Gogo issues fake HTTPS certificate to users visiting YouTube
(Ars):
http://arstechnica.com/security/2015/01/gogo-issues-fake-https-certificate-to-users-visiting-youtube/
Mandatory HTTPS connections have long been the bane of people using
so-called "captive-portal" Internet services offered by hotels and
conferences. Typically, such services redirect first-time users to a
terms of service page before they can browse the Internet. Those
redirections often stall when users first try to visit encrypted
webpages, creating a hugely frustrating problem for end users,
broadband providers, and website operators alike. While this is a hard
problem to solve, Gogo's current approach sets a bad precedent.
Promising not to monitor or collect sensitive data isn't the same
thing as being unable to do it. The entire premise of HTTPS is at
stake.
- - -
Unacceptable. Period.
--Lauren--
Lauren Weinstein ([email protected]): http://www.vortex.com/lauren
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Member: ACM Committee on Computers and Public Policy
I am a consultant to Google -- I speak only for myself, not for them.
Lauren's Blog: http://lauren.vortex.com
Google+: http://google.com/+LaurenWeinstein
Twitter: http://twitter.com/laurenweinstein
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad
