Hotel Connectivity Provider SuperClick Tracks You

saccade.com writes "During my last hotel stay, I thought it was a pretty strange that it took two browser re-directs before the hotel's Wi-Fi would show me the web page I browsed to. Picasa developer Michael Herf noticed the same the thing and dug a little deeper. He discovered: '...their page does some tracking of each new page you visit in your browser, outside what a normal proxy (which would have access to all your cookies and other information it shouldn't have, anyway) would do. This "adlog" hit appears to also track a "hotel ID" and some other data that identifies you more directly. Notably, I've observed these guys tracking HTTPS URLs, and of course you can't track those through a proxy.' Herf notes the Internet service provider, SuperClick, advertises that it 'allows hoteliers and conference center managers to leverage the investment they have made in their IP infrastructure to create advertising revenue, deliver targeted marketing and brand messages to guests and users on their network...'" Herf was on his honeymoon when he did this sleuthing. Now that's dedication.

The wise man assumes

[Silver Sloth]

that nowadays all his actions are watched and recorded. I live in the UK, which, I believe, has the highest ratio of CCTV cameras per head of population in the world. To me it's no surprise that when I log in at the Marriot I'm watched. Fortunately the first thing I do is establish a VPN tunnel to my company's network where I'm being watched by the CIO.

Further than that, welcome to the modern world, cue the cliches (1984, quis custodiet, ...)

You mean you didn't suspect this automatically?

[davmoo]

You mean to tell me that Slashdotters, some of the most paranoid people on the planet, didn't just automatically assume hotels did crap like this on their networks to make extra money? Are people here that damned naive? The story that would be news would be a hotel that does *not* do this.

Any time I use a network that isn't my own, be it a hotel, restaurant, or even the public library, I just automatically assume that someone who wants to remain unknown is taking an active interest in what I'm doing. Otherwise, why would any of these places provide free networking in the first place. They aren't doing it out of the goodness of their heart and so they can sleep warm and cuddly at night. They're doing it because they've found other ways to make a buck off of it.

Not-quite-honey Moon

[FrozenFOXX]

It's not dedication, just means he's not particularly enthusiastic about his honeymoon.

Not as stupid as others seem to think

[pdawson]

FTFA:

It turns out that Lorna and I both noticed and both got upset about it, so I'm spending a (small) amount of time figuring out how this thing works and what it's after. After all, I'm still on my honeymoon.

He's on his honeymoon, but looks like he was lucky enough to marry another geek, so its all good

Re:Not as stupid as others seem to think

[DoctorPepper]

Some of us are lucky, some no so much.

I had the great fortune to also marry another geek. She's not so much of a computer geek, like me, she's more of a science geek (also like me) and a mathematics geek.

She also thinks my two great hobbies, computers and ham radio, are "cute", and allows me to spend inordinate amounts of money on them ;-)

A disturbing trend

[NimbleSquirrel]

Unfortunately, this is only going to become more widespread. Hotel chains are only interested in profit, and running their own in-house ISP just isn't profitable. They will contract out whereever possible, and for the lowest price.

Superclick already has the backing of major Hotel chains, so it already has recognition in the marketplace (hotel owners). That is not going to change. They would also be very competitive for the services they provide and, given what has been found, it is not unreasonable to think that they are cheaper because they sell off the information they gather to marketing companies.

I cannot see this kind of tracking coming to an end until either the mainstream media make a story out of it, or someone sues the Hotel chain for breaching their privacy (or both).

Re:The wise man assumes

[Billosaur]

Face it, your ISP is even watching you, noting your bandwidth usage, logging where you go, reading your email to make sure it's not spam, etc. The fact is, any transaction that occurs on the Internet is being logged on a server somewhere, and someone has access to that information. If you're lucky, it's just a sysadmin making sure you don't go over some quota, but you have no way of truly knowing. A true paranoic wouldn't use the Internet at all.

Probably went something like:

[DJCacophony]

"What? This security dialog box is warning me that this certificate is unsigned! Better click 'ok' so I can see my bank account anyways."

Re:The wise man assumes

[BVis]

Because some of us still care about our privacy; we also think "If you're not doing anything wrong, what do you have to worry about" is just about the most offensive thing we could think of.

I just don't think it's anyone's business what books I'm buying, or what threads I'm posting to, or if I look up some rash on WebMD, or talk to my wife on IRC, etc etc. I'm not about to give up my privacy for some corporate bullet point about "leveraging marketing assets." They want that info, they can bloody well ask me.

Re:Some? How about "most"?

[Ninjaesque One]

The only reason that spam is alive right now is because of its horribly low cost: it costs nothing, basically, to send junk mail through the internet. That nothing would be increased by about $70 a day for a hotel room with high-speed internet.

