<p><pre><code> Interested in learning what’s in your boarding pass barcode?
Take a picture of the barcode with your phone, and upload it to this site.
</code></pre>
Woah! We are talking about private information being easily accessed from our boarding passes and there is a passage on uploading it to some site online. Wouldn't that be ill-advised.
The barcode is PDF417 and there are phone apps that scan and convert it to text (<a href="http://www.pdf417.mobi/" rel="nofollow">http://www.pdf417.mobi/</a>) - in case you do not want to send this to some website. I played with it, decoding my own boarding passes, but did not find anything that was not already printed on the pass. Granted there was a lot of abbreviated gibberish which may have been something sensitive.
This barcode is normally used as input to ACP (IBM Airline Control Program, also called TPF or z/TPF) in plaintext to a TCP/IP TN3270-based terminal emulator running under Windows (with or without any SSH encryption). But the barcode text is visible to anyone facing the terminal. At least it's how it happened in all my latest flights.
I had tried that before using Mathematica instead of a website and I was also surprised to see the data in the barcode is not really signed in any way. IIRC it was a European low cost like Ryan air, and I thought it was scary that I could have generated the same exact bar code just by knowing my name and the flight.<p>Of course there is an extra step of validation, because the airline has the passenger list, so you can't just add yourself to a flight.
Is this the reason why you need to scan your boarding-card if you buy something in the airport? Is it regulation or are these companies data-mining?<p>Edit: Apparently it has something to do with VAT: <a href="http://www.telegraph.co.uk/travel/travelnews/11794109/The-real-reason-airport-shops-want-to-see-your-boarding-pass.html" rel="nofollow">http://www.telegraph.co.uk/travel/travelnews/11794109/The-re...</a>
So upon the actual boarding process, is the actual flight reservation checked with the name or is it susceptible to fraud?<p>I can see how fraud can be prevented with this schema, but I wonder if it's implemented.