The Sabre Breach: How to Keep Your Travel Plans Private

The Sabre breach has to shake you. Apparently millions of hotel and airline bookings may have been hoovered out of the onetime American Airlines subsidiary, probably by the same gang of China state sponsored cybercriminals who are said to have been behind many other huge recent breaches at United, the US Office of Personnel Management, Anthem, and many more.

Exact details of the Sabre breach are, as always, sparse.   Said the company in a statement: “We recently learned of a cybersecurity incident, and we are conducting an investigation into it now. At this time, we are not aware that this incident has compromised sensitive protected information, such as credit card data or personally identifiable information, but our investigation is ongoing.”

American Airlines is apparently investigating if the hackers backed into the AA computers via Sabre. The two companies are said to share some computer infrastructure.

Even without the extra AA data, the Sabre data haul alone could be in the billions of travel records.  Then add in an apparent – and possibly huge breach of passenger records at United.  Almost certainly your information is in this very large mix.  Should you be worried?

What is obvious is that somebody – and most fingers point to China – is building an enormous database on America’s citizenry that comprises health records, employment records, personal details, and now quite possibly extensive travel records.

Nobody presently has any clue what the intent of the information gatherers is.  That has to make us all worry.

There also are obvious – deeply troubling – uses to a storehouse of travel plans. These records are gold to anybody who wants to track spies, suspected spies, handlers, and – say – M&A artists.

What can you do to protect the privacy of your travel data?  Not very much. That’s the sad truth.

But there are small steps we can take to conceal our flight and hotel plans.

In bygone years – pre 9/11 – many celebrities and even some ultra rich and executives routinely traveled under fake names.  They checked into hotels under pseudonyms and they flew under similar.

That just is not viable today, at least not for commercial air when the TSA demands positive ID and an airline ticket issued in the name on the ID.

Could a high-roller fool the system by buying a cheap SFO to LAX flight, showing that ticket and his/her real ID to TSA…then discarding that tickets and pulling out a ticket to Newark in the name of Daffy Duck?

Probably.  But for how long? And how many of us want to suffer the expense just to cover up our wanderings?

And it wouldn’t work at all for international travel.

For those who crave privacy, private planes are the only real option – and for many who want this privacy, the price is not a barrier.  When mum has to be the word, go private.

That’s one way to foil the breachers,

What about self-defense in hotels?

I cannot remember the last time I was not asked to produce a photo ID to check into a hotel. Why?

There apparently is no body of law requiring hotels in the US to verify a guest’s identity with a photo ID.

Of course, hotels – ever wary of credit card fraud – want to believe checking IDs will reduce fraud (has it? Of course not).

But that does not give them the right to demand I prove my identity to claim my bed. Or sometimes just to walk into the lobby.

Maybe we should all just stop playing along with the hotels’ identify demand – especially since there are no good reasons to believe hotels are good securers of our information (from ID to credit card data).

Just say no.

The only way to protect oneself from an unknown adversary who is sucking up as much information as he can is to get stingy about leaving traces of it, especially in places that do not need it – and, for me, in travel the obvious places that have no real need for a lot of identifying data is hotels.

 

How to Read TripAdvisor

What I have written in the past, many times, about how to safely navigate TripAdvisor just does not work anymore.  That is because – unless my eyes deceive me – I am seeing an unprecedented avalanche of false positive reviews written by hotel sales managers, GMs, even cooks (excuse me, chefs) – or their friends and co-conspirators.

Which has prompted my rethink of how a savvy consumer needs read TripAdvisor.

My guess: we are seeing a perverse outcome of the old management saw, what gets measured gets done.  Tell a cook that he will hit the bricks if his TripAdvisor rating stays in the gutter and, guess what, it gets lifted. How? The fastest way is to cheat.

Ditto a sales manager or GM who is taking guff from asset managers.  The latter should be peeved when a hotel that, say, has claimed to be “world class” cannot even manage to hold the top spot in a small tertiary market that is unpopulated by the perennial all stars (Aman, Four Seasons, etc).  If you cannot beat nobody, you aren’t word class, QED, thus the screaming – threats probably of bonuses withheld or firings – and then along come the fake reviews.

How? That’s easy. A struggling cook might form a mutual defense alliance with cooking school classmates. All sworn to secrecy. But as need arises – to counter a few bad reviews – they weigh in with glowing comments and the deed is done. The negative reviews are buried under the weight of fake positives.

