American Airlines Making Life Worse For Most Loyal Customers By Killing Useful Mile-Tracking Browser Plugin

from the lame dept

Tue, Mar 6th 2012 1:24pm — Mike Masnick

It's still really amazing to me how often we hear about companies making their own customers' lives worse off in an obsessive need for excess control. The latest such example comes via Rob Hyndman, who points us to the news that American Airlines has forced Award Wallet to stop providing a useful tool for American fliers trying to keep track of their frequent flyer mileage. American had cut off a bunch of web-based services in the past that would log into American's site for you and provide a different view and other useful tools. In that case, the airline argued -- perhaps reasonably -- that it was concerned about security of a third party logging into the site and having access to your account/password. There are ways that American could deal with those security concerns, but at least that argument made some sense. In response, however, Award Wallet built a browser plugin that never involved data going to any third party. Basically everything stayed local. All it did was give users a better way to view the information (and was apparently especially handy for families).

And American Airlines didn't like it.

It couldn't use the "security" argument this time, because everything was local. But, actually, it tried to use that same argument anyway, responding to a question from BoardingArea, saying that it shut down Award Wallet to maintain the company's...

...…long-held stance on how third-party websites access proprietary AAdvantage member details… Because travelers’ AAdvantage account numbers and passwords can be used to claim AAdvantage mileage awards out of their accounts and access personal details, American will always protect this information.

We simply cannot permit websites that have not satisfied our security requirements the access needed to track AAdvantage balances or any other function that is otherwise secured behind AA.com login credentials.

But that falsely assumes that the browser plugin is a "website." It's possible that American is just confused... but the more likely situation is that American Airlines is still just worried about controlling the customer, rather than making sure they have the best experience for them. What services like Award Wallet do is make American's frequent flyer program more valuable to consumers, but apparently American doesn't want that if it means having less control.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: browser plugin, control, frequent flyer mileage, software, users
Companies: american airlines, award wallet

16 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 6 Mar 2012 @ 1:28pm

But if customers are able to keep track of their frequent flyer miles so easily we might *gasp* actually have to give them the rewards we promise for being a frequent flyer with so many miles!

That's not very secure for American Airline's wallets now is it?
[ link to this | view in chronology ]
- :Lobo Santo (profile), 6 Mar 2012 @ 1:34pm
  
  Re: "Awards"
  Yeah--awards programs exist so people can be convinced they might get some sort of reward, game the system or somesuch.
  
  People aren't actually supposed to be able to get rewards from these programs.
  
  Plugins like this "Award Wallet" defeat the purpose of having an awards program in the first place.
  [ link to this | view in chronology ]
Prashanth (profile), 6 Mar 2012 @ 1:33pm

There is a difference
There is a difference between airlines and providers of music, though. Now, up-and-coming artists can release and promote music themselves and profit much better for themselves than they could ever do under the control of a record label. As far as I know, it is not possible for average people to fly themselves to various destinations (especially for which other modes of transportation are no longer viable options e.g. traveling from Washington DC to San Francisco), so the airlines frankly don't stand to lose too much from this otherwise terrible move. Plus, when it comes to power/control versus a satisfied customer base, if they are essentially guaranteed revenues anyway thanks to the airline industry essentially being an oligopoly, which do you think the airlines will pick? (Hint: it starts with a "p" and rhymes with "hour".)
[ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2012 @ 1:41pm

A browser plugin can still read all of your data and store it, depending on the permissions that were set. Hopefully this plugin scoped itself appropriately.

I don't agree with what they are doing, I'm just saying that it's not true a plugin "never involved data going to any third party".
[ link to this | view in chronology ]
- Josh in CharlotteNC (profile), 6 Mar 2012 @ 2:04pm
  
  Re:
  What didn't you understand about "everything stayed local."?
  
  If everything stayed local, then yes, it is absolutely true that no data went to a third party.
  [ link to this | view in chronology ]
FormerAC (profile), 6 Mar 2012 @ 2:02pm

They have a point ...
If I were a nefarious bastard, I might write a browser plug-on or little applet thingy that helped users more easily view their miles.

And then surreptitiously phone home with that info. Once I've collected lots of info from lots of users, I can decide whose account I want to compromise and steal miles from.

Far fetched? Yes.
Possible? Yes.

