internet privacy issues at YYZ transborder MLL
#1
FlyerTalk Evangelist
Original Poster
Join Date: May 2009
Location: FRA / YEG
Programs: AC Super Elite, Radisson Platinum, Accor Platinum
Posts: 11,874
internet privacy issues at YYZ transborder MLL
I visited the transborder MLL at YYZ a few days ago and encountered the following issue:
I used the workstations, logged in with my Aeroplan #, typed in yahoo.com and was automatically redirected to the mail account of the previous user (so I could have sent/deleted/read e-mails).
I´ve seen this before when someone just left the workstation without logging out (there are some silly people), but in this case the previous guest had signed out of his internet session and likely assumed that the next user would not be redirected to all pages he was using.
I would expect that ending your internet session would also delete all cookies/passwords etc., or am I expecting too much???
I told the lounge agent who couldn´t be bothered to even make a note, so hopefully someone at AC reads this and takes care of this issue.
I used the workstations, logged in with my Aeroplan #, typed in yahoo.com and was automatically redirected to the mail account of the previous user (so I could have sent/deleted/read e-mails).
I´ve seen this before when someone just left the workstation without logging out (there are some silly people), but in this case the previous guest had signed out of his internet session and likely assumed that the next user would not be redirected to all pages he was using.
I would expect that ending your internet session would also delete all cookies/passwords etc., or am I expecting too much???
I told the lounge agent who couldn´t be bothered to even make a note, so hopefully someone at AC reads this and takes care of this issue.
#2
Join Date: Dec 2006
Location: Washington, DC
Programs: US-CP, UA, Marriott Rewards, HHonors, Avis,
Posts: 4,549
You could also call AC customer support or use their web feedback form. If it's troubling enough for you to post it here then it's probably worth reporting through the proper channels. I can't guarantee they'd act on it but it's got to have more of a chance than posting on an Internet forum and hoping someone sees it.
#3
FlyerTalk Evangelist
Original Poster
Join Date: May 2009
Location: FRA / YEG
Programs: AC Super Elite, Radisson Platinum, Accor Platinum
Posts: 11,874
You could also call AC customer support or use their web feedback form. If it's troubling enough for you to post it here then it's probably worth reporting through the proper channels. I can't guarantee they'd act on it but it's got to have more of a chance than posting on an Internet forum and hoping someone sees it.
Plus, of course, I wanted to get some feedback of the FT AC forum whether this is something "normal".
#4
Join Date: Feb 2007
Location: YXU/BOS
Programs: AC SEMM
Posts: 939
This has happened to me in the past - what I have done is sent an email to the previous user (using their own account) suggesting that they remember to clear their history and exit the browser before leaving a public terminal
#5
Join Date: Dec 2010
Location: MAN
Programs: BA Silver
Posts: 1,205
Very good reason not to use a public terminal for anything password-protected that you care about. Ever. Even if you are super-careful and very knowledgeable, it is too easy to forget to clean up in the scramble when you look up and see your flight leaves in 10 minutes.
#7
Join Date: Feb 2009
Location: YYC
Posts: 495
A properly-configured kiosk computer would delete all of this stuff as soon as someone logs out. But Windows certainly doesn't come out of the box like that.
#8
Join Date: Apr 2007
Posts: 56
If website did all the right things in security, login session should be destroyed once the browser close and should timeout after inactivity. Caching of webpages can be done on disk and memory, this is one complex area. Some data are stored in memory but not disk, depending on the browser type and website setting. Important thing to remember is when a program quits and free up memory or even disk space, it is still potentially possible for an advanced attacker to recovery the content using memory and disk forensics techniques as computers tend to not wipe things clean as things are "deleted".
The short answer to this - if you can live with low level of privacy, clear cookie, clear cache and then reboot the machine when you are done. If you need a reasonable or high level of privacy, do not use a public workstation.
As a side note, keep in mind it's difficult to know whether a workstation is infected with one of those APT (trojans) like Spyeye and Zeus. They can steal your login credentials. Another good reason to stay off public workstations except for the most causal surfing.
#9
Join Date: Jun 2003
Location: YVR
Programs: AC E75, SPG Plat, HH peon-by-choice (ex Gold)
Posts: 8,090
NEVER ever login to anything via a public computer. I expect there's some sort of keylogger on those things.
As for not logging out, happens all the time. Once or twice, I went to FT, and noted someone didn't log out and their cookie was still active. I sent them a PM via their own acct to let them know.
As for not logging out, happens all the time. Once or twice, I went to FT, and noted someone didn't log out and their cookie was still active. I sent them a PM via their own acct to let them know.
#10
Join Date: Aug 2010
Location: YUL
Programs: AC*E
Posts: 779
These are specialized "internet kiosks" terminals that are supposed to erase all traces of information between sessions... in theory.
#11
Join Date: Jul 2008
Programs: Via Preference Privilege, AC*A, Fairmont Plat, SPG Gold
Posts: 1,334
For those who use Gmail, this maybe of interest:
http://www.theregister.co.uk/2011/02...uthentication/
You still have to remember to logout though, but a straight keylogger wouldn't be able to access your account.
http://www.theregister.co.uk/2011/02...uthentication/
You still have to remember to logout though, but a straight keylogger wouldn't be able to access your account.
#13
Join Date: Jan 2009
Location: YYZ
Posts: 108
For those who use Gmail, this maybe of interest:
http://www.theregister.co.uk/2011/02...uthentication/
You still have to remember to logout though, but a straight keylogger wouldn't be able to access your account.
http://www.theregister.co.uk/2011/02...uthentication/
You still have to remember to logout though, but a straight keylogger wouldn't be able to access your account.
If you click on details, you can see all the sessions in use on your account (including your smartphone, etc) and elect to disconnect them all except your current session. ^
#14
Join Date: Aug 2005
Posts: 3,438
A properly configured kiosk would delete all information upon session close. Amazingly enough, I actually saw one the other day. Most kiosks aren't set up that way so I always go into IE settings and delete browsing history when I'm done to make myself feel a little better. Sometimes it's a challenge when you have to find it in Portguese or some other language you don't know.
#15
Join Date: Oct 2004
Programs: Aeroplan, Delta, Starwood, Fairmount
Posts: 2,312
A properly configured kiosk would delete all information upon session close. Amazingly enough, I actually saw one the other day. Most kiosks aren't set up that way so I always go into IE settings and delete browsing history when I'm done to make myself feel a little better. Sometimes it's a challenge when you have to find it in Portguese or some other language you don't know.