Photo courtesy of Thinkstock
Inflight Internet service provider Gogo, which operates on about 2,000 commercial aircraft, has been posing as Google and acting as a middleman when passengers surf the web.
And while the company says it's doing so to regulate bandwidth on airplanes and accommodate all passengers, the concern among critics is that it opens Gogo users up to online security breaches and hacks.
To explain the intricacies, the Internet technology Secure Socket Layer (SSL) employs security certificates when users scan between webpages. Most service providers allow their browsers to communicate directly with the website's official SSL certificate, but Gogo is swapping in its fake SSL certificates to communicate with the browsers instead.
Naturally, a software engineer on the Google Chrome security team was the one that discovered Gogo's practice. The engineer, Adrienne Porter Felt, tweeted on Jan. 2:
Amid the uproar that followed, Gogo Executive Vice President and Chief Technology Officer Anand Chari issued this statement:
"Gogo takes our customers privacy very seriously and we are committed to bringing the best internet experience to the sky. Right now, Gogo is working on many ways to bring more bandwidth to an aircraft. Until then, we have stated that we don't support various streaming video sites and utilize several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it. Whatever technique we use to shape bandwidth, It impacts only some secure video streaming sites and does not affect general secure internet traffic. These techniques are used to assure that everyone who wants to access the Internet on a Gogo equipped plane will have a consistent browsing experience.
We can assure customers that no user information is being collected when any of these techniques are being used. They are simply ways of making sure all passengers who want to access the Internet in flight have a good experience."
The concern obviously goes beyond the horror of not being able to use YouTube. While Gogo states that its man-in-the-middle practice doesn't affect "general secure internet traffic" and "no user information is being collected when any of these techniques are being used," many have their doubts and have lashed out at the company.
PC Magazine called Gogo's practice "a big no-no in online security."
Tech Dirt noted, "[Gogo] loves to datamine and it definitely makes an effort to "shape" traffic by curtailing use of data-heavy sites."
Steven Johns of technology news website Neowin expressed considerable concern, pointing out that Gogo has worked with law enforcement and participated in investigative activities that go beyond complying with federal law:
"It was revealed through the FCC that Gogo partnered with government officials to produce 'capabilities to accommodate law enforcement interests' that go beyond those outlined under federal law. It mentioned how it worked closely with law enforcement and directly baked spyware into their service. If that wasn't bad enough, based on this revelation, Gogo is now intentionally attacking its users' browsing sessions to remove any line of defense that a user may have, and based on their history, it cannot be trusted that it is being done for any legitimate reason."
In an age when users are being tracked extensively on the Internet, Gogo's practice begs the question: How much is too much?
Many studies have come out recently indicating users will sacrifice some privacy for more personalized ads online, but the latest backlash may suggest there is still a line you can't cross.
Gogo operates on several major airlines, including American Airlines, United, US Airways, Delta, Virgin America, Alaska Airlines, Air Canada and Japan Airlines.
For the latest travel news, updates and deals, subscribe to the daily TravelPulse newsletter.
Topics From This Article to Explore