Unclear on the threat model

| Comments (2) | Misc
Spent last week at IETF Prague and in a fit of stinginess decided to stay at the nearby Hotel Opera. It was generally OK, though you get what you pay for here, since the conference Hilton was rather nicer. (Important safety tip: the room I was in didn't have a shower, just a tub with a handheld wand, which isn't that great.) For future reference, the Jury's Inn is closer to the Hilton and a bit more modern (I've stayed at all three.)

Anyway, I'm on my way out on Sunday and I stop at the front desk to check out. The guy asks if I've used the minibar and I say "no" and he says something about how "We'll send someone up to check. Please wait." So, I decide to be neat and I have a seat and a few minutes later the dude they sent calls down and the guy at the front desk tells me everything is OK and I can go. Really, this doesn't make much sense, though. First, they collect your credit card (actually, I don't remember for sure if Hotel Opera did, but every other hotel I've ever been at does), so they can just bill it to my credit card without my help. Second, what happens if I just walk out instead of waiting for you to check the minibar, or if they discover I actually emptied it? They're going to call the cops to bring me back? This doesn't seem sensible. Finally, what stops me from just leaving without stopping by the front desk? So, I don't really understand what threat model this practice makes sense for.


I don't understand your safety tip. Are you suggesting it is easier to fall in a tub while using a shower wand than standing in a tub with a stationary shower head?

And it is quite likely that the Hotel Opera did not do a rigorous threat analysis. Or that they did and came to the conclusion that the preventative measures would drive away business.

The threat you're being protected against is the cleaning staff drinking your minibar out and then you getting charged for it.

Leave a comment