Email has been compared to the "keys to the kingdom", since almost all other services passwords can be reset if you have access to someone's email. Some other posters have expressed doubt or concern about granting access to email for this service; I would express the concern in the opposite direction:
As developers, we should not be asking people for access to their email (or similar levels of access).
It sets a bad precedent, like banks sending out emails with clickable links; we're encouraging people to engage in very risky behavior and ultimately making it more likely they (the users) will fall for a scam in the future.
This should one of those "IT will never ask for your password" kind of things that gets hammered into people. "Legitimate services will never ask for access to your email/harddrive/etc". I'm not saying this service is not legitimate: I'm saying, as a presumably legitimate service, it should not set a bad example.
I gave you access, waiting for results, but I'm wondering why you insist on getting email access to do anything. Why not let me input flights manually? You're going to turn away a lot of users who aren't willing to let you scan their emails.
It looks like you can input flights manually. I went through with a flight cancelled a few months back, I had to give an email address but not give them any access. It says I am entitled to €600. They take a 25% cut; I'm not sure I'll go through with it or submit my own claim direct to the airline.
If you click on the "i" next to "view and manage emails" it specifies that this app can even permanently delete emails, labels, etc. I'm not sure why it needs anything more than "read only" access. Then again, even letting a 3rd party scan my emails is a MAJOR risk.
Yikes. Allowing some random startup to go through my email willy nilly? Yeah right. "We use secure connections & care about your privacy" What does that even mean? Can you download the full contents of my gmail account and keep it on file?
I've flown more than 300 segments in the past 3 years, but it still isn't worth the risk.
Connect to TripIt, or something else. Or tell me there is a way to use Google to search my gmail in a targeted manner without me exposing other sensitive info.
Hey all, one of the founders here. We really appreciate the feedback, a lot of the concerns are something that we are aware of. There are a couple of things that I think is important to clear out.
1 - you will always be able to enter in your flights manually through the webform.
2 - We built the email search function because we could see that a lot of people we're still unaware of which flights they could claim for, hence a service that automatically tells you.
3 - Tripit, Yahoo etc. are all on the roadmap
4 - We really don't have any other interest than helping you find itineraries, and we will never look through your personal emails.
Great feedback everybody, please keep it coming, it is much appreciated. Also if you have input going forward, never hesitate to get in touch
It seems pretty likely that the legal tools they are using really apply to European flights, although they are incredibly vague on that point. In the US, you're really only legally entitled to compensation if you are involuntarily bumped from an overbooked flight, and that's less than 100,000 people/year compared to the millions who have delays and cancellations.
It would be far more honest to be clear at the start as to what customers can reasonably expect, how their service is different from just sending a form letter complaint to the airline, and why they need access to your email.
Great idea, but seriously, getting access to all of my email history is too much, and I stopped there. I have flights I wish to put in, and want to use the services, but you lost a customer because of overreaching and trying to solve a problem that the end user probably doesnt perceive as a problem.
As developers, we should not be asking people for access to their email (or similar levels of access).
It sets a bad precedent, like banks sending out emails with clickable links; we're encouraging people to engage in very risky behavior and ultimately making it more likely they (the users) will fall for a scam in the future.
This should one of those "IT will never ask for your password" kind of things that gets hammered into people. "Legitimate services will never ask for access to your email/harddrive/etc". I'm not saying this service is not legitimate: I'm saying, as a presumably legitimate service, it should not set a bad example.