American Airlines Making Life Worse For Most Loyal Customers By Killing Useful Mile-Tracking Browser Plugin

from the lame dept

It's still really amazing to me how often we hear about companies making their own customers' lives worse off in an obsessive need for excess control. The latest such example comes via Rob Hyndman, who points us to the news that American Airlines has forced Award Wallet to stop providing a useful tool for American fliers trying to keep track of their frequent flyer mileage. American had cut off a bunch of web-based services in the past that would log into American's site for you and provide a different view and other useful tools. In that case, the airline argued -- perhaps reasonably -- that it was concerned about security of a third party logging into the site and having access to your account/password. There are ways that American could deal with those security concerns, but at least that argument made some sense. In response, however, Award Wallet built a browser plugin that never involved data going to any third party. Basically everything stayed local. All it did was give users a better way to view the information (and was apparently especially handy for families).

And American Airlines didn't like it.

It couldn't use the "security" argument this time, because everything was local. But, actually, it tried to use that same argument anyway, responding to a question from BoardingArea, saying that it shut down Award Wallet to maintain the company's...
...…long-held stance on how third-party websites access proprietary AAdvantage member details… Because travelers’ AAdvantage account numbers and passwords can be used to claim AAdvantage mileage awards out of their accounts and access personal details, American will always protect this information.

We simply cannot permit websites that have not satisfied our security requirements the access needed to track AAdvantage balances or any other function that is otherwise secured behind AA.com login credentials.
But that falsely assumes that the browser plugin is a "website." It's possible that American is just confused... but the more likely situation is that American Airlines is still just worried about controlling the customer, rather than making sure they have the best experience for them. What services like Award Wallet do is make American's frequent flyer program more valuable to consumers, but apparently American doesn't want that if it means having less control.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Mar 6th, 2012 @ 1:28pm

    But if customers are able to keep track of their frequent flyer miles so easily we might *gasp* actually have to give them the rewards we promise for being a frequent flyer with so many miles!

    That's not very secure for American Airline's wallets now is it?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      :Lobo Santo (profile), Mar 6th, 2012 @ 1:34pm

      Re: "Awards"

      Yeah--awards programs exist so people can be convinced they might get some sort of reward, game the system or somesuch.

      People aren't actually supposed to be able to get rewards from these programs.

      Plugins like this "Award Wallet" defeat the purpose of having an awards program in the first place.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Prashanth (profile), Mar 6th, 2012 @ 1:33pm

    There is a difference

    There is a difference between airlines and providers of music, though. Now, up-and-coming artists can release and promote music themselves and profit much better for themselves than they could ever do under the control of a record label. As far as I know, it is not possible for average people to fly themselves to various destinations (especially for which other modes of transportation are no longer viable options e.g. traveling from Washington DC to San Francisco), so the airlines frankly don't stand to lose too much from this otherwise terrible move. Plus, when it comes to power/control versus a satisfied customer base, if they are essentially guaranteed revenues anyway thanks to the airline industry essentially being an oligopoly, which do you think the airlines will pick? (Hint: it starts with a "p" and rhymes with "hour".)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 6th, 2012 @ 1:41pm

    A browser plugin can still read all of your data and store it, depending on the permissions that were set. Hopefully this plugin scoped itself appropriately.

    I don't agree with what they are doing, I'm just saying that it's not true a plugin "never involved data going to any third party".

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Josh in CharlotteNC (profile), Mar 6th, 2012 @ 2:04pm

      Re:

      What didn't you understand about "everything stayed local."?

      If everything stayed local, then yes, it is absolutely true that no data went to a third party.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    FormerAC (profile), Mar 6th, 2012 @ 2:02pm

    They have a point ...

    If I were a nefarious bastard, I might write a browser plug-on or little applet thingy that helped users more easily view their miles.

    And then surreptitiously phone home with that info. Once I've collected lots of info from lots of users, I can decide whose account I want to compromise and steal miles from.

    Far fetched? Yes.
    Possible? Yes.

    This isn't control for control's sake. This is protecting very valuable information. Credit card miles are very useful things, and very valuable. I just used credit card miles to get a $1200 round trip ticket (April can't come quick enough!)

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 6th, 2012 @ 3:12pm

      Re: They have a point ...

