'Hotel Connectivity Provider SuperClick Invasively Tracks You' from DoyenGuy on 2007-02-01 (TheList mail archive)

From: DoyenGuy <doyenguy_at_gmail.com>
Date: Thu, 1 Feb 2007 23:02:45 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

http://yro.slashdot.org/yro/07/01/11/1321237.shtml

saccade.com writes "During my last hotel stay, I thought it was a pretty
strange that it took two browser re-directs before the hotel's Wi-Fi would
show me the web page I browsed to. Picasa developer Michael Herf noticed
the same the thing and dug a little deeper. He discovered: '...their page
does some tracking of each new page you visit in your browser, outside what
a normal proxy (which would have access to all your cookies and other
information it shouldn't have, anyway) would do. This "adlog" hit appears
to also track a "hotel ID" and some other data that identifies you more
directly. Notably, I've observed these guys tracking HTTPS URLs, and of
course you can't track those through a proxy.' Herf notes the Internet
service provider, SuperClick, advertises that it 'allows hoteliers and
conference center managers to leverage the investment they have made in
their IP infrastructure to create advertising revenue, deliver targeted
marketing and brand messages to guests and users on their network...'"
Herf was on his honeymoon when he did this sleuthing. Now that's
dedication.

Two good comments:
[ONE]:
As a former employee of a hotel service provider, we would certainly store
MAC addresses indefinitely, proxy (and occasionally read) outgoing email
(and deny SMTP service for the flimsiest of pretexts), and best of all, t2
support would often tail the squid logs in search of the best pr0n. If the
company had been in any way organised you can bet we'd have been selling
(aggregate only! honest!) data to the first bidder.

And don't even get me started on the plan to introduce targetted ads direct
to the browser on *every page*. What? you think we used squid for
performance?
[/ONE]

[TWO]
VPN

Problem solved.

Shouldnt be trusting another persons network in the first place.
[/TWO]

-----BEGIN PGP SIGNATURE-----
iQA/AwUBRcK3vtcxzwil5KeHEQIRXgCcCtoGaYTO6jeX5DN3n9taEqcqHKEAoI5G
bOr+oIzo81cb7WROMK+ZSx4A
=T7R1
-----END PGP SIGNATURE-----

!! Read or peruse TheList's complete (except for the first month) history of emails !!
http://hacker7.net/thelist/
Received on Thu Feb 01 2007 - 23:02:29 EST

This archive was generated by hypermail 2.2.0 : Sun Oct 07 2007 - 14:42:04 EDT