Don't use Marriot hotels' sleazy Wi-Fi

Brian X. Chen for the New York Times: "The hotel’s Internet service was secretly injecting lines of code into every page he visited, code that could allow it to insert ads into any Web page without the knowledge of the site visitor or the page’s creator. (He did not actually see any such ads.)"
Guest Justin Watt's full report has that air of mounting frustration so many of us now associate with hotel travel. The best parts of Chen's story are where Courtyard Marriot is such an organizational disaster that it can't even figure out what spokesperson is responsible for replying to the Times' inquiries; and where the WiFi provider, RG Nets, "quickly hung up on calls."

Update: Watt has added a statement received from Courtyard Marriot, in which it blames RG Nets and says the script insertion occurred "unbeknownst" to it. However, the hotel chain also claims it is "a common marketing practice with many Internet service providers".

⟿ Follow Rob Beschizza on Twitter.

MORE: sleaze • tech

More at Boing Boing

The technology that links taxonomy and Star Trek

Hackers prepare for first "national holiday" in their honor

nixiebunny

What’s to stop any ISP from doing the same thing?
- CaptainPedge
  
  you think they don’t already?
- Guest
  
  SSL
http://www.kmoser.com kmoser

Kind of like what NetZero used to do?
xzzy

Free wireless at BWW restaurants used to hijack link clicks about once every 5 minutes, and instead of going to the url you wanted to, you got a page full of ads.

I understand the urge to try and squeeze pennies out of every single thing possible, but at some point you gotta wonder if the bad mojo is worth the microscopic bump in profits.
- traalfaz
  
  Once upon a time, Belkin released a router that did the same thing, though less frequently. I haven’t bought so much as a USB cable from them since. Any company that thinks it’s OK to mess with my data stream doesn’t get my business. Not ever. IMO if they thought it was in any way acceptable even once, they are not people that I want to do business with even if they say they’ve changed.
  - jandrese
    
    Rest assured, Belkin is still crap.
http://boingboing.net/ Rob Beschizza

MIFI PEOPLE
- flosofl
  
  Or personal VPN. I use the VPN service on OS X Lion Server when I’m out an about. Before that OpenVPN on a DD-WRT router.
  
  Er… unless you are on a “Guest” WiFi service that locks down the ports to 53, 80 and 443. Then MiFi or similar is the way like Rob says.
http://www.lightning-rose.com/ LightningRose

“http://*rgnets.com/*” just added to my AdBlock+ filters.
- http://aqfl.net Ant
  
  I hope filter subscriptions add this too!
Guest

Target does something like this too. If you do a google search while on Target’s in-store WiFi, search results will have a green check mark next to them. Apparently they have some kind of proxy that only allows “approved” search results.

I’ve tried ricockulously NSFW material and they don’t seem to care, and they don’t seem to be doing anything obvious like tampering with comparison shopping and competitors like walmart.com…

They did mange to break Apple’s iTunes and the App Store (you can browse, but you get an error if you try to download anything, which is really odd because Apple uses SSL)
- https://plus.google.com/104067355242126774300/posts?hl=en Dennis Smith
  
  Just walk in with your phone set to Wi-Fi tether or carry a Mi-Fi. Visit whatever site you want then. If I want a good deal in a PC shop I always do this, and Google the cheapest prices. When the staff see this they usually panic, and bow down to reasonable price matching. If one shop is able to sell something for a certain price then it’s a fair assumption that they buy them in for the same price so therefore able to sell at the same price.
- http://www.mrericsir.com MrEricSir
  
  I’m guessing the Amazon Price Check app doesn’t work on Target’s wifi?
  - Guest
    
    Actually, it does.
- Brad Ackerman
  
  That sounds like it may be an anti-spyware proxy; the green check marks would then be links that the proxy provider doesn’t have on their list of drive-by-downloaders.
http://blog.coatesism.com/ Shaun M Coates

Having recently stayed at two Marriots I am already fired up about their WIFI policies. $12.99 for one days usage.
- Guest
  
  whoa, you had to pay too much for a massive convenience? Sorry to hear it.
- Brad Ackerman
  
  Wonderful business practice for them — try to charge me $13/night more for something that should be included in the room rate, lose a s*&t-ton of room-nights entirely. (Two months a year, in my case.)
  - Guest
    
    It’s about as wonderful as what you’re doing there.
    
    except, of course, they own and you visit.
Ben_R_R

Seems a copyright lawsuit is in order here. Marriot created a derivative work with intent to profit. That should be worth like eleventy-brazillion dollars. (According to the MAFIAA).
- http://jonathan-peterson.com/ Jonathan Peterson
  
  that was my first thought as well.
- nosehat
  
  Yep, this was my thought too. I saw this myself recently on an airport’s wifi. I was visiting a page that I own and that has no ads at all on it, and sure enough, there was my content with a big banner ad across the top. I took screen caps and saved copies of the vandalized code, but I didn’t do anything about it. It didn’t seem worth hunting down a lawyer or even posting an angry blog post somewhere.
  