      I'm not sure that's possible. For example, in order for a Chrome extension to use XMLHttpRequest to send info to your server, you'd have to put your server's URL in the manifest's permissions section. Then anyone installing the extenion would get a popup like:
      Install Mile Viewing Thingy?
      It can access:
      -Your data on aa.com
      -Your data on totallynotaphisher.com
      People would notice that. Someone would open the .CRX file (it's just a zip file containing plaintext files) and check your code.

      Of course, I don't actually know how this particular "plugin" was implemented, so I can only theorize. If anyone has more info about what Award Wallet was, I'd like to hear it.

       

      reply to this | link to this | view in chronology ]

      •  
        icon
        FormerAC (profile), Mar 7th, 2012 @ 11:50am

        Re: Re: They have a point ...

        Then anyone installing the extenion would get a popup like:

        Install Mile Viewing Thingy?
        It can access:
        -Your data on aa.com
        -Your data on totallynotaphisher.com


        What makes you think John (or Jane) Q Public would notice or object? I worked in IT long enough to know that most people just click ok on most messages.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        Alexi from AwardWallet, Mar 7th, 2012 @ 5:46pm

        Re: Re: They have a point ...

        Hello, Alexi from AwardWallet.com here. I am the one who architected the browser extension and I was in charge of the dev team who implemented it. Here is how it worked: (1) user enters their user name and password into the plugin and the credentials are encrypted and stored locally inside the plugin on that computer. (not on our server) (2) user clicks "Update" on AwardWallet. (3) a new browser tab opens up and the user's browser navigates to aa.com (3) the extension grabs the locally stored credentials and logs the person into aa.com (4) the extension reads that cached web page from the browser and using x-path finds the mileage balance (5) the balance is then stored in the same plugin alongside with the encrypted credentials.

        In this process no AA related data ever goes to AwardWallet.com, there are two ways to verify that: (1) network sniffer (2) look at the source code.

        Cheers,
        -Alexi

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      BeeAitch (profile), Mar 6th, 2012 @ 9:11pm

      Re: They have a point ...

      Giving credit where credit is due and all: Josh in CharlotteNC said:

      'What didn't you understand about "everything stayed local."?

      If everything stayed local, then yes, it is absolutely true that no data went to a third party.'

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Philip (profile), Mar 6th, 2012 @ 2:18pm

    They are confused.

    AA, ones in the public eye, are the most technological illiterate folks you'd ever come across.

    There is a control aspect of things, too. But it's more AA concerned on perception, than anything else. They concern themselves over every little detail that may "offend" somebody.. It's crazy. AA is a control freak, controlled by "political correctness."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 6th, 2012 @ 2:32pm

    is there any company used by the public that doesn't want to have complete control over them? i'm just waiting for the day when all these companies start fighting amongst themselves to see which one gets to have the most control of the most data from the most customers to use in the most ways that will benefit that winning company the most! should be interesting to see which company issues the most law suits!

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Andrew (profile), Mar 6th, 2012 @ 2:36pm

    Another story

    Regarding American Airlines' attitude to customer experience, you may be interested in Dustin Curtis's story complaining about AA's website: their site is horrid, so he designed a better one; an actually competent UX guy from AA responded and explained; AA fired the UX guy by way of saying thank you.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      BentFranklin (profile), Mar 6th, 2012 @ 3:16pm

      Re: Another story

      If Curtis is such a UX genius how come the response is in such an unreadable combination of text and background colors? I had to highlight the text to read it. But we digress...

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    BentFranklin (profile), Mar 6th, 2012 @ 3:19pm

    If Points and Rewards and Awards were a good deal for the consumer they wouldn't exist, which is why I avoid them whenever possible. Of course the cost for such things is baked into the price of what you're buying, so you'd want to try to collect them, but the time and aggravation are still not worth it.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    colby labrador, Mar 6th, 2012 @ 5:01pm

    welcome to AA employees world..

    ok, so now you "real important "folks can have a taste of what American does to it's employees on a daily basis. Sure you can accrue sick days, you just can't call in sick or you'll be fired! Yeah we'll negotiate a contract with you, then we'll restructure you out of that and more! the executhieves will be happy!!!

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This