How airlines don’t care about your privacy
Airlines such as Emirates share sensitive user information with third-party trackers – all without users’ consent or any option to opt-out.
Sometime last year while booking travel for my family, I stumbled across a few data-security practices that, as a data security advocate, made me extremely worried.
For a layman, when you book your flight through airlines such as Emirates, Domestic or International, there are approximately 300 data points related to your booking. The moment you click on manage preferences to select a seat or meal for your trip or to Check-in to your flight, your Booking ID and Last name is passed on to approximately 14 different third-party trackers like Crazy Egg, Boxever, Coremetrics, Google, and Facebook among others – all without your explicit consent or any option to opt-out.
Some third-party trackers also receive an HTTP link that leads to Emirates’ “Manage Preferences” page. Anyone who has access to this link can not only read but also edit the information, e.g., change or cancel a flight, change seat or meal preference, add more products to the booking, or change or add passport information.
You want to learn more about these serious security flaws that violate user-data privacy? Read my post on Medium.