Since American Airlines was offering super cheap roundtrip flights to Manaus, in the Amazon region of north Brazil, I figured I’d jump on it! I booked myself a nice $550 NYC JFK-MAO roundtrip, and thanks to a promotion, I’ll earn double miles on the MIA-MAO segments both ways! I figured this would be awesome! First time in Brazil! Travelling by myself! Not speaking Portuguese! However, a few things happened that made reconsider adventuring here again…
One of the almost-shanty-town areas that are common in Manaus
I got Robbed at Knifepoint…
The first day I was toying all the sights of Manaus. Generally felt pretty safe. Walked all over; posted photos to Facebook.
On my way back a pitter-patter of feet became a pressure at my back, I turned around ( that probably caused the scratch ) and there’s a scrawny campesino with a knock-off kitchen knife telling me he wants my bag, in Portuguese. I’m backing up and telling him in Spanish I have money and going for my wallet. But our mutual incomprehension opens up a gap, and 12 feet is too far. I turn and bolt while he stuffs his salad carver into his pants. Since I assume I must now be in a bad area I head up the opposite direction and go home. It was 3 in the afternoon, and people on the street 50 feet away.
I put some iodine on my scratch which wasn’t too bad, and promptly started chain smoking. I think I was robbed around R. Cel. Sérgio Pessoa and R. Miranda Leão, so keep your wits about you when you’re in the Mercado Municipal area.
Debit Card Skimmer Fraud
I took out some cash at the airport, and came back to find the following charges made after my flight had departed:
09/26/2012 ATM Transaction NON-CHASE ATM WITHDRAW 519173 09/26 TECBAN PR BR Real 1000.00 X 0.4939526 (EXCHG RTE) + 15.00 (EXCHG RTE ADJ $514.88 09/25/2012 ATM Transaction NON-CHASE ATM WITHDRAW 403240 09/25 BANCO DO BR Real 1000.00 X 0.4934100 (EXCHG RTE) + 14.80 (EXCHG RTE ADJ $508.21 09/24/2012 ATM Transaction NON-CHASE ATM WITHDRAW 500187 09/24 BANCO DO BR Real 1000.00 X 0.4941900 (EXCHG RTE) + 14.83 (EXCHG RTE ADJ $509.02
It seems that whoever cloned my card at the airport had been taking out the maximum 1000 reals until I shut them down. I actually don’t know whether it was a skimmer, a hidden camera, or even an entirely fake ATM. When I tried to get cash at the airport, only 1 of 4 ATMs worked, so there are at least three others that could have been entirely fake.
Terrible Airport Service
And it wasn’t AA’s fault! I know they’ve been getting press for seats and things falling off their planes, but in Manaus, it’s the local airport workers who will delay your flight by over an hour, without giving you any updates. And for some odd reason they took my lighter, even though it’s allowed according to TSA regs. They also have a bizarre screening protocol where they ask you about any of your new electronics (to see if they’re fakes containing drugs or bombs), so I told the agent about my new Samsung Galaxy Tab 7.7…
We were told “be here from 9:30 – 10:30 strictly” to go through an immigration check. However, waiting to board our plane, we saw people coming through even after the plane was scheduled to take off. So I blame the delay on the airport’s inability to do its job and take off on time, even if it means some could be late.
Not much to do?
There are really two main historical buildings in Manaus, which are the Teatro Amazonas, an old-style opera house/theater, and the Centre of Justice which has an ancient, no longer used, courtroom. The two buildings are nearly adjacent, so if you see one, you’ll see them all! I can even save you the time by posting a quick photo:
If you want to drink, there won’t be a proper pub/bar like you may be used to. Most cervecerias serve you a large bottle, a glass, and a beer coozie (a frozen sleeve to keep your beer cool). While this is imminently enjoyable in the Brazilian heat, you won’t be finding a lot of cocktails or beer on tap.
Crime is ridiculously high
I think, now, every traveller needs to google their destination city + “crime”, as I found Rio drug trade turns Amazon city into crime capital from just a year ago, only after I returned. Some choice quotes:
Rio’s drug conflict has claimed tens of thousands of lives since the 1980s; in Manaus the drug trade is also taking its toll. A growing local market for cocaine has triggered a rise in homicides. Official figures show the number of murders rose over by 9% this year.
If you do go, bring a travel buddy and stay safe. And enjoy an Amazon safari, which is fun, and visit the CIGS Zoo or the Bosque da Ciencia. TripAdvisor has a pretty great list. And the Caesar Business is a great hotel.
You may have read about the tens of millions of usernames and passwords which have been recently been compromised/hacked/leaked on major websites in the last few weeks. If not, here are a few of the stories:
- 30 million passwords leaked from LinkedIn due to unsalted SHA-1 hashes stored centrally.
- 6 million passwords hacked at Last.FM, the popular music discovery service.
- 1.5 million passwords leaked from eHarmony.
In the last year other services have experience serious security breaches:
- 100 million accounts compromised on the Sony Playstation Network (PSN). Sony offered free credit monitoring and games to all PSN users to compensate them, a major departure from the typical “change your password” / sweep it under the rug response.
- All RSA SecureID tokens were compromised by the theft of RSA intellectual property and cryptographic keys. RSA tokens are used by most enterprises to login remotely as part of multi-factor authentication scheme.
How can you protect yourself?
Signup for a service like 1Password or LastPass, which offer convenient browser extensions. They generate unique passwords per website that you user, so the breach of security at Facebook won’t affect your password on Mint.
How can Web Developers protect users?
Move to standardized authentication methods, like OpenID or Facebook/Twitter/Google login integration. If the authentication mechanism is outsourced, your customers and users don’t need to worry about how you store their passwords.
If you absolutely want to store user passwords, please read How to Safely Store a Password and use bcrypt to do the heavy lifting. Then even if your login/password database is compromised, nothing will come of it.
I think it’s time to stop reading dealbreaker in my google reader feeds:
Let’s see why:
- Two “continue reading” links
- No full text RSS feed
- An ugly and stupid “follow Dealbreaker” banner that I doubt anyone will ever click
- A gigantic google-style text link ad
We wish the web would allow information to transmit openly, but sites continue to push monetization over content. It’s time to switch!