Hacker News new | ask | show | jobs
by YeBanKo 1340 days ago
Playing devil’s advocate here: this is not the same as scraping LinkedIn data. Linkedin data is public. This app requires a login info from a flight attendants to scrape their schedules. When you try to log in, you can choose to login as public or as a AA flight attendant. It sucks, but I also understand why a company may be unhappy, that a third party handles credentials and accesses internal data. What they can:

- build a 3rd part integration API, which opens up a whole can of worms. Not many tech-first companies can do it right, for an airline it’s a very challenging steps.

- build their own, but they already failed there if their employees turn to 3rd party

- ignore and let it run. This is basically unauthorized access to go and hope that the guy names Jeff won’t screw up.

- deny and prevent access. This is probably technically the easiest and safest from legal standpoint.
1 comments
matheusmoreira 1340 days ago
> This app requires a login info from a flight attendants to scrape their schedules.

So? If the flight attendants have provided their credentials to the scraping software, they have essentially authorized the software to scrape the data on their accounts. It's just a custom user agent running locally and the airline company has no business blocking anything.

link
wraptile 1340 days ago
In other words: "you can write this down by hand, copy paste or browser plugins but you cannot automate this". I wonder if this stood up in any other context and I can't imagine of a similar scenario from the top of my head where automation would be forbidden. I could totally hire a part time student from a developing country to do data entry for me and that would be alright? Strange world - somehow these corporations have people brainwashed.
link
YeBanKo 1340 days ago
The issue is not that some app has access to a timetable of work shifts. It is that it has access to credentials and potentially can so something else. In your analogy a part time student from a developing country data entry - this is scrapping public linkedin data. What happens here is an employee giving their office badge, so they can go get a folder from the employee’s desk, open it and make a presentation based on its content. To make it worse, many employees give their badges to the exactly same student.
link
YeBanKo 1340 days ago
Third party having an unrestricted access to the internal system. No sane business owner would be ok with it. This is literally the reason why protocols like oauth2 exists.
link