Darrell Issa Posts Text Of 'Unconstitutional'... >>

<< RIAA Still Doesn't Get It: Hopes SOPA...

by Mike Masnick

Tue, Mar 6th 2012 1:24pm

Filed Under:
browser plugin, control, frequent flyer mileage, software, users

Companies:
american airlines, award wallet

Permalink.

American Airlines Making Life Worse For Most Loyal Customers By Killing Useful Mile-Tracking Browser Plugin

from the lame dept

It's still really amazing to me how often we hear about companies making their own customers' lives worse off in an obsessive need for excess control. The latest such example comes via Rob Hyndman, who points us to the news that American Airlines has forced Award Wallet to stop providing a useful tool for American fliers trying to keep track of their frequent flyer mileage. American had cut off a bunch of web-based services in the past that would log into American's site for you and provide a different view and other useful tools. In that case, the airline argued -- perhaps reasonably -- that it was concerned about security of a third party logging into the site and having access to your account/password. There are ways that American could deal with those security concerns, but at least that argument made some sense. In response, however, Award Wallet built a browser plugin that never involved data going to any third party. Basically everything stayed local. All it did was give users a better way to view the information (and was apparently especially handy for families).

And American Airlines didn't like it.

It couldn't use the "security" argument this time, because everything was local. But, actually, it tried to use that same argument anyway, responding to a question from BoardingArea, saying that it shut down Award Wallet to maintain the company's...

...…long-held stance on how third-party websites access proprietary AAdvantage member details… Because travelers’ AAdvantage account numbers and passwords can be used to claim AAdvantage mileage awards out of their accounts and access personal details, American will always protect this information.

We simply cannot permit websites that have not satisfied our security requirements the access needed to track AAdvantage balances or any other function that is otherwise secured behind AA.com login credentials.

But that falsely assumes that the browser plugin is a "website." It's possible that American is just confused... but the more likely situation is that American Airlines is still just worried about controlling the customer, rather than making sure they have the best experience for them. What services like Award Wallet do is make American's frequent flyer program more valuable to consumers, but apparently American doesn't want that if it means having less control.

16 Comments | Leave a Comment

If you liked this post, you may also be interested in...

Reader Comments (rss)

(Flattened / Threaded)

Anonymous Coward, Mar 6th, 2012 @ 1:28pm

But if customers are able to keep track of their frequent flyer miles so easily we might *gasp* actually have to give them the rewards we promise for being a frequent flyer with so many miles!

That's not very secure for American Airline's wallets now is it?

[ reply to this | link to this | view in thread ]
Prashanth (profile), Mar 6th, 2012 @ 1:33pm

There is a difference
There is a difference between airlines and providers of music, though. Now, up-and-coming artists can release and promote music themselves and profit much better for themselves than they could ever do under the control of a record label. As far as I know, it is not possible for average people to fly themselves to various destinations (especially for which other modes of transportation are no longer viable options e.g. traveling from Washington DC to San Francisco), so the airlines frankly don't stand to lose too much from this otherwise terrible move. Plus, when it comes to power/control versus a satisfied customer base, if they are essentially guaranteed revenues anyway thanks to the airline industry essentially being an oligopoly, which do you think the airlines will pick? (Hint: it starts with a "p" and rhymes with "hour".)

[ reply to this | link to this | view in thread ]
:Lobo Santo (profile), Mar 6th, 2012 @ 1:34pm

Re: "Awards"
Yeah--awards programs exist so people can be convinced they might get some sort of reward, game the system or somesuch.

People aren't actually supposed to be able to get rewards from these programs.

Plugins like this "Award Wallet" defeat the purpose of having an awards program in the first place.

[ reply to this | link to this | view in thread ]
Anonymous Coward, Mar 6th, 2012 @ 1:41pm

A browser plugin can still read all of your data and store it, depending on the permissions that were set. Hopefully this plugin scoped itself appropriately.

I don't agree with what they are doing, I'm just saying that it's not true a plugin "never involved data going to any third party".

[ reply to this | link to this | view in thread ]
FormerAC (profile), Mar 6th, 2012 @ 2:02pm

They have a point ...
If I were a nefarious bastard, I might write a browser plug-on or little applet thingy that helped users more easily view their miles.

And then surreptitiously phone home with that info. Once I've collected lots of info from lots of users, I can decide whose account I want to compromise and steal miles from.

Far fetched? Yes.
Possible? Yes.

This isn't control for control's sake. This is protecting very valuable information. Credit card miles are very useful things, and very valuable. I just used credit card miles to get a $1200 round trip ticket (April can't come quick enough!)

[ reply to this | link to this | view in thread ]
Josh in CharlotteNC (profile), Mar 6th, 2012 @ 2:04pm

Re:
What didn't you understand about "everything stayed local."?

If everything stayed local, then yes, it is absolutely true that no data went to a third party.

