FRESH

Hacker News

What's in a Passenger Name Record (PNR)? (2013)

77 points by rzk

by decimalenough

0 subcomment

A famous demonstration of how easy it is to use a photo of a boarding pass to get a prime minister's passport info and personal phone number via the PNR:
https://mango.pdf.zone/finding-former-australian-prime-minis...

by decimalenough

2 subcomments

While basically everything about PNRs described here remains unchanged (as it has been since the 60s), government data collection on top of PNRs has become far more extensive since this was written 12 years ago.
If traveling into the US from overseas, you need to disclose a whole bunch of info to get your ESTA, and for the flight itself there's APIS: https://en.wikipedia.org/wiki/Advance_Passenger_Information_...
And for any flight that even overflies the US, there's Secure Flight:
https://en.wikipedia.org/wiki/Secure_Flight

by kccqzy

2 subcomments

> Airlines don’t collect most passenger information — travel agents do. Most passengers never deal with the airline until they check in for their flight at the airport. And standard travel agency procedures make them function, in practice, as quite effective “anonymizing proxies” for travellers.
So my takeaway is that for enhanced privacy I should try to book flights with travel agencies instead of directly with airlines. Is the advice still applicable or is it nowadays futile?

by dang

1 subcomments

Discussed (a bit) at the time:
What's in a Passenger Name Record (PNR)? - https://news.ycombinator.com/item?id=6037279 - July 2013 (2 comments)

by neilv

0 subcomment

I worked briefly on GDS/ARS protocol in modern times (for reservation system on Linux servers that could talk directly to the mainframe network, rather than using a middleware wrapper around your own mainframe)
The protocols are heavily documented in many ways, but we also had an on-site pair of experts on this particular mainframe network, as an information resource, and we needed them. And I still had to reverse-engineer some semantics or format from real-world protocol captures, and freeze that knowledge in unit tests.
There was one opcode that initially sounded simple. IIRC, linguistically, it turned out be closer to an eval than an echo.
This kind of work, carefully interoperating with critical legacy systems, can be more interesting and positive than serving cat pictures and running surveillance trackers in exactly the architecture memorized for a Design Interview. But if you do anything involving mainframes, and then want to go back to startups or Big Tech, I wouldn't put the toxic keyword "mainframe" on your techbro resume; use euphemisms like "global financial system" instead. Also, you should say that you "disrupted" it; though disrupting a critical system is not usually considered a positive achievement in other circles.

by 725686

0 subcomment

As a junior dev I had to develop software to read and write this bastards. Long time no see.

by tadzikpk

0 subcomment

PNRs also contain info on the Form of Payment used to pay for the ticket, in case you were ever wondering who's paying for their airfares in cash...

by StackBPoppin

1 subcomments

I've had to write an entire backend to interface with Sabre - using SOAP/XML - it was anything but straightforward. But yeah, you need surprisingly little information to book/cancel/view flights and PNR data.

by cormorant

0 subcomment

The "IP address" shown is in the private range 172.16/12. What other incorrect claims are lurking in this "article"?

by David-Henrry

0 subcomment

by Steve-Tony

2 subcomments