things being monitored.

Again, obviously the government has the ability to go too far, for example with things like the Patriot Act, but personally I would prefer them to have some power, as long as they use it responsibly and for its intended purposes, rather than abusing public trust.

Re:The wise man assumes (2, Insightful)

drinkypoo (153816) | more than 7 years ago | (#17556906)

Again, obviously the government has the ability to go too far, for example with things like the Patriot Act, but personally I would prefer them to have some power, as long as they use it responsibly and for its intended purposes, rather than abusing public trust.

So, what color is the sky on your planet?

This is the very reason why government should have only the power which it actually requires. It doesn't really matter whether power corrupts, or simply attracts the corrupt, or even the corruptible; the end result is the same, and you cannot trust the government. It is in fact the height of stupidity. Ask people in New Orleans how well FEMA took care of them... Ask the handful (at least) of US citizens locked up without being charged or having a trial date set.

Re:The wise man assumes (1)

somersault (912633) | more than 7 years ago | (#17557066)

Exactly, the power it requires, which comes under 'some power'. You agree that there should be a government, and it's pointless even having it if it has no power. It needs to be able to enforce the law which it creates somehow, and I think it should actually be taking an active role in stopping problems like spam as well. I liked how recently it was getting involved in the security of Windows, and I don't even have to be bothered about it using tax payers' money since I don't live in the US anyway, hehe.

Sky here just now is kind of a pale grey.

Re:The wise man assumes (3, Insightful)

CantStopDancing (1036410) | more than 7 years ago | (#17556250)

I just don't think it's anyone's business
The problem is that it is exactly that - business! While you have money to spend someone will *always* be looking at what you're doing, and trying to convince you to give them some of that luvverly moneys.

Re:The wise man assumes (1)

rednuhter (516649) | more than 7 years ago | (#17556168)

so, you are saying that, if you legaly buy an copy of "King Kong" from amazon it does not matter that the mafia were monitoring all the SSL data and decoding it through a bot net ?
"King Kong", "amazon" and "Mafia" are freely replacable terms.

Re:The wise man assumes (1)

somersault (912633) | more than 7 years ago | (#17556342)

I didn't say it doesn't matter. Though the benefits of using the net tend to outweigh the risks of something like that happening. And if it did happen, you just cancel your card. If your card has suddenly been used to buy a car in Russia or whatever then I don't think you'll have too much bother convincing the credit card company that the transaction should be cancelled, though I'm not sure what the legal comeback would be for a direct debit card (which is my preferred means of online shopping).

Re:The wise man assumes (0)

Anonymous Coward | more than 7 years ago | (#17556182)

And just how exactly are you supposed to know if you're doing anything illegal when there are laws and provisions "on the books" that you can't know about because of national security?

For immoral, well, it is a stretch but someone in power could believe that god told them QWERTY keyboards were "of the devil".

Re:The wise man assumes (1)

somersault (912633) | more than 7 years ago | (#17556318)

When it comes to immoral I'm not talking about the government finding out, I'm talking about things that are 'legal' but you don't want other people to find out, like cheating on your wife or whatever.

As for the laws, you use your common sense, and if there really is a law against something weird like trying a .. in a URL to go up a level, or spitting out chewing gum on the ground in Singapore, if you do it without knowing it's illegal then you hopefully get off with a warning, though probably not. If you're going to do something slightly out of the ordinary like mess about with web servers or go to another country then it's kind of your own responsibility to check up on the law in those matters anyway.

I've always worried about this... (2, Informative)

dslknowitall (562532) | more than 7 years ago | (#17555376)

...which is why I only get online using my corporate VPN, and never visited any sites that required a login (banking, blog, yadda yadda).

Of course that's assuming the VPN is secure enough...i'm sure there's a way around everything. Hell, just connecting to the WiFi and checking your email can give anyone your password if they have half a brain.

Re:I've always worried about this... (1, Informative)

Anonymous Coward | more than 7 years ago | (#17555452)

This is assuming your VPN forces ALL traffic through the tunnel instead of doing "split tunneling" -- where only traffic that's has been identified as "interesting" (i.e. just the internal subnets you have at work or where ever you're VPNing to) gets sent through the tunnel & everything else is ignored.

You mean you didn't suspect this automatically? (4, Insightful)

davmoo (63521) | more than 7 years ago | (#17555384)

You mean to tell me that Slashdotters, some of the most paranoid people on the planet, didn't just automatically assume hotels did crap like this on their networks to make extra money? Are people here that damned naive? The story that would be news would be a hotel that does *not* do this.

Any time I use a network that isn't my own, be it a hotel, restaurant, or even the public library, I just automatically assume that someone who wants to remain unknown is taking an active interest in what I'm doing. Otherwise, why would any of these places provide free networking in the first place. They aren't doing it out of the goodness of their heart and so they can sleep warm and cuddly at night. They're doing it because they've found other ways to make a buck off of it.

Re:You mean you didn't suspect this automatically? (1)

drinkypoo (153816) | more than 7 years ago | (#17556950)

Otherwise, why would any of these places provide free networking in the first place.

You wrote this as a rhetorical question, but there IS an answer. If they don't have free wireless, you'll go somewhere else. The only place where you typically can't get free wireless is in a casino, because they want you on the floor and spending money. (The casino I work in is an exception - but it's not in Vegas, either.)

Re:You mean you didn't suspect this automatically? (0)

Anonymous Coward | more than 7 years ago | (#17557054)

I can tell you for a fact that any hotel that uses a Guest-tek system for providing internet access is not actively spying on you. The only time they care about what is traveling over their system is when A) people complain about it being slow, or B) when law enforcement calls them with questions. Other then that, the only info they keep are your standard DHCP and linux system logs.

Re:You mean you didn't suspect this automatically? (4, Insightful)

node 3 (115640) | more than 7 years ago | (#17557144)

The story that would be news would be a hotel that does *not* do this.
No. This is news because it's excessive and uncommon.

Otherwise, why would any of these places provide free networking in the first place. They aren't doing it out of the goodness of their heart and so they can sleep warm and cuddly at night. They're doing it because they've found other ways to make a buck off of it.
Not everyone is so obsessed with money as you seem to think. Some people, even astute businesspeople, make decisions based on things like, "doing what's right", "giving back to the community", and "providing quality and value". I highly doubt that your average coffee-shop free WiFi is snooping on you.

Such extreme cynicism (as you seem to be promoting) is detrimental to society, and makes for a poor foundation to live by.

Not-quite-honey Moon (2, Insightful)

FrozenFOXX (1048276) | more than 7 years ago | (#17555400)

It's not dedication, just means he's not particularly enthusiastic about his honeymoon.

Re:Not-quite-honey Moon (0)

Anonymous Coward | more than 7 years ago | (#17557864)

Yea, probably held their honeymoon at Starbucks, three blocks around the corner from their tiny apartment.

I call bullshit (1, Flamebait)

PeeAitchPee (712652) | more than 7 years ago | (#17555428)

Herf was on his honeymoon when he did this sleuthing. Now that's dedication.

Come one. This is slashdot. More like "Herf was taking a break from a month-long WoW session in his parents' basement when he did the sleuthing."

Like we'd buy that someone here even *knew* a girl, much less got married or went on a honeymoon!

Re:I call bullshit (1)

redelm (54142) | more than 7 years ago | (#17556190)

I have no doubt you are speaking from your personal experience. So be it.

I will speak from mine: I have no doubt. Nerds are actually very attractive to certain women. They like the reliability and equality. Many have been seriously burned being arm candy for jocks & preps.

As for coding on Honeymoon, why not? Are you assuming an absence of pre-marital sex? There is also such a thing as too much togetherness, and some breathing space even on a week-long honeymoon is a good idea for both.

Re:I call bullshit (OT) (1)

Straker Skunk (16970) | more than 7 years ago | (#17556590)

I will speak from mine: I have no doubt. Nerds are actually very attractive to certain women. They like the reliability and equality. Many have been seriously burned being arm candy for jocks & preps.

You might be on to something there... [ivillage.com]

Re:I call bullshit (OT) (1)

redelm (54142) | more than 7 years ago | (#17557146)

Sure. You can get lots by Googling "nice guys finish last"

Since male reproduction is more variable than female, women are torn between aggressive and nurturing males. Sometimes riskily resolved by cuckoldry. The assumption is that other women's daughters won't find nurturing sons as attractive. Probably an equilibrium thing: too many aggressors don't help enough but there are large rewards if there are too few. A predator-prey cycle.

"Sperm Wars" [Robin Baker] begins to scratch the surface (if you can tolate the lurid examples). But evolution is not about kids. It's about grandkids and beyond.

