[cryptography] Gogo inflight Internet uses fake SSL certs to MITM their users

shawn wilson ag4ve.us at gmail.com
Tue Jan 6 11:34:54 EST 2015


You can smartly limit resolution in squid - I don't trust this is what
they were doing, but you could provide a better experience like this.

On Tue, Jan 6, 2015 at 11:01 AM, Peter Maxwell <peter at allicient.co.uk> wrote:
>
>
> On 6 January 2015 at 15:40, Jeffrey Altman <jaltman at secure-endpoints.com>
> wrote:
>>
>> On 1/5/2015 8:47 PM, John Levine wrote:
>> >
>> >
>> > http://venturebeat.com/2015/01/05/gogo-in-flight-internet-says-it-issues-fake-ssl-certificates-to-throttle-video-streaming/
>> >
>> > They claim they're doing it to throttle video streaming, not to be evil.
>> >
>> > Am I missing something, or is this stupid?  If they want to throttle
>> > user bandwidth (not unreasonable on a plane), they can just do it.
>> > The longer a connection is open, the less bandwidth it gets.
>>
>> I suspect that throttling user bandwidth is not the goal.  Instead they
>> are attempting to strip out embedded video from within http streams.
>> Since the video stream might be sent over the same tcp connection as
>> non-video content they can improve the user's experience by delivering
>> all but the video.
>
>
> So why do they not take a more traditional approach of:
>
> i. blocking obvious video services (YouTube, etc) wholesale; and,
>
> ii. limiting sustained bandwidth per user at a level that would frustrate
> viewing video anyway.
>
>
> It's somewhat easier to do than intercepting SSL/TLS connections.
>
>
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>


More information about the cryptography mailing list