[matheusmoreira]

> This app requires a login info from a flight attendants to scrape their schedules.

So? If the flight attendants have provided their credentials to the scraping software, they have essentially authorized the software to scrape the data on their accounts. It's just a custom user agent running locally and the airline company has no business blocking anything.

[wraptile]

In other words: "you can write this down by hand, copy paste or browser plugins but you cannot automate this". I wonder if this stood up in any other context and I can't imagine of a similar scenario from the top of my head where automation would be forbidden. I could totally hire a part time student from a developing country to do data entry for me and that would be alright? Strange world - somehow these corporations have people brainwashed.

[YeBanKo]

The issue is not that some app has access to a timetable of work shifts. It is that it has access to credentials and potentially can so something else. In your analogy a part time student from a developing country data entry - this is scrapping public linkedin data. What happens here is an employee giving their office badge, so they can go get a folder from the employee’s desk, open it and make a presentation based on its content. To make it worse, many employees give their badges to the exactly same student.

[YeBanKo]

Third party having an unrestricted access to the internal system. No sane business owner would be ok with it. This is literally the reason why protocols like oauth2 exists.