[ reply to this | link to this | view in thread ]
Philip (profile), Mar 6th, 2012 @ 2:18pm

They are confused.
AA, ones in the public eye, are the most technological illiterate folks you'd ever come across.

There is a control aspect of things, too. But it's more AA concerned on perception, than anything else. They concern themselves over every little detail that may "offend" somebody.. It's crazy. AA is a control freak, controlled by "political correctness."

[ reply to this | link to this | view in thread ]
Anonymous Coward, Mar 6th, 2012 @ 2:32pm

is there any company used by the public that doesn't want to have complete control over them? i'm just waiting for the day when all these companies start fighting amongst themselves to see which one gets to have the most control of the most data from the most customers to use in the most ways that will benefit that winning company the most! should be interesting to see which company issues the most law suits!

[ reply to this | link to this | view in thread ]
Andrew (profile), Mar 6th, 2012 @ 2:36pm

Another story
Regarding American Airlines' attitude to customer experience, you may be interested in Dustin Curtis's story complaining about AA's website: their site is horrid, so he designed a better one; an actually competent UX guy from AA responded and explained; AA fired the UX guy by way of saying thank you.

[ reply to this | link to this | view in thread ]
Anonymous Coward, Mar 6th, 2012 @ 3:12pm

Re: They have a point ...
I'm not sure that's possible. For example, in order for a Chrome extension to use XMLHttpRequest to send info to your server, you'd have to put your server's URL in the manifest's permissions section. Then anyone installing the extenion would get a popup like:
Install Mile Viewing Thingy?
It can access:
-Your data on aa.com
-Your data on totallynotaphisher.com
People would notice that. Someone would open the .CRX file (it's just a zip file containing plaintext files) and check your code.

Of course, I don't actually know how this particular "plugin" was implemented, so I can only theorize. If anyone has more info about what Award Wallet was, I'd like to hear it.

[ reply to this | link to this | view in thread ]
BentFranklin (profile), Mar 6th, 2012 @ 3:16pm

Re: Another story
If Curtis is such a UX genius how come the response is in such an unreadable combination of text and background colors? I had to highlight the text to read it. But we digress...

[ reply to this | link to this | view in thread ]
BentFranklin (profile), Mar 6th, 2012 @ 3:19pm

If Points and Rewards and Awards were a good deal for the consumer they wouldn't exist, which is why I avoid them whenever possible. Of course the cost for such things is baked into the price of what you're buying, so you'd want to try to collect them, but the time and aggravation are still not worth it.

[ reply to this | link to this | view in thread ]
colby labrador, Mar 6th, 2012 @ 5:01pm

welcome to AA employees world..
ok, so now you "real important "folks can have a taste of what American does to it's employees on a daily basis. Sure you can accrue sick days, you just can't call in sick or you'll be fired! Yeah we'll negotiate a contract with you, then we'll restructure you out of that and more! the executhieves will be happy!!!

[ reply to this | link to this | view in thread ]
BeeAitch (profile), Mar 6th, 2012 @ 9:11pm

Re: They have a point ...
Giving credit where credit is due and all: Josh in CharlotteNC said:

'What didn't you understand about "everything stayed local."?

If everything stayed local, then yes, it is absolutely true that no data went to a third party.'

[ reply to this | link to this | view in thread ]
FormerAC (profile), Mar 7th, 2012 @ 11:50am

Re: Re: They have a point ...
Then anyone installing the extenion would get a popup like:

Install Mile Viewing Thingy?
It can access:
-Your data on aa.com
-Your data on totallynotaphisher.com

What makes you think John (or Jane) Q Public would notice or object? I worked in IT long enough to know that most people just click ok on most messages.

[ reply to this | link to this | view in thread ]
Alexi from AwardWallet, Mar 7th, 2012 @ 5:46pm

Re: Re: They have a point ...
Hello, Alexi from AwardWallet.com here. I am the one who architected the browser extension and I was in charge of the dev team who implemented it. Here is how it worked: (1) user enters their user name and password into the plugin and the credentials are encrypted and stored locally inside the plugin on that computer. (not on our server) (2) user clicks "Update" on AwardWallet. (3) a new browser tab opens up and the user's browser navigates to aa.com (3) the extension grabs the locally stored credentials and logs the person into aa.com (4) the extension reads that cached web page from the browser and using x-path finds the mileage balance (5) the balance is then stored in the same plugin alongside with the encrypted credentials.

In this process no AA related data ever goes to AwardWallet.com, there are two ways to verify that: (1) network sniffer (2) look at the source code.

Cheers,
-Alexi

[ reply to this | link to this | view in thread ]

Add Your Comment

Darrell Issa Posts Text Of 'Unconstitutional'... >>

<< RIAA Still Doesn't Get It: Hopes SOPA...

Follow Techdirt

A word from our Sponsors...

Hot Topics

New To Techdirt?