Sales managers and GMs can do likewise in their circles.

Other GMs probably are just posting their own fakes, using the many Internet appliances we all have and accessing TripAdvisor via any of the many public WiFi networks at coffee shops, stores, restaurants and, yes, hotels of course.

Set up a handful of email addresses at the free services and you are halfway to a bank of bogus TripAdvisor accounts.

TripAdvisor of course says its armies of machines are ever alert for fakes and will track them down. Punishments range up to placement of “A large red penalty notice, explaining that the property’s reviews are suspicious may appear on the listing page.”  I believe I have seen that only once.

I believe I should see it a lot more often.

Mind you, I still insist: TripAdvisor is the best place to get credible commentary about hotels.  It is vastly better than professional travel writing – just about all those reviews result from typically undisclosed “comped” (free) trips. As for bloggers, forget about it. The FTC is looking to crack down on undisclosed blogger compensation, including freebies,  but so far the blogosphere is a wild west of corruption and mendacity when it comes to hotel write ups.

That is why you need to know how to carefully – smartly – read TripAdvisor reviews.

First: discard the outliers.  Some reviews are just too positive or too negative.  When I see “Chef XYZ should have his own restaurant in Manhattan” – and said cook would struggle for acclaim in Manhattan, Kansas – I know it was written by his mom.

Ditto for a review of a hotel – one that fares well overall – that finds no good whatsoever and insists there are bedbugs, mold, theft, and a cavalcade of bad things.  Is this reviewer lying? Maybe, maybe not.  But even if it’s the truth, perhaps the establishment just had an epicly bad day that won’t likely be repeated.

Look for patterns. When the same things – positive or negatives – are said many times they probably are true.

Which leads to the next precaution: if there are under 100 reviews – or perhaps you want a higher number; 1000 is reasonable – stop right there.  The data set is too small to be reliable.  There is truth in numbers when it comes to online reviews.

Now for the new advice: ignore all reviews written by posters with under 10 reviews. Just don’t read them.

In looking at a particular hotel that has been climbing in its ranking, I noticed that of the most recent 10 reviews, four were written by posters with 5, 4, 1, and 5 total reviews. They also had not posted photos.

All fakes? I do not know of course.  But were I spending my money on a hotel room, I’d bet they are fakes – and would ignore them accordingly.

My hope of course is that TripAdvisor wakes up its algorithms, puts its machines on high alert, and begins a search and destroy mission for hotels that are stuffing the ballot box.
As travelers we need TripAdvisor – but we need a TripAdvisor that we can count on.

Rethinking the Hotel Room for 2015

Give me three wishes and I will tell you what I would change about hotel rooms.

Hotel rooms are snug. A commonly cited figure is 325 sq ft but I have seen much smaller in Manhattan (and usually much bigger in Las Vegas).  But assume 325 sq ft, with a lot of the space consumed by the bathroom.  The living space is small.  Let’s declutter it.

Step one: eliminate the minibar and, definitely, eliminate the junk for sale that now sits atop tables and dressers in hotel rooms. I know greedy owners want the profits that come with selling me a 99 cent candy bar for $10 – but I am not buying.

I cannot recall the last time I bought anything from a minibar.  I am thinking it had to be more than 25 years ago, when I had clients that happily picked up all manner of expenses. That stopped in a recession some time ago and so did my buying overpriced minibar stuff.

Of course if the hotelier insists – I have no idea why but if – I am okay with the Virgin Chicago hotel’s no minibar markup plan, where candy bars and Cokes are sold at High Street prices.

Another option: Kimpton’s $10 credit to “Raid the Minibar,” a perk extended to loyalty program members.

Ask hoteliers why minibar prices are so high and they spout mouthfuls of mumbo jumbo – citing fees by outside vendors, theft, other less explicable shrinkage – but I am not buying. The prices are high because they generate high profits. Period.

But that also generates guest outrage and – listen up – annoying guests is no way to build repeat business. Just stop it.

And, oh, by the way, a shop – possibly unstaffed – in the lobby by the front desk works fine for me, if the prices are High Street.

Wish two: remove the infernal hotel phone in the room.  Who answers the thing?  I don’t. Anybody with whom I possibly want to speak knows my cellphone number and I always travel with one, usually two.  The only calls that come in via the room phone are sales calls I do not want to deal with so I do not answer.

