Moderators: richierich, ua900, PanAm_DC10, hOMSaR
WkndWanderer wrote:Google will store your credentials for absolutely everything, Facebook is how many people log in to all of their apps, this doesn’t seem very atypical.
WkndWanderer wrote:Google will store your credentials for absolutely everything, Facebook is how many people log in to all of their apps, this doesn’t seem very atypical.
RTWin10 wrote:How is this different from financial websites that gather your 401(k) and other retirement and savings info into one site for planning purposes? The account owner has to share their individual login info to each site.
zuckie13 wrote:
1) As a "tech guy" I do not like the fact that they are storing user's credentials for other sites in their system. In order for that to work, the passwords have to be stored in a manor where they necessarily can be decrypted so they can be used to log into the AA (and other airline's site).
LAXintl wrote:Besides the fact of 3rd party accessing AA IT systems without consent and without appropriate established protocols, AA also claims TPG using AA brand and trademarks for its own gain and ignores AA's intellectual property.
DUSdude wrote:@zuckie13,
You mean "manner", not "manor". A manor is a large residential building like the one Bruce Wayne resides in.
zuckie13 wrote:When you use a password manager in a browser - even if the data is uploaded to the "cloud" - google (with chrome) or others can't actually decrypt your password - that only happens locally on your own phone/computer.
LAXintl wrote:Also for the record, this is not the first travel site that has been stopped from profiting off access to AA and member data in recent times.
zeke wrote:zuckie13 wrote:
1) As a "tech guy" I do not like the fact that they are storing user's credentials for other sites in their system. In order for that to work, the passwords have to be stored in a manor where they necessarily can be decrypted so they can be used to log into the AA (and other airline's site).
Why does it need to be stored on the site, why couldn’t that all be done within the app on the users own device. Many apps stope website data and passwords for users.LAXintl wrote:Besides the fact of 3rd party accessing AA IT systems without consent and without appropriate established protocols, AA also claims TPG using AA brand and trademarks for its own gain and ignores AA's intellectual property.
Sounds like the lawyers didn’t get far with the Delta use of fkagship so they are drumming up work elsewhere.
miegapele wrote:zuckie13 wrote:When you use a password manager in a browser - even if the data is uploaded to the "cloud" - google (with chrome) or others can't actually decrypt your password - that only happens locally on your own phone/computer.
That's mostly false, passwords stored on the cloud almost always can be decrypted by the cloud providers. Some have stricter security possibilities, there the key to decrypt is not stored, but that is almost never used option because that way you lose cloud backup if you lose that decryption key. That is not acceptable for most people.
For this scrapping issue there must have been some precedents set already.
I only remember Ryanair which tried to sue somebody and lost for scrapping prices. But that is public information and not password protected and also in EU, so hardly relevant
Brickell305 wrote:The article is somewhat misleading. The parent company for TPG actually sued AA first to stop them from denying access (it is currently allowed). AA countersued in response.
zuckie13 wrote:
It's going to their site because it's their site that's doing the access of the AA site. You give TPG your credentials that are sent to TPG's sever so it can log into the AA site to pull your points info.
MIflyer12 wrote:IMHO, that's really AA's beef. AA doesn't want TPG to suggest individualized strategies to maximize value, like accruing miles in programs other than AA, or max-value miles redemptions. All the rest of it just fluffs up the suit, although asserting improper use of AA trademarks is likely to give them at least a partial win.
zeke wrote:zuckie13 wrote:
It's going to their site because it's their site that's doing the access of the AA site. You give TPG your credentials that are sent to TPG's sever so it can log into the AA site to pull your points info.
Nothing stopping your device connecting to the AA site and your device updating TPG. It does not need to be done server side.
zuckie13 wrote:zeke wrote:zuckie13 wrote:
It's going to their site because it's their site that's doing the access of the AA site. You give TPG your credentials that are sent to TPG's sever so it can log into the AA site to pull your points info.
Nothing stopping your device connecting to the AA site and your device updating TPG. It does not need to be done server side.
Maybe not, but that's not how they implemented it according to the lawsuit - AA recorded tons of connection from the same set of IP addresses belonging to TPG.