Not as stupid as others seem to think (3, Insightful)

pdawson (89236) | more than 7 years ago | (#17555464)

FTFA:
It turns out that Lorna and I both noticed and both got upset about it, so I'm spending a (small) amount of time figuring out how this thing works and what it's after. After all, I'm still on my honeymoon.


He's on his honeymoon, but looks like he was lucky enough to marry another geek, so its all good

Re:Not as stupid as others seem to think (2, Insightful)

DoctorPepper (92269) | more than 7 years ago | (#17555508)

Some of us are lucky, some no so much.

I had the great fortune to also marry another geek. She's not so much of a computer geek, like me, she's more of a science geek (also like me) and a mathematics geek.

She also thinks my two great hobbies, computers and ham radio, are "cute", and allows me to spend inordinate amounts of money on them ;-)

https urls? (1)

Beached (52204) | more than 7 years ago | (#17555506)

How do they do that? From what I understood all that a man in the middle could see was the host ip address as everything else is authenticated/encrypted. Or else you would get a security warning upon visiting the page.

Probably went something like: (3, Insightful)

DJCacophony (832334) | more than 7 years ago | (#17555962)

"What? This security dialog box is warning me that this certificate is unsigned! Better click 'ok' so I can see my bank account anyways."

Re:https urls? (2, Informative)

DaveCar (189300) | more than 7 years ago | (#17556386)

You are right, but they will be doing your DNS lookups for you too, so let's say they see www.myxxxporn.com get resolved to aaa.bbb.ccc.ddd for your client, then an https request to aaa.bbb.ccc.ddd from your client then there's a pretty good chance you're viewing pages at www.myxxxporn.com. Exactly what you are viewing they don't know, they can't see the content or the path part of the URL, but it's probably good enough to work out what you might be interested in.

Set up an squid/ssh server at home/work, set your browser's proxy settings to a localhost:port and portforward everything with ssh to your home machine. I personally also would only use web based mail (via ssh/proxy) or imaps to read mail too, I wouldn't trust a client not to connect insecurely with imap+starttls, but that's probably just paranoia.

If you are on some kind of public network just assume that someone is watching/mitming everything you do. You don't want to end up on the wall of sheep [google.com].

In Soviet Russia... (0, Funny)

Anonymous Coward | more than 7 years ago | (#17555538)

In Soviet Russia, You track Hotel Connectivity Provider SuperClick!

Superclick or Superchick (1)

tbcpp (797625) | more than 7 years ago | (#17555546)

Am I the only one who read "Hotel Connectivity Provider SuperChick Tracks You". I thought "why on earth would a CCM rock band be working for a hotel?"

A disturbing trend (2, Insightful)

NimbleSquirrel (587564) | more than 7 years ago | (#17555608)

Unfortunately, this is only going to become more widespread. Hotel chains are only interested in profit, and running their own in-house ISP just isn't profitable. They will contract out whereever possible, and for the lowest price.

Superclick already has the backing of major Hotel chains, so it already has recognition in the marketplace (hotel owners). That is not going to change. They would also be very competitive for the services they provide and, given what has been found, it is not unreasonable to think that they are cheaper because they sell off the information they gather to marketing companies.

I cannot see this kind of tracking coming to an end until either the mainstream media make a story out of it, or someone sues the Hotel chain for breaching their privacy (or both).

Some hotels intercept SMTP traffic too (2, Interesting)

toga98 (109028) | more than 7 years ago | (#17555610)

I noticed some hotels intercept SMTP traffic after a client complained he couldn't send email through our mail server while he was on the road. The hotel's service provider was trying to masquerade as our mail server and attempting to intercept the mail delivery. When I tested it I sent a test message through the mail server that was representing itself as our mail server and received the message 12 hours later. Interesting that it took that long to deliver the message and surprising that they would try to intercept messages and authentication information in this fashion. If I remember correctly, this was the Hilton in Chicago. I can't remember the name of the organization that was providing the service for the hotel.

Some? How about "most"? (2, Informative)

Svartalf (2997) | more than 7 years ago | (#17555726)

They're intercepting all of the SMTP traffic outbound ostensibly to prevent spammers from renting a room for the night and using their "high-speed" access to cover their tracks. Since my SMTP server can use the alternate authenticated (and SSL encrypted) ports, they're not dinking with my email right at the moment- either way. Their little mail proxy engine is like an open relay and gets rejected by other mailservers if they've got those sorts of countermeasures on. I'd sent some emails to my friends and wife back home to my personal domain- got a bounce that didn't make any sense- it was coming from ME, through what claimed to be a symantec based mailserver. I promptly changed access methods and have had no issues since- I'm not going through their garbage for anything but the web- soon, I probably won't even be doing that much.

