[cryptography] Gogo inflight Internet uses fake SSL certs to MITM their users
peter at allicient.co.uk
Tue Jan 6 11:01:21 EST 2015
On 6 January 2015 at 15:40, Jeffrey Altman <jaltman at secure-endpoints.com>
> On 1/5/2015 8:47 PM, John Levine wrote:
> > They claim they're doing it to throttle video streaming, not to be evil.
> > Am I missing something, or is this stupid? If they want to throttle
> > user bandwidth (not unreasonable on a plane), they can just do it.
> > The longer a connection is open, the less bandwidth it gets.
> I suspect that throttling user bandwidth is not the goal. Instead they
> are attempting to strip out embedded video from within http streams.
> Since the video stream might be sent over the same tcp connection as
> non-video content they can improve the user's experience by delivering
> all but the video.
So why do they not take a more traditional approach of:
i. blocking obvious video services (YouTube, etc) wholesale; and,
ii. limiting sustained bandwidth per user at a level that would frustrate
viewing video anyway.
It's somewhat easier to do than intercepting SSL/TLS connections.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography