Slashdot Mirror

← Back to Stories (view on slashdot.org)

In-Flight Service Gogo Uses Fake SSL Certificates To Throttle Streaming

Posted by samzenpus on from the was-that-wrong? dept.

Amanda Parker writes In-flight internet service Gogo has defended its use of a fake Google SSL certificates as a means of throttling video streaming, adding that it was not invading its customer's privacy in doing so. The rebuttal comes after Google security researcher Adrienne Porter Felt posted a screenshot of the phoney certificate to Twitter. From the article: "The image clearly shows that Gogo signed the certificate, not Google, thus misleading customers and opening the door to malware on users' devices. It also serves as a way to throttle data and limit traffic on its networks. 'Gogo takes our customer's privacy very seriously and we are committed to bringing the best Internet experience to the sky,' CTO Anand Chari said in a Monday statement."

4 of 163 comments (clear)

  1. Why would you need this for throttling? by phorm · · Score: 5, Insightful

    Why would this even be needed for throttling? If you don't want a customer downloading at more than 256kbps, then throttle him or her to 256kbps (or whatever).
    If you don't want a given connection at more than 256kbps, then throttle each connection at 256kbps

    Hell, if you *just* want to throttle youtube, then have your DNS hosts respond with an address you control for all youtube requests and throttle that one (then NAT through the actual traffic without breaking encryption).

    There seems to be very little benefit in decrypting SSL for throttling purposes, and a lot more benefit in viewing users' private correspondence (emails, G+, whatever else uses that certificate chain).

  2. Editorial (HAH!) Heads-Up by idontgno · · Score: 5, Insightful

    2nd link in TFS ("use of a fake Google SSL certificates as a means of throttling video") is a self-starting video at PCMag. Because, I guess, we at Slashdot can no longer read for ourselves and must be read to (after the advertising plays).

    It used to be customary to warn people of objectionable formats and maybe link to non-crap sources. Kthxbye.

    --
    Welcome to the Panopticon. Used to be a prison, now it's your home.
  3. Re:Get What You Pay For by sycodon · · Score: 5, Insightful

    You lied when you sold it to the second user.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
  4. Re:Well it's okay when WE do it... by Feral+Nerd · · Score: 5, Insightful

    what's wrong with streaming? Why should a user using 1GB visiting web pages should get more priority than another user streaming a 1GB video?

    There is nothing wrong with streaming, but is there something wrong with bandwidth rationing to ensure that all the customers on your plane have the same same share of a a limited resource? The guy using web pages trying to plan activities at his destination is never going to download 1Gb of data during a flight just browsing websites, while a dozen streaming users might hog all the bandwidth over a limited connection ruining the experience for everybody else on the plane. Gogo claims they are doing this in order to be able to prevent bandwidth hogs from using encrypted connections to bypass their bandwidth rationing mechanism but I don't really get why that is necessary. Surely you can bandwidth limit an encrypted connection without having to know what is being transmitted over that connection, so if somebody is streaming a video on full HD over SHTTP they'd simply get a poor frame-rate without GoGo ever needing to know what they were viewing.