Re:Some? How about "most"? (2, Insightful)

Ninjaesque One (902204) | more than 7 years ago | (#17556224)

The only reason that spam is alive right now is because of its horribly low cost: it costs nothing, basically, to send junk mail through the internet. That nothing would be increased by about $70 a day for a hotel room with high-speed internet.

Re:Some? How about "most"? (1)

Svartalf (2997) | more than 7 years ago | (#17556758)

But that reasoning is flawed. You see, all it takes is recruiting one of numerous zombie-net spammers to do your dirty work. No way you're going to get caught. If you go at it from a Hotel room, you're possibly going to get caught.

Re:Some hotels intercept SMTP traffic too (5, Interesting)

Alpha232 (922118) | more than 7 years ago | (#17556058)

I won't try to claim there is no evil in this instance...
However there are some providers that do the same type of thing with the genuine interest in helping the guest.

This is NOT uncommon; this is all about providing transparent network services. There are systems already out there (STSN, et.al.) that don't even require you to use DHCP.. If your IP is static, it handles the masquerading needed to make it work without your intervention, same for DNS and Mail.

Take for instance your mom and pop traveler, they are setup for cable broadband, their ISP comes to their home and hard wires the DNS and SMTP settings, and sometimes the IP. Mom and Pop go on vacation and bring their laptop, yes Virginia some non-geeks/non-business people own laptops. What settings do they need to know how to change in order to get online? At a minimum their IP is hopefully DHCP but I'll say that is not always the case, and also DNS which would be set by DHCP unless their IP or DNS settings are hard coded. In this case, the system would see the system using an IP that isn't part of the hotel network and wasn't assigned by the server, so it will do what is needed to make that IP work. Same thing goes for DNS, it will route all DNS requests to its internal DNS server, and sometimes ISP's don't allow public access from the outside.

As far as SMTP is concerned, would you be surprised that in this age of rampant spam that Mom and Pops ISP refuse connections from outside their network? Also in a growing trend, the ISP the hotel uses wants some assurances that the public access isn't allowing mass spamming. In this case the hotel(or their network provider) routes all SMTP traffic to one server on their network which queues it and sends it out. They could be doing spam checks or simply a queue threshold/throttle to limit the damage Mom and Pops zombified laptop can do.

That last point is also my last point, from the Hotel/ISP point of view you're using a computer that is not controlled by the person who owns the network. Most companies do not allow unsecured systems on their network, in a hotel, that is the idea... so measures must be taken to not only have the network adapt to the user but also to protect the host from their guests.

Re:Some hotels intercept SMTP traffic too (1)

glesga_kiss (596639) | more than 7 years ago | (#17557704)

What he said. Outgoing SMTP is about the only setting that needs changed from site to site for 99% of users. It used to annoy the hell out me but...

an alternative to your ISPs SMTP is to use Googles SMTP server, which also has the added bonus of being wrapped up in SSL. You need to have a valid account and validate any "from:" address you intend to use on Googles page, but other than that it's been working flawlessly for me for ages now. Works from any location, I use it on my laptop & PDA. Your email client needs to support SMTP authentication and SSL connections for SMTP, but most recent ones do.

Re:Some hotels intercept SMTP traffic too (1, Informative)

Anonymous Coward | more than 7 years ago | (#17556120)

Hello, I do tech support for an outsourcing company that does support for a large number of independently owned hotels.

This is actually done mainly for compatability reasons. Many people are configured for smtp without authentication, so what happens is when they try to send email they get "we do not relay" type errors from their home smtp server because they are not connected to their regular ISP (their home isp uses IP white lists to decided who is allowed to relay). So, some hotels redirect outbound port 25 to a server that is configured to relay for that hotel.

I've noticed most hotels that do this do not redirect smtp via ssl, so if you're concerned about it then set up smtp over ssl and make sure you have smtp auth enabled.