Other than at hotels with no cellular service I cannot see any reason to acknowledge the existence of inroom phones. And, oh by the way, for cellphone customers on T-Mobile and Sprint, most newer phones can be toggled to work over WiFi at hotels with no cellular reception. That means the regular number rings, voicemail works, and it’s an adequate substitute for real cellular. But that’s assuming the WiFi is robust, an assumption that is dangerous to make at many hotels.

Either way, just rip out the inroom phone. That works for me.

Wish three:  discard the inroom TVs.  I always travel with an iPad and it is my TV.  I have neither need nor want to play with the hotel’s remote, then attempting to figure out what paltry list of stations are available and, incidentally, I have never – as in never – bought a premium TV service from a hotel so you are not getting that money from me.

It was not bad when TVs were stuffed in armoires – they were easily ignored – but now they hang into the room and, frankly, I just do not want the thing.  Please give mine to the Salvation Army.

Except maybe at that Virgin in Chicago because its televisions let guests stream their Netflix account – which I otherwise would do on my iPad but a bigger screen just might be inviting.

I really have to try that Virgin.

But at other hotels, please, practice decluttering tight rooms.  Your reward will be happier guests.

 

The Attack of the Hotel Resort Fees – How to Fight Back

The Federal Trade Commission (FTC) has spoken and what it said makes zero sense but for consumers it is bad news indeed. That is because the FTC has declared that it is okay for hotels to slap us with resort fees that are not shown in advertised prices.

This makes no sense, given that the Department of Transportation (DOT) has sternly told airlines that advertised prices have to include all mandatory charges (such as taxes).

Many expected FTC to rule similarly in regard to resort fees, especially since the FTC in 2012 told 22 hotels that resort fees by their very nature are deceptive and misleading.

In its letter to those hotel operators, the FTC said, “One common complaint consumers raised involved mandatory fees hotels charge for amenities such as newspapers, use of onsite exercise or pool facilities, or internet access, sometimes referred to as ‘resort fees.’  These mandatory fees can be as high as $30 per night, a sum that could certainly affect consumer purchasing decisions.”

“Consumers are entitled to know in advance the total cost of their hotel stays,” said Federal Trade Commission Chairman Jon Leibowitz back in 2012.

In the years since, at least one consumer advocacy group – Travelers United – has campaigned loudly against “misleading, deceptive resort fees.”

This writer has reported several times on evil resort fees.

What’s changed so that the FTC now winks at resort fees?

Best guesses are that the hotel industry – envious of the ancillary fees (bag check, snacks, premium seats) that have nudged airlines into profitability – launched a full court lobbying press on the FTC and key legislators. Money talks inside the Beltway. Always has.

Nobody is saying resorts cannot charge as they wish. The complaint is rooted in the non-disclosure of resort fees. It’s as though when you check out you get hit with upcharges for electricity and water use (though in California perhaps the latter might make more sense than a resort fee).  Yet that is exactly what a growing number of hotels and resorts are doing.

So do you really have to pay the resort fees?

Back up a step. First: what is a resort fee? It’s an upcharge – which nowadays has crept up as high as $100 per day; generally it’s about 10% of the room rate – that covers, well, stuff you’d expect at a resort such as pool towels, WiFi, a newspaper, and a long list of generally blah activities. The good stuff – real activities – usually have separate fees and that is for spa, guided mountain bike outings with an expert, full length yoga classes, surfing lessons, and, yes, the things consumers go to resorts to enjoy. They all cost extra. What you get for the resort fee is filler.

Trust me: nobody wants to pay for the bad resort WiFi, the superfluous newspaper (when was the last time you opened a USA Today), and a packet of thin activities.

We pay because we are told it is “mandatory,” that we must pay.

You do not have to.  Frugal travelers assured this reporter they often dodge resort fees.  Some tell the desk they do not plan to use anything covered by the resort fee. Others insist to the desk that the resort fees were not adequately disclosed in the booking process and, indeed, many hotels seem to work hard at hiding the fees, or displaying them in tiny type, so that guests do not jump ship before completing the booking process.

Either way: complain loudly and persistently at the front desk.  You just may be rewarded with a waived resort fee.