This isn't control for control's sake. This is protecting very valuable information. Credit card miles are very useful things, and very valuable. I just used credit card miles to get a $1200 round trip ticket (April can't come quick enough!)
[ link to this | view in chronology ]
- Anonymous Coward, 6 Mar 2012 @ 3:12pm
  
  Re: They have a point ...
  I'm not sure that's possible. For example, in order for a Chrome extension to use XMLHttpRequest to send info to your server, you'd have to put your server's URL in the manifest's permissions section. Then anyone installing the extenion would get a popup like:
  Install Mile Viewing Thingy?
  It can access:
  -Your data on aa.com
  -Your data on totallynotaphisher.com
  People would notice that. Someone would open the .CRX file (it's just a zip file containing plaintext files) and check your code.
  
  Of course, I don't actually know how this particular "plugin" was implemented, so I can only theorize. If anyone has more info about what Award Wallet was, I'd like to hear it.
  [ link to this | view in chronology ]
  - FormerAC (profile), 7 Mar 2012 @ 11:50am
    
    Re: Re: They have a point ...
    Then anyone installing the extenion would get a popup like:
    
    Install Mile Viewing Thingy?
    It can access:
    -Your data on aa.com
    -Your data on totallynotaphisher.com
    
    What makes you think John (or Jane) Q Public would notice or object? I worked in IT long enough to know that most people just click ok on most messages.
    [ link to this | view in chronology ]
  - Alexi from AwardWallet, 7 Mar 2012 @ 5:46pm
    
    Re: Re: They have a point ...
    Hello, Alexi from AwardWallet.com here. I am the one who architected the browser extension and I was in charge of the dev team who implemented it. Here is how it worked: (1) user enters their user name and password into the plugin and the credentials are encrypted and stored locally inside the plugin on that computer. (not on our server) (2) user clicks "Update" on AwardWallet. (3) a new browser tab opens up and the user's browser navigates to aa.com (3) the extension grabs the locally stored credentials and logs the person into aa.com (4) the extension reads that cached web page from the browser and using x-path finds the mileage balance (5) the balance is then stored in the same plugin alongside with the encrypted credentials.
    
    In this process no AA related data ever goes to AwardWallet.com, there are two ways to verify that: (1) network sniffer (2) look at the source code.
    
    Cheers,
    -Alexi
    [ link to this | view in chronology ]
- BeeAitch (profile), 6 Mar 2012 @ 9:11pm
  
  Re: They have a point ...
  Giving credit where credit is due and all: Josh in CharlotteNC said:
  
  'What didn't you understand about "everything stayed local."?
  
  If everything stayed local, then yes, it is absolutely true that no data went to a third party.'
  [ link to this | view in chronology ]
Philip (profile), 6 Mar 2012 @ 2:18pm

They are confused.
AA, ones in the public eye, are the most technological illiterate folks you'd ever come across.

There is a control aspect of things, too. But it's more AA concerned on perception, than anything else. They concern themselves over every little detail that may "offend" somebody.. It's crazy. AA is a control freak, controlled by "political correctness."
[ link to this | view in chronology ]
Anonymous Coward, 6 Mar 2012 @ 2:32pm

is there any company used by the public that doesn't want to have complete control over them? i'm just waiting for the day when all these companies start fighting amongst themselves to see which one gets to have the most control of the most data from the most customers to use in the most ways that will benefit that winning company the most! should be interesting to see which company issues the most law suits!
[ link to this | view in chronology ]
Andrew (profile), 6 Mar 2012 @ 2:36pm

Another story
Regarding American Airlines' attitude to customer experience, you may be interested in Dustin Curtis's story complaining about AA's website: their site is horrid, so he designed a better one; an actually competent UX guy from AA responded and explained; AA fired the UX guy by way of saying thank you.
[ link to this | view in chronology ]
- BentFranklin (profile), 6 Mar 2012 @ 3:16pm
  
  Re: Another story
  If Curtis is such a UX genius how come the response is in such an unreadable combination of text and background colors? I had to highlight the text to read it. But we digress...
  [ link to this | view in chronology ]
BentFranklin (profile), 6 Mar 2012 @ 3:19pm

If Points and Rewards and Awards were a good deal for the consumer they wouldn't exist, which is why I avoid them whenever possible. Of course the cost for such things is baked into the price of what you're buying, so you'd want to try to collect them, but the time and aggravation are still not worth it.
[ link to this | view in chronology ]
colby labrador, 6 Mar 2012 @ 5:01pm

welcome to AA employees world..
ok, so now you "real important "folks can have a taste of what American does to it's employees on a daily basis. Sure you can accrue sick days, you just can't call in sick or you'll be fired! Yeah we'll negotiate a contract with you, then we'll restructure you out of that and more! the executhieves will be happy!!!
[ link to this | view in chronology ]