Explore some core concepts:

read all »

Techdirt Reading List

Amazon.com Widgets

Techdirt Insider Chat

Rikuo: about the Xbox One reveal - there were quite a few people watching the reveal live on their Xbox 360's, with their Kinect 1.0's attached...and everytime the Microsoft exec demonstrated a feature by saying "Xbox, TV" or whatever

the viewer's Kinect 1.0 would pick up the voice command and respond accordingly...by pausing or stopping the stream and going to the TV mode. I find that hilarious

I also find the concept of Kinect 2.0 hilarious. So if you've got a bunch of people on the couch watching a movie...don't move a muscle. Stare blankly. Don't move your arms at all or say anything, or the Kinect 2.0 will think you're giving it a command.

If you move your arm back to point to the liquor cabinet to tell the wife to pour you a shot of whiskey, the Xbox One will think you're swiping

silverscarcat: *Spies something interesting in the Crystal Ball* Well, that's interesting. I'm not sure what to think. Honestly, I'm not a big fan of the guy, but considering what the gov't did, I support him in that endeavor, but this... Seems to go too far.

dennis deems: http://www.dailykos.com/story/2013/05/22/1210687/-Obama-s-leak-freakout Best political cartoon ever? Top 10, surely

Hey the green bars are back!

Jay: Hmmm... Gonna have to hack my PSP...

silverscarcat: I need a new battery for my PSP. :(

It keeps shutting off if it's unplugged for more than 2-3 minutes, even on a full charge.

Mike Masnick: green bars are back, and hopefully functioning better than before. :)

silverscarcat: Oh look, AJ's having a cow and the internet tough guy is trying to be a stereotypical high school bully. *Rolls eyes* Hey, Mike, I know it's not in your nature to ban someone, but, damn, something needs to be done about this sometimes I think.

Rikuo: unfortunately, nothing can be done. IP address block? Useless since either AJ is on a dynamic IP or he's on a static but using someone else's equipment. Username block? That would only add fuel to the "CENSORSHP" fire

silverscarcat: Well, I think I'm going to leave for the day. That troll that plays the internet tough guy really should get laid, I think. It might help him think straight.

Rikuo: holy fucking shit...I want to be this man

http://arstechnica.com/information-technology/2013/05/fios-customer-discovers-the-limits-of-unlimited-data-77-tb-in-month/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29

Warning - Home Server pornz on that link

BentFranklin: in that article, where it describes his rack, what does 1u, 2u, 4u etc mean?

Jeff: @Bent - 1U, 2U, 4U are units of measurement for server racks. http://en.wikipedia.org/wiki/Rack_unit

Dark Helmet: Hell, I"m just a silly tech services sales guy and I knew that...

Get the Insider Chat!

A word from our Sponsors...

Have a Techdirt Account? Sign in now. Want one? Register here
Name
Email	Get Techdirt’s Daily Email
URL
Subject
Comment	this is for spambots, do not use this
Options	Save me a cookie

Have a Techdirt Account? Sign in now. Want one? Register here
Name
Email	Get Techdirt’s Daily Email
URL
Subject
Comment	this is for spambots, do not use this
Options	Save me a cookie

Thursday
11:20pm:	Yet Another Anti-Patent Troll Bill Introduced In Congress (1)
8:19pm:	District Attorney And Major TV Network Sued Over Stupid Reality Show (5)
5:00pm:	DailyDirt: Tuition Debt Is For Chumps? (15)
4:01pm:	Adam Savage On Why Copyright And Trademark Holders Need To Get Over Their Obsession With 'Control' (17)
3:01pm:	Partisanship Over Spying On Journalists Is Stupid: Spying On Journalists Is Bad, Period (20)
2:00pm:	Magic Hat Brewery Sues West Sixth Brewing, Claiming 6 Looks Too Much Like 9 (37)
1:01pm:	Filmmaker Behind The Pirate Bay Documentary Says Bogus DMCA Takedowns Take Away His Free Speech (81)
12:04pm:	Vermont Declares War On Patent Trolls; Passes New Law And Sues Notorious Patent Troll (7)
11:05am:	Prenda Lawyer Says Georgia Court Should Ignore Judge Wright's Order Because... Look! Hackers! (39)
10:01am:	Chicago School System On FOIA Requests: Stonewalling, Obfuscation, & Paper-Shredding (21)

American Airlines Making Life Worse For Most Loyal Customers By Killing Useful Mile-Tracking Browser Plugin

from the lame dept

Reader Comments (rss)

There is a difference

Re: "Awards"

They have a point ...

Re:

They are confused.

Another story

Re: They have a point ...

Re: Another story

welcome to AA employees world..

Re: They have a point ...

Re: Re: They have a point ...

Re: Re: They have a point ...

Add Your Comment

Techdirt RSS

Techdirt's Daily Email Newsletter

I’m looking for research...

I have an idea...

I have an app...

Hot Topics

New To Techdirt?

Thursday

More

Company

Contact

Tools & Services

More