Another strategy: shop for resorts that do not charge a resort fee. In Las Vegas – a kind of ground zero for resort fees because most hotels charge them, with the fees topping out at $32.48/day according to this roundup – there are in fact some hotels that charge no resort fee.  There are not many and most have no name, but one that doesn’t charge and has a name is the Wyndham Grand Desert.   You know where to take your business.

Incidentally, in the past five years this writer has been to perhaps ten large conventions in Las Vegas, with rooms booked under “conference rates” and, you know what, in every case I can remember the resort fee was waived because the conference organizer demanded it.

Do likewise.

 

 

Terrorism Watch: Where Not to Go in 2015

Spain is as dangerous as Tunisia, where some 38 tourists recently were killed in a beach massacre.

Chew on that and know this is according to the UK’s Foreign & Commonwealth Office which recently issued a global map of terror hotspots along with pointers to destinations that are more tranquil.

Here’s the map and it is mindblowing.  The FCO said that low threat destinations include Iceland, Bolivia, Ecuador, Poland, the Czech Republic, Switzerland, Hungary, Vietnam and Japan. That list is short.  And that because much of the rest of the world is a vastly more dangerous place, per the FCO.

France is no go. So is Australia.

Will I use the map to chart my 2015 travels?

Understand, I spent many nights in Northern Ireland in the height of “The Troubles” – everywhere from Belfast to Derry and even small towns like Omagh. I never felt unsafe. (Perhaps I should have. In 1998, long after the IRA-British ceasefire, a rogue group set off bombs in wee Omagh, killing 29, mainly Spanish school children. It blew up a hotel where I in fact had stayed maybe eight years earlier.)

Even so, here’s my credo: Keep your eyes open, trust nobody, and you very probably will keep yourself safe even in fraught surroundings.

And then there is the terrorist impulse which is to cause consternation by striking in the unexpected place.

That is what makes the world a scarier place and, very probably, rationality alone won’t keep you safe in it. You need luck. And quite possibly the FCO map.

The FCO divides the world into four areas: places where the threat of terrorism is high, where it is general, where it is underlying, and where it is low.

Many, many places win FCO’s highest threat label, including the United Kingdom, Northern Ireland, Russia, France, Spain, Turkey, India, just about all of North Africa (Morocco wins a “general threat” label), Australia, Indonesia, Pakistan.

The US and Canada are in the “general threat” bucket.

You are right, the list is so exhaustive the obvious options are to ignore it or to crawl back under one’s covers.

A third way may be to use one’s head.

When I stayed in Belfast, in the bad years, I never stayed at the Europa, a four-star hotel in the city center but it also was one that had won notoriety as “the most bombed hotel in Europe.” It was bombed 28 times during the Troubles.  I usually stayed at tiny guest houses near Queens University, an area that the terrorists on all sides had decreed a DMZ.  Never had a problem, tho I did stay in odd accommodations with tiny beds, often a shared bath, and sometimes feeble heat. But better a little uncomfortable than blown up.

The unsettling suggestion found in the FCO map is that tourist hotspots may become terror hotspots.  Terrorists know the handful of must see spots in Paris, for instance, and so are you at risk at, say, the Eiffel Tower?

The FCO implication is, yep.

In Manhattan I often saw heavily armed NYPD in and around Times Square.  Can’t say I ever saw them in Washington Sq Park, the East Village, or East Harlem.  Presumably they were where their intel told them to be.

So what is a tourist to do in these times of global tension where terror is seen by many as the answer and that means they are willing to sacrifice – indeed want to sacrifice – large numbers of civilians.

I will not tell you what to do, that’s your call.

But I can say that, for me, there are places I deem too high risk, low reward to warrant visiting such as Tunisia to pick on an easy target.

Would I go to Turkey, also on the FCO most dangerous list? Yes, but I have been there and I was dazzled by Ephesus and Istanbul, straddling east and west, is as alluring a city as I can conjure.

I would also go to France, Spain (still want to walk the 500 mile Camino), the United Kingdom, and Northern Ireland, all high risk per FCO.  I very much like them all and that is good enough for me.

Would I go to Russia? No, but my problem is more with the state than its enemies.  There just is not enough to compel me to want to go there.
In other words: go where you want to go. Don’t let terrorists bully you.  Don’t be ignorant, either. Know the risks. But very definitely go exactly where you please. That’s the only way we don’t lose.