TechCrunch has a good run down of the fallout from Delta’s cease-and-desist order to points tracking websites like Award Wallet. They note that TripIt and MileWise are also affected, and that Delta joins American and Southwest in objecting to these sites accessing account information on behalf of members.
Here’s the situation in a nutshell: the airlines think your rewards data is theirs. Users think they own their own data. Imagine that!
They report that American claims it’s about security, while Delta says ‘system performance’ but it’s really about control over valuable data and eyeballs.
Techcrunch’s recommendation? “But here’s a suggestion to the airlines about building brand loyalty: stop sucking so much.”
The first comment left in response to the article is illuminating:
The password anti-pattern is insecure. Airlines are justified in not allowing screenscrapers. However they may not be justified in trying to hold on to the data. If they claim that security and performance are the only justifications, then they should provide an OAuth based API. The fact that they don’t says a lot.