The website she was visiting had a big red X over the padlock icon on the URL bar, which is usually a sign that something isn’t right. The page she was looking at was supposed to be protected by HTTPS but unfortunately it wasn’t. Upon closer inspection, Porter discovered that the certificate wasn’t signed by the website she was visiting (which was YouTube), but rather Gogo themselves while pretending to be Google.
In a statement released by Gogo, their intent was not malicious, but rather one of the methods they employ to limit/block streaming. “We have stated that we don’t support various streaming video sites and utilize several techniques to limit/block video streaming. One of the recent off-the-shelf solutions that we use proxies secure video traffic to block it.”
That being said while Gogo’s justification does make sense to a certain degree, it does leave the door open to be hijacked by a third-party to perform man-in-the-middle attacks where malware is injected into the user’s computer while browsing what they assume is a perfectly innocent website. In any case hopefully with the attention brought to this, Gogo will reconsider their practices in the future.