As to why it took 12 hours to deliver the mail.. that's shame on the admins for a slow server. :)

Re:Some hotels intercept SMTP traffic too (2, Interesting)

toga98 (109028) | more than 7 years ago | (#17556506)

Regarding SMTP, we do auth through TLS. That's why email failed to be delivered through their system. My point is that it is disturbing that they capture / attempt to capture authentication information from their clients without disclosing this information. There is a lot of room for abuse considering the type of communication that takes place over email by business travelers. Especially, as you mention that most ISPs either do not require authentication or secure authentication. Some of this could be mitigated by the use of certain email tools, but unfortunately things like PGP and other methods of encrypting communications via email are not well supported by email clients and are even harder to use by those email clients that support them. Not something that a typical business user would be able or willing to manage.

Herf was on his honeymoon when he did this ... (0)

Anonymous Coward | more than 7 years ago | (#17555618)


"Herf was on his honeymoon when he did this ..."

A sure sign on trouble. Even a caveman wouldn't do that.

Re:Herf was on his honeymoon when he did this ... (0)

Anonymous Coward | more than 7 years ago | (#17557730)

Even a caveman wouldn't do that.

Bigot. The GEICO caveman would.

I've assumed that this was the case.... (4, Interesting)

8127972 (73495) | more than 7 years ago | (#17555832)

.... for years. That's why I've begun to use a remote access product called the MobiKEY [route1.com]. It is a USB token that creates an SSL tunnel with 2 factor authentication (some sort of PKI based scheme) to your home/work computer. The company that makes this has a managed service called MobiNET that helps to broker the connection so that even Joe Sixpack can connect anywhere there is a net connection. Also, since it's SSL, I don't have to change my firewall settings.

By using this product, nobody can snoop on my activities and I can do what I have to do in complete confidence. Problem solved.

VPN (0)

Anonymous Coward | more than 7 years ago | (#17555854)

Collectively and out loud: "Oh yea...VPN, thats what we should be using..."

Learn to set it up in your home and stop whining about people who track you, unless your cable company is tracking you....

pardon? (2, Funny)

rucs_hack (784150) | more than 7 years ago | (#17555980)

On his honeymoon?

wow, that's a relationship with a good start.

Re:pardon? (1)

Omnifarious (11933) | more than 7 years ago | (#17557194)

Well he and his wife cooperated in tracking it down because they both noticed and were annoyed by it. So, aside from the fact that I suspect you're being sarcastic, I'd have to agree with you. A great start. :-)

Re:pardon? (1)

rucs_hack (784150) | more than 7 years ago | (#17557330)

well no, not sarcastic. A new wife, a hotel, I can see more to do then things on a computer.

Why were they so interested on solving such a problem during a honeymoon? Sounds like an avoidance strategy to me.

Soviets (0)

Anonymous Coward | more than 7 years ago | (#17556252)

In Soviet Russia, even the hotels are watching you...

You can track https with a proxy. (0)

Anonymous Coward | more than 7 years ago | (#17556380)

"Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy."

I wouldn't be so sure about that...

http://www.bluecoat.de/solutions/performance/secur e_apps.html [bluecoat.de]

"The solution starts with Blue Coat's patented proxy technology, a core part of all Blue Coat SG appliances. Because a proxy is an active device (i.e., it terminates traffic), it acts as both the server to the client, and the client to the server. Thus, within an SSL session, Blue Coat SG appliances terminate the encrypted connection, inspect the traffic and apply all appropriate MACH5 acceleration techniques to its content, then re-encrypt the traffic and send it its destination. "

Re:You can track https with a proxy. (0)

Anonymous Coward | more than 7 years ago | (#17556868)

You have to trust BlueCoat's cert. Easy in a Corp environment, harder in a hotel one where the user gets the mismatched cert error and has to click "yes"... Never mind.

Of course I click "yes". (1)

r00t (33219) | more than 7 years ago | (#17557764)

Many legit sites don't bother to get "real" certificates from Verisign or whereever. I'm forever clicking "yes" already.

HTTPS tracking (2, Informative)

ACMENEWSLLC (940904) | more than 7 years ago | (#17556448)

>>Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.

Um, yes, you can. It is possible with todays hardware.

Here are a few;
http://www.esafe.com/eSafe/traffic_solutions.asp [esafe.com]

Another;
http://www.scmagazine.com/us/products/productdetai ls/94de9e89-b7a1-6d6f-9479-84b866a2ffab/webwasher- 1000-csm-appliance/ [scmagazine.com]
http://www.cyberguard.com/products/webwasher/webwa sher_products/csm_appliance/index.html?lang=de_EN [cyberguard.com]
"WW1000 has the ability to scan encrypted SSL"

The days of HTTPS being valuable are long gone. We can look inside this traffic realtime. I monitor & block traffic to HTTPS sites myself..

Re:HTTPS tracking (1)

gad_zuki! (70830) | more than 7 years ago | (#17557226)

How does this work? Is it brute-forcing SSL encryption? Acting like a transparent proxy and making the client think/spoofing its communicating with the host?

Re:HTTPS tracking (1)

Vellmont (569020) | more than 7 years ago | (#17557382)


The days of HTTPS being valuable are long gone. We can look inside this traffic realtime. I monitor & block traffic to HTTPS sites myself..

The only way this is possible (barring someone having cracked SSL, which hasn't happened) is through a man-in-the-middle attack. If you try that, the user will get a message on the screen when they connect to https sights saying the certficicate is bad, unless you can somehow get them to recognize you as Certificate Authority by installing a root CA key. You can do that if you own the machines (business environment), but good luck doing that if you don't. You'd either have to break into someones machine, or trick them into installing it.

FreeNX (2, Informative)

astrashe (7452) | more than 7 years ago | (#17556556)

I use FreeNX to go back to my home desktop through a ssh tunnel. I use the local desktop only if I want some multimedia -- I'll start streaming a radio station, then pull up my home desktop, etc.

FreeNX is fast enough to make this viable.

You get a lot of advantages from doing it this way. There's the privacy angle, which is a big thing. But you also get your main desktop -- the one with all of your stuff on it.

And you don't need a really fast laptop. Once it's fast enough to run FreeNX, you're ok. I use a thinkpad I bought on ebay for $200. It's not just cheap, it's from the era when laptops ran cool enough to actually hold on your lap.

Re:FreeNX (1)

YetAnotherDave (159442) | more than 7 years ago | (#17556828)

what does this give you that you couldn't get by tunnelling X via XDMCP over SSH? Doing remote-display stuff is part of the fundamental design of X, after all.

Re:FreeNX (2, Informative)

drinkypoo (153816) | more than 7 years ago | (#17557006)

what does this give you that you couldn't get by tunnelling X via XDMCP over SSH? Doing remote-display stuff is part of the fundamental design of X, after all.

It makes the connection dramatically faster and more responsive. Like, as usable as Microsoft's Remote Desktop Connection. X is not very efficient. NX does some other things too but that's the biggie.

Re:FreeNX (1)

Godji (957148) | more than 7 years ago | (#17557028)

Could you maybe provide some information on the stuff you just mentioned? I've never heard of it, but I'm interested. Some links maybe? Thank you.

Not all hotels are like this. (1, Informative)

Anonymous Coward | more than 7 years ago | (#17556696)

I find it somewhat strange/funny that the majority of hotels having these systems in place seem to be the "expensive" ones. Marriott, Hilton, etc..

From my experience (a few different positions) in the hotel industry, the less expensive hotels (Econolodge, Travelodge, Red Roof, etc..) typically don't have these tracking systems. The downside is that their networks are usually less secure, because many don't have any sort of authentication outside of a WEP/WPA key. The tracking systems aren't found at these hotels because of the high setup costs (usually in the $1,000-3,000 range) and fees. It's not cost effective for the rates charged at these places, so they often end up with some sort of homebrew solution (kind of like the one I set up at a place -- used WRT54Gs authenticating to a FreeRADIUS server) which is less expensive to set up, and ends up being less expensive in the long run by only having to pay for a separate Cable/DSL connection. As previously stated, the downside here is security most of the time.

It really turns into a pick your poison-type situation. Regardless, I'd go along with the VPN/SSH Tunnel mentality. You never know what that front desk worker is doing downstairs in their free time.. *grin*

Whorehousing (3, Interesting)

Anonymous Coward | more than 7 years ago | (#17556784)

As a former employee of a hotel service provider, we would certainly store MAC addresses indefinitely, proxy (and occasionally read) outgoing email (and deny SMTP service for the flimsiest of pretexts), and best of all, t2 support would often tail the squid logs in search of the best pr0n. If the company had been in any way organised you can bet we'd have been selling (aggregate only! honest!) data to the first bidder.

And don't even get me started on the plan to introduce targetted ads direct to the browser on *every page*. What? you think we used squid for performance?

Seen this before...? (0)

Anonymous Coward | more than 7 years ago | (#17556836)

Is anyone else reminded of the Babylon 5 episode "Day of the Dead"? Where Garibaldi rigs, in his quarters, a comm channel for Lochley while there's a hot female Marine on his bed waiting for him? IIRC, the marine said something like, "It's a good thing we didn't hook up back then; I would have killed you inside two months."

But, seriously, one time I was trying to install some packages on my Gentoo laptop at a hotel, and the downloaded files were coming up corrupt. Turns out that when Gentoo went to fetch the files with wget via http, the hotel would occasionally intercept the connection and respond with a page that was just a graphic that said "You are being connected...", with a <meta> tag that reloaded the page in two seconds. Wget, treating the data as binary, just figured it was a partial download and then went to hit the next mirror to get the rest of the file, so in the end, I had files with the right file size, but the first 400 bytes or so were corrupt.

Hotels want to know EVERYTHING (3, Informative)

AndSheWas (1049788) | more than 7 years ago | (#17556844)

I work for a certain hotel company, I'm the person who you get when you call to make a reservation. If you have any kind of identifying profile or number, then you're activity is being tracked. Whether you stayed on business or pleasure, who you're companion was, what floor you like, how many beds, on what occasion you decided to stay at the hotel...any information i can gather about you, i am paid to gather. We use an integrated soft phone that is linked with our reservations system. I know what number you are calling from. If you have stayed with us before, chances are you have a profile, and i have your address, credit card number, and possibly how many kids you have. The hotels want your business so badly, they want to REALLY get to know you, and have your favorite flower on the bed when you come in, or if you know the concierge well enough, your favorite escort. So if you want to keep you're personal info "secret", don't earn points towards that free stay, and don't get a profile number. We get paid extra for making these profiles, so watch out for people just making you one, without your expressed consent. It happens all of the time. i watch it happen everyday. I'm looking for a new job.

Re:Hotels want to know EVERYTHING (0)

Anonymous Coward | more than 7 years ago | (#17557518)

Even if you're not a member of the rewards program for a hotel family, a lot of this information is still retained (but usually not used).

However, one of the things we used it for at the front desk was comment checking. If you come up to the desk and tell me that your room smells of smoke (and it does) but nothing was noted on the housekeeping logs, you bet I'll check the comments.

Now I get to look you up by last name and see all the comments made about you by other hotels you've stayed at in our hotel family. If I see that three out of four times, a comment "gst complained rm smelled of smoke", I'd put money on you not getting a discount.

It's a true story. As housekeeping was cleaning the room the next day, they found a cigarette butt and a plastic cup used as an ashtray in the bathroom wastebasket and ashes on the bathroom floor. Not only did they get no discount, they got the $100 smoking in a non-smoking room charge too.

Moral of the story? Don't complain just to get a discount. Maybe you'll have a valid concern sometime, and won't get taken seriously because of your history of complaints for discounts.

Fight Back . . . (1)

jgaynor (205453) | more than 7 years ago | (#17557074)

In light of this information, it is obviously the duty of every red-blooded geek to fight back by stealing free porn [lockergnome.com] from any hotel which uses this system.

Re:Fight Back . . . (1)

Vegeta99 (219501) | more than 7 years ago | (#17557870)

dude, please dont link content-stealing blogs that just links to ANOTHER blog that stole its content from another site. Useless.

Worry; (1)

jafac (1449) | more than 7 years ago | (#17557274)

This was my worry in all the activity to provide municipal wireless around the country.

Our tax dollars are going to build out networks that are going to be used, in this fashion, to track our activities - probably as a revenue source, by selling our personal information to advertisers (or worse).

And then, the whole shebang will be sold to a monopolist for pennies on the dollar by crooked politicians.

Other than that, I think municipal wireless is a great idea. . .

co34 (-1, Troll)

Anonymous Coward | more than 7 years ago | (#17557300)

they are Come said. 'Scre4ming

They're partners with Quantcast, who buys the data (0)

Anonymous Coward | more than 7 years ago | (#17557388)

Quantcast [quantcast.com] pays them for the data, which offsets the cost of the connection. In turn, Quantcast gets a usage data for people that are in the "can afford to stay at hotels" demographic. (I've always thought this was an immoral practice.) See: Quantcast FAQ: How do you collect your data? [quantcast.com]

Give the guy a break. (1)

d3m0nCr4t (869332) | more than 7 years ago | (#17557608)

Maybe he married a geek/nerd from the opposite sex and they just checked things out together... In that case: better then sex. :)
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...