  The thing that pissed me off the most was that my site’s visitors would have no way of knowing that I hadn’t put the ads up myself. It seemed a real breach of trust.
- Paul Frields
  
  Maybe I missed your point, but this sounds like arguing Regal Cinemas is violating the copyright on a studio’s movie by running a trailer before it for a different movie. Not saying the ad bannering isn’t icky, but this would be quite a novel interpretation of copyright law.
http://profiles.google.com/winterseale Winter Seale

Sounds like the kind’s of scary stuff that http://www.nomadix.com/ specializes in.
- http://www.summerseale.com/ Summer Seale
  
  I’m wondering what the net-effect of 3G enabled devices is slowly having on their market. =)
http://www.disoriented.net/ angusm

One more reason why HTTPS will eventually become the protocol of choice and all communications will be encrypted. On-the-fly page-modification is simply another man-in-the-middle attack; encryption will take care of it.
- http://www.mrericsir.com MrEricSir
  
  That assumes the users are smart enough to know they’re using proper encryption. It’s trivial to do a man in the middle attack with HTTPS if the users ignore certificate errors.
  - http://shadowfirebird.tumblr.com shadowfirebird
    
    And, when you can buy a “legit” certificate that apparently belongs to someone else, given enough money, why should they not?
http://digitaldandelion.net/ Fishmark

They responded to my Tweet https://twitter.com/#!/CourtyardHotels/status/189381641435758592
http://profiles.google.com/ejohnson82 Erick Johnson

This is nothing, when I stayed at the Fairmont Tremblant in March 2010 every SSL protected website that I use on a normal basis produced a self signed SSL cert verification error (I’m an internet engineer and know what the “scary warning bubble” means). At first I thought it might be some great firewall of Canada trying to MITM me – so I rejected all the certs and just didn’t visit my bank account, credit card, or gmail that week. To my surprise though I brought my laptop to the Internet cafe across the street from the hotel and low and behold – no warnings. The f*cking Fairmont was the MITM culprit!!!!
oldtaku

Whenever I’m using town bicycle Wifi I always ssh connect to my server and send all web traffic through that as a socks proxy. So even if the hotel is doing middleman SSL (surprisingly often) they don’t get a chance. I use putty + foxyproxy, but there are a lot of options. Of course it requires that you have an ssh account somewhere.
- http://twitter.com/bazimmerman Brad Zimmerman
  
  I do the same thing. It’s easy, quick, and works.
Sean Nelson

WiTopia has worked well for me. They seem trustworthy (though how can you ever be sure?) but their OpenVPN SSL gets me through filters without hassle.
http://profile.yahoo.com/VGEGCTUUD27YCNIGUWF5C5HTTU Hankford

Shocking News, whats next Facebook & Google are tracking users shopping interests!!!
LOL How long have you been living in the digital era?
http://profiles.google.com/chudez Ted Bautista

how can something be “unbeknowst” and at the same time be “common practice”?
Christopher Jones

Marriott – two R’s two T’s.

Also, it’s the ISP injecting code, not Marriott.

Finally, do a TINY bit of research when choosing a hotel and you’ll find, miraculously!, that only FULL-SERVICE hotels charge for internet, which is typically bundled with long distance service and/or premium cable access. This trend is the result of high end hotels catering to those who are seeking luxury as opposed to value. If you want free wi-fi, choose Courtyard, Residence Inn, Townplace Suites, SpringHill Suites…all complimentary.

Here endeth the lesson.
http://shadowfirebird.tumblr.com shadowfirebird

I’ve yet to find a ‘free’ wifi account that didn’t at the very least want to harvest your email address. (In the UK.)

Just after reading this, at a friends: “our wifi router has a free access thing from BT. We don’t get billed”. Tried it. Got *all* sorts of warning messages about spoofing et al.