Airline WiFi from Gogo is deliberately issuing fake SSL certificates in order to provide a better service.
Having been spptted by a Twitter user who turned out to be a Google Chrome security engineer, Adrienne Porter Felt noted that while accessing Google sites, the SSL certificate was actually being issued by Gogo – an “unstrusted issuer “ – instead of Google.
Gogo WiFi is offered on multiple national and international airlines, including American Airlines, Air Canada, Delta, United Airlines and Virgin Atlantic. Additionally, Gogo also provides customers in-flight texting and access to voice mail.
In a statement, Anand Chari, executive vice president and chief technology officer of Gogo, assured users that no user information is collected when any of techniques are being used and it takes customer privacy very seriously “and we are committed to bringing the best internet experience to the sky”.
“Right now, Gogo is working on many ways to bring more bandwidth to an aircraft,” he said. “Until then, we have stated that we don’t support various streaming video sites and utilise several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it.
“Whatever technique we use to shape bandwidth, It impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the internet on a Gogo equipped plane will have a consistent browsing experience. They are simply ways of making sure all passengers who want to access the Internet in flight have a good experience.”
Google has said that it is in direct contact with Gogo, and its team is investigating the issue.