So my takeaway is that for enhanced privacy I should try to book flights with travel agencies instead of directly with airlines. Is the advice still applicable or is it nowadays futile?
The travel agency is the one that collects your personal information - but it (unsurprisingly) immediately passes just about everything to the airline: name, date of birthday, phone number, email etc.
In general, the airline won’t get your payment details though.
How? There are two setups, either you book with an agency, which then forwards your data to the airline, or you book directly with an airline. In both cases, you have a more or less fixed amount of data collected, due to legal requirements. But the agency will usually act as a proxy, only forwarding the absolute necessary information, and using some on their own (like form of payment or contacts), often even send replacement-data or their own to the airline.
So it's absolutely true that in certain common setups, the airline is not the one collecting and holding most information. But, this comes with the price that more parties are holding your information.
And agencies are often going through a CRS or even through a middleman to the CRS, not booking directly with the airline, so there is a good chance of a third or even fourth party also holding your information. Though, technically this can also depend on the agency, airline and type of flight. With Charter- and Lowcost-flights it can happen that the agency is going directly to the airline, hacking their way around the airlines' website. But this is getting shoot down in the last years but those airline, and not obvious from the outside.
Oh, and historically speaking, it used to be that agencies were often collecting more personal information than laws demanded, while airlines went with the absolute necessary stuff. So maybe the article was meaning this aspect too.
The protocols are heavily documented in many ways, but we also had an on-site pair of experts on this particular mainframe network, as an information resource, and we needed them. And I still had to reverse-engineer some semantics or format from real-world protocol captures, and freeze that knowledge in unit tests.
There was one opcode that initially sounded simple. IIRC, linguistically, it turned out be closer to an eval than an echo.
This kind of work, carefully interoperating with critical legacy systems, can be more interesting and positive than serving cat pictures and running surveillance trackers in exactly the architecture memorized for a Design Interview. But if you do anything involving mainframes, and then want to go back to startups or Big Tech, I wouldn't put the toxic keyword "mainframe" on your techbro resume; use euphemisms like "global financial system" instead. Also, you should say that you "disrupted" it; though disrupting a critical system is not usually considered a positive achievement in other circles.
If traveling into the US from overseas, you need to disclose a whole bunch of info to get your ESTA, and for the flight itself there's APIS: https://en.wikipedia.org/wiki/Advance_Passenger_Information_...
And for any flight that even overflies the US, there's Secure Flight:
https://upload.wikimedia.org/wikipedia/commons/b/b8/TSA_Secu...
https://mango.pdf.zone/finding-former-australian-prime-minis...
dang•2mo ago
What's in a Passenger Name Record (PNR)? - https://news.ycombinator.com/item?id=6037279 - July 2013 (2 comments)
tolerance•2mo ago
“PNR's show where you went, when, with whom, for how long, and at whose expense. Behind the closed doors of your hotel room, with a particular other person, they show whether you asked for one bed or two. Through departmental and project billing codes, business travel PNR's reveal confidential internal corporate and other organization structures and lines of authority and show which people were involved in work together, even if they travelled separately. Particularly in the aggregate, they reveal trade secrets, insider financial information, and information protected by attorney-client, journalistic, and other privileges.
Through meeting codes used for convention and other discounts, PNR's reveal affiliations -- even with organizations whose membership lists are closely-held secrets not required to be divulged to the government. Through special service codes, they reveal details of travellers' physical and medical conditions. Through special meal requests, they contain indications of travellers' religious practices -- a category of information specially protected by many countries.
PNR's for reservations made or changed online routinely include IP addresses and timestamps to enable them to be cross-referenced with Web server logs.”
The rest of the web site remains a curious display of information.