In-flight internet and content manipulation: What are you really seeing?


An interesting report has surfaced on an internet security focused mailing list. The story is told by a support engineer who received a call from an end-user complaining that a website wouldn’t load. After confirming that the web server was functioning properly they started to troubleshoot the laptop which was experiencing the issues. That’s where things get interesting:

After the usual "it works for me" dance we took a look at his computer and found his browser had a cached copy of our home page containing requests for two javascript files not present on the original.

What happened is he flew on SouthWest airlines yesterday and their in flight wifi injected the scripts into the page which was then cached by the browser (they also manipulated the page cache headers to make the content cacheable far longer than intended). When he tried to load the page on our network the server addresses for the scripts were not reachable so the browser appeared to hang until the connection timed out