Re: Actual security vs. security theater

From my experience, I think this key deal is fairly common especially in smaller, non-chain hotels.

Last year in Norway, the hotel's wifi was accessible via a code on a scratch-off card; to get the card you simply told the front desk your room number when you asked for the card and they charged it to your room. Same deal, no validation that you were actually in that room, so in theory you could have charged internet costs to someone else's room.

Re: Actual security vs. security theater

i am consistently astonished when people actually give their key to the hotel. i've had desk clerks get all in a twist and try to call out to me as i'm walking out the door. so what? i've never understood why some people try to stop and engage them in conversation and make an arugment... why not just keep walking right out the door?

what are they going to do? leap over their desk and come running after you? and if they do, again... so what? my room key is my room key. i am not giving it back to them for any reason other than checking out of my room.

even weirder (at least to me) are people who leave their passport in the care of the hotel. in fact, i've actually seen the little "cubby holes" behind the desk being used to store room keys and passports all at the same time. some people just don't take security seriously when they travel, i suppose.

Re: Actual security vs. security theater

I believe it helps to have a stare that can turn blood cold, and the clear body stance that suggests you can remove limbs for entertainment, and require very little provocation to do so. I do not ever cooperate with such requests, just as I do not cooperate with the desire to search my bags as I leave places like Fry's to make sure that I'm not stealing. My usual response there is "No thank you" as they start to approach me.

I seldom shop at Costco because they INSIST on doing this (and I've tried every way I can to avoid it, but it's literally unavoidable).

There are hotels in the US that want to make a copy of your driver's license, and I always insist that they do not.

The world's gone crazy (or maybe it always was, and I hadn't noticed).

Re: Actual security vs. security theater

Semi recently (Toorcon), at the very small mom and pop hotel I was staying at, they requested only my name on check in, the room was pre-paid. The receipt they gave me at that time included my full name, and credit card number, having only asked my name. To add to it, the 3 times i needed to get a new room key due to demagnetization, I was only asked for the room number, while all 3 occasions were with different staffers than the person who checked me in... Not so much theater, just a very disturbing lack of security all together.

More recently, 2 weeks ago, at an un-named Vegas hotel, their "secure" wi-fi service for guests only was a.) just a few wide open APs, and b.) accessible from the far reaches of the parking lot. The hotel charged a mandatory $15/night for wi-fi...

Local locksmith a couple of weeks ago, made a key for me based on a photo of the origional... This was the first time I had ever visited said smith. That just screams "exploit me."

Re: Actual security vs. security theater

for anyone who is curious, there are three means by which locks can be protected against this risk (well, four sort of... see below)

1. "Restricted Keyways" - many manufacturers hold copyrights over the actual keyway profile in their locks. (this is the shape that one sees when looking directly at the face of the plug.) this is typically achieved by manufacturers making minor cosmetic changes to their design... something that sadly supersedes more meaningful research and design changes at the expense of real security... a la Medeco)

when keyways are thusly copyrighted it's not just the cuts in the plug, but also the blanks that can fit into the plug which are restricted. therefore, companies that manufacture blank keys (such as Ilco) do not have the "right" to produce blanks, and therefore (at least in theory) locksmiths can't have a supply of them.

this, of course, doesn't work very well... since illicit supplies of blanks are quite common and they of course can be made by custom milling machines (such a machine is the Easy Entrie* which is popular in Europe) or even by molding and casting techniques.

2. non-standard key design - anytime a physical token is of a atypical variety, the technology needed to fabricate one is harder to come by. when keys are not of the basic "blade" style, then you need more than a basic key machine to cut them... even if you have an adequate blank.

rotating disk locks, slider-based systems with milled grooves, or locks that interact with multiple faces of the key at varied angles... all of these require specialized (often restricted, and always expensive) machines to produce working keys. again, it's not an unbreakable protection, but it reduces the likelihood that the corner locksmith can make a key for you.

3. non-replicable parts - the best protection you can have is if the "key" one wishes to copy incorporates more than merely simple, solid metal. magnets as well as the use of "interactive" pieces (that can slide or move into other positions) are a great way of restricting blanks and/or making it nearly impossible for anyone but the original manufacturer to produce such keys. The Evva MCS and some offerings by the Mul-T-Lock company are like this.

4. concealment - this isn't really a technological solution, but keeping your keys out of sight (not having them hang free from your belt or something like that) is always the best tactic. some folk here may be familiar with the experiment at UC San Diego where students placed keys on a table in a common courtyard and then took photos of them from atop a building...


... that tiny black dot is the text book where the keys sat. they were able to identify enough of the features of the cuts (and to use mathematics of standard key algorithms) to make working copies.


* the Easy Entrie machine has a special "copyright safe" mode... where if you feed it a design, it will add its own small divots here and there. these will not hinder the operation of the key, but will indeed produce blanks that are different, and therefore not "protected" by copyright. as a little "how do you do" snarky sass to the lock manufacturers, Easy Entrie made these as their blanks that the machine turns into such craftily copied keys...

Re: Actual security vs. security theater

Hehehehe, my keys stay in my pocket, and out of sight at all times, my man. It was actually a bump key I had broken in one of my practice locks. But none the less, a bad practice on behalf of the smith, and great info in the above post.