Answered - Flight tracker privacy and security issue | Australian Frequent Flyer
Australian Frequent Flyer

Welcome to Australia's leading independent Frequent Flyer and Travel Resource since 1998!
Our site contains tons of information that will improve your travel experience.

Joining AFF is fast, simple & absolutely free - register now and take immediate advantage of these great BENEFITS.

Once registered, this box will disappear. And you will see fewer advertisements :)

Answered Flight tracker privacy and security issue

esseeeayeenn

Established Member
Joined
Jul 2, 2014
Messages
2,676
Qantas
Platinum
Flights
My Map
As you probably know if you have flighttracker open for a long time it forgets who you are.
While the map may stay the same, if you choose "list flights" it will list flights for another user.
Yesterday it showed me someone's list and it was full of future bookings.
Those bookings were annotated with extensive notes including booking refs and names and other personal details.
Obviously I simply closed the browser tab, but an unscrupulous person could use such information.
I wonder if there should be a warning not to add such sensitive information to flighttracker because it isn't secure.
 

esseeeayeenn

Established Member
Joined
Jul 2, 2014
Messages
2,676
Qantas
Platinum
Flights
My Map
As luck would have it, it just happened again.
I posted once and realised I was publishing the PNRs.
So I deleted the post and am reposting with the PNRs redacted.
The flights in the map are mine, the listed flights are not.
notmyflights.jpg
 

support

Established Member
Administrator
Joined
May 29, 2011
Messages
2,076
I have investigated this issue and I would like to reassure you that the Flight Tracker is performing as expected and what you have encountered is not a security issue.

At issue is whether or not you make your flight details open, public or private, and then what information you include in the 'notes' section, which is optional and can include anything.

Screen Shot 2020-01-22 at 8.04.29 pm.png

Open profiles let others see, but not edit, your detailed flight data as well.
Public profiles let others see your flight map and general statistics, but flight details like exact dates and class of service are not revealed.
Private profiles are visible only to you. All our users can password-protect their private profiles, so only people who know the password can see them.

Example
Now, looking at @samh004's Flight Map, I can show you how these privacy options change the view for other users. With his privacy setting at Open, I am able to see flights per city by clicking on that city, as in the example below.

Screen_Shot_2020-01-22_at_8_29_22_pm.png

Screen_Shot_2020-01-22_at_8_29_39_pm.png

Changing this privacy setting to Public removes the option to 'list flights' (highlighted option), which in turn would result in the information no longer being accessible to other users. It is also not possible to edit someone else's data, even if you do see their notes/flights.

Screen_Shot_2020-01-22_at_8_59_26_pm.png

A foot note to this story is that the notes field is optional, and as with anything you put on the internet, you should be careful with how much information you share. For most of those PNR's that are visible currently, it is unlikely you could use them nefariously as you don't have the members last name. For those members that are worried, our advice is to switch your Flight Tracker profile privacy settings from Open to Public and avoid adding PNR's to your flight data.
 

esseeeayeenn

Established Member
Joined
Jul 2, 2014
Messages
2,676
Qantas
Platinum
Flights
My Map
I have investigated this issue and I would like to reassure you that the Flight Tracker is performing as expected and what you have encountered is not a security issue.
Thanks for the reassurance.
However it does seem odd that after being logged in for a while we see our own flight map but another user's list of flights.
Is that intentional?
 

support

Established Member
Administrator
Joined
May 29, 2011
Messages
2,076
However it does seem odd that after being logged in for a while we see our own flight map but another user's list of flights.
Is that intentional?
I would imagine not, but the data you see is publicly accessible if you view a users flight map and then view their flights from/to a particular city.

The main takeaway is that it isn't showing data that is meant to be private. If you don't want anyone seeing your PNR, simply switch to a Public – not Open – profile, and/or don't add your PNR to the notes.
 

Community Statistics

Threads
84,874
Messages
1,986,147
Members
52,244
Latest member
KarenR
Top