Menu
Gogo inspects secure Web traffic in attempt to limit in-flight video streaming

Gogo inspects secure Web traffic in attempt to limit in-flight video streaming

In-flight Internet provider Gogo replaces the HTTPS certificates on sites like YouTube with self-signed ones

In-flight Internet provider Gogo is inspecting its users' traffic exchanged with secure sites by replacing those sites' HTTPS certificates with self-signed ones.

The company argues that this procedure, which is technically a man-in-the-middle (MitM) attack, is only performed for some video streaming sites as part of its efforts to limit or block the use of such services.

The issue came to light after Adrienne Porter Felt, an engineer and researcher with Google's Chrome security team, noticed a rogue HTTPS certificate when she tried to access youtube.com via Gogo's Wi-Fi service during a flight.

Porter Felt posted a screen shot of the certificate issued by Illinois-based Gogo on Twitter asking the company why it had replaced YouTube's real certificate. Her message sparked criticism of Gogo from other users.

The company responded Monday with a statement from its executive vice president and chief technology officer, Anand Chari.

"Right now, Gogo is working on many ways to bring more bandwidth to an aircraft," Chari said. "Until then, we have stated that we don't support various streaming video sites and utilize several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it. Whatever technique we use to shape bandwidth, it impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience."

Chari assured customers that no user information is being collected when such techniques are applied -- an obvious concern with MitM traffic inspection. Because the company's proxy system is positioned between the user and the sites whose certificate it replaces, it can see authentication cookies that can provide access to users' accounts on those sites and other potentially sensitive information.

It's not clear how efficient the use of this man-in-the-middle technique is at limiting video streaming, nor if it's even necessary. When encountering a self-signed certificate, most browsers display an error and users have to manually agree that they want to continue to the website.

In the case of Google Chrome, which keeps a list of trusted certificates associated with popular sites, including youtube.com, as part of a mechanism called certificate pinning, the error is persistent and hard to bypass.

"Users can't normally click through this particular warning," Porter Felt said on Twitter. "You gotta know the secret sauce to force it to load the page."

This means that for many users YouTube streaming won't be just throttled, but completely blocked, and if that's what the company aimed for, there are easier ways to achieve it without inspecting secure traffic.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyGoogleonline safetyGogo

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments