It turns out that the travel reservation site 'I see people other than you now' was a lie

When searching for accommodations or boarding passes on accommodation reservation sites, flight reservation sites, etc., a small message next to the search candidate such as “None of you are watching the same page now” is displayed. There are times. In overseas travel reservation site OneTravel, security researcher Ophir Harpaz discovered that this displayed number was not a real-time number of simultaneous connections to the page, but actually a random number.

When Mr. Harpaz tried to reserve a boarding pass for an airplane with OneTravel, it was said that '38 people are checking this boarding pass', in order to expedite the reservation purchase. “Is 38 people checking?” Harpaz was impatient, but he seemed to have doubts that 38 people were checking this boarding pass.

[1/4] Ok this is really funny, check this out.
I was in the process of booking a flight via @OneTravel . Trying to make me book ASAP, they claimed: '38 people are looking at this flight'.
Whoa, 38 is a lot, I have to hurry up.But first I have to check how they came up with 38 >> pic.twitter.com/UaGhaiCQrR

— Ophir Harpaz (@OphirHarpaz) October 16, 2019

Therefore, when Harpaz confirmed how this number was acquired, it turned out that the class name of the element corresponding to “38” is “view_notification_random”.

[2/4] Right click and a quick 'inspect' on the number, I found out the element's class name is 'view_notification_random'.
Awesome variable naming guys.
So you're _randomly_ trying to freak me out.Alright >> pic.twitter.com/xnL3hsZLP5

— Ophir Harpaz (@OphirHarpaz) October 16, 2019

Furthermore, when Harpaz checked the source code using Chrome's developer tools, he found the following parts in JavaScript. It turned out that numbers from 28 to 44 were completely randomly generated and only displayed. In other words, the part “One person is checking this boarding pass” of One Travel was a lie, and it was meant to prompt the user to make a flight reservation.

[3/4] So what's your sophisticated pseudo-random algorithm?
Apparently, OneTravel are choosing a number between 28 and 45.
Because as you all know, based on serious psychological research, these numbers tend to make people book their flights fast #sarcasm # not42 >> pic.twitter.com/r2IrYhxr28

— Ophir Harpaz (@OphirHarpaz) October 16, 2019

Isn't this way illegal for Harpaz's tweet? There are many voices.

“I don't know what will happen in the US, but in the EU, OneTravel is penalized for scamming consumers.”

I do not know the laws in the US, but within the EU this company would get a penalty for consumer deception.

— Christopher Dosin (@christopherdosi) October 18, 2019

Some people sympathized with the site developers, 'Maybe the developers haven't agreed with this method, so they didn't hide the source code on purpose.'

Maybe the developers don't agree with the practice so they are not putting effort in hiding it ????

— David da Silva @ LDN ???????? (@dasilvacontin) October 18, 2019

On the other hand, 'Math.random () is not secure for encryption. I use Crypto.getRandomValues (),' and some people messed up the code for random number generation.

Math.random () isn't cryptographically safe. I'd rather use Crypto.getRandomValues () ????

— Cl1pp0 (@ cl1pp0) October 19, 2019