Re:The wise man assumes

[CantStopDancing]

I just don't think it's anyone's business

The problem is that it is exactly that - business! While you have money to spend someone will *always* be looking at what you're doing, and trying to convince you to give them some of that luvverly moneys.

Re:The wise man assumes

[drinkypoo]

Again, obviously the government has the ability to go too far, for example with things like the Patriot Act, but personally I would prefer them to have some power, as long as they use it responsibly and for its intended purposes, rather than abusing public trust.

So, what color is the sky on your planet?

This is the very reason why government should have only the power which it actually requires. It doesn't really matter whether power corrupts, or simply attracts the corrupt, or even the corruptible; the end result is the same, and you cannot trust the government. It is in fact the height of stupidity. Ask people in New Orleans how well FEMA took care of them... Ask the handful (at least) of US citizens locked up without being charged or having a trial date set.

Re:You mean you didn't suspect this automatically?

[node 3]

The story that would be news would be a hotel that does *not* do this.

No. This is news because it's excessive and uncommon.

Otherwise, why would any of these places provide free networking in the first place. They aren't doing it out of the goodness of their heart and so they can sleep warm and cuddly at night. They're doing it because they've found other ways to make a buck off of it.

Not everyone is so obsessed with money as you seem to think. Some people, even astute businesspeople, make decisions based on things like, "doing what's right", "giving back to the community", and "providing quality and value". I highly doubt that your average coffee-shop free WiFi is snooping on you.

Such extreme cynicism (as you seem to be promoting) is detrimental to society, and makes for a poor foundation to live by.

Re:The wise man assumes

[Anonymous Coward]

"If you're not doing anything wrong, what do you have to worry about"

Ask any older Japanese American who wasn't doing anything wrong where they were from 1941-1945. Or ask your average black person or Indian how they feel about this statement. This country has a stunningly bad history of abusing authority, whether you're doing anything wrong or not.

Re:The wise man assumes

[karmatic]

You ask - "if you're not doing anything wrong, what do you have to hide?". I ask, "if I'm not doing anything wrong, why do you feel the need to spy on me?".

Avoiding the obvious issues with international law, having your activities spied upon tends to change what you do. In some cases, this is a good thing (less crime) - in some cases, it's not.

Consider someone who is aware of wrongdoing by their company/politician/etc. With the (relative) anonymity of the internet, that person can go online and expose the wrongdoing. Even with laws protecting whistleblowers from retribution, companies (and in some cases, politicians) have a history of making their lives unpleasant anyway. What keeps people from arbitrarily running smear campaigns? With sufficient evidence to convince a judge of wrongdoing by the purported "whistleblower", injunctions and subponeas can be used to stop (and identify) the person in question. The government has the power it needs to enforce (against it's own citizens - it couldn't get foreigners anyway) libel laws online, it just has to go through a judge first. Personally, I think that standard is often too low, but that's what it is.

In addition, much of the purpose of monitoring people online is to attempt to determine information about an individual by the sites they visit. Judging from my history, it looks like I'm a staunch liberal, with aids, and an ACLU supporter. This couldn't be farther from the truth (the AIDS is due to reasearch about blood testing techniques - the batch of blood, mine and others, had someone with AIDS attempt to donate). As an example, reading neo-nazi propanda does not mean you support their cause, or even that you don't find it morally reprehensible. An employer checking the proxy logs won't necessarily know that.

The final argument I would make for privacy is that there are those who would invade the privacy of others to further their own agenda. In the United States, the constitution has the phrase "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated". At the time this was written, this pretty much covered all one did and owned. To ensure law enforcement could do their job, the constitution also states "no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." For the government to invade the privacy of an individual, a judge had to determine that there was sufficient cause for a warrant. Politicians have used government resources to attack other policical parties (watergate), imprisoned american citizans of japanese descent, improperly sieze currency and other assets for public use without just compensation, and a host of other wrongs. Honest actions can and have been used in court to make innocent men look guilty - "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

In short, if there is evidence I'm committing wrong, convince a judge of it, and get a warrant. If you lack enough evidence to convince a judge (it's a fairly low standard, really), you shouldn't be spying on me anyway, even in the name of "safety". The safest environment would be a world where throughouly screened guards "protect" the rest of the population, who all sit alone in their padded safe. It would be the ultimate, absolute safety and security, but certainly not a place I would want to live. Freedom is an end worth pursuing on it's own, and it is important to remember that (at least in the US), the government [supposedly] derives it's power from the consent of the governed. If that is no longer the case, the people have the right (and obligation) to replace it with one that does.

Re:In soviet Russia...

[Miraba]

Why did I have to scan most of the way down the page to find this? For shame, people.