Right hotel, wrong network
Staying at a hotel in Vancouver this week, I had an unusual and disquieting experience. I took out my laptop and looked for Wi-Fi networks and found a ton; several of which could have been from the hotel. I called the desk and confirmed which one was correct. Surprisingly enough, when I picked it and launched a new browser, I got two of them. One was 5 bucks more expensive and they were different 3rd party companies. One had a bill-to-room option and one just wanted a credit card. Curious now, I took some time and talked to hotel staff until I found one who knew what a computer was.
The story was that a fly-by-night company had set up a system in an office across the street from the hotel and was using the hotel's ssid to harvest credit cards. The hotel didn't know how to stop it, so they tolerated it.
Okay, stupid on the hotel's part, but this does bring up a bigger issue about identity. There's no real way of validating ssids or any of the other hundreds of text string-based identity schemes in use across the Internet.
We need a globally interoperable Identity scheme (perhaps OpenID) and somehow need to strike the balance of certain authentication vs. potential government abuse. I'm interested in suggestions.
Posted on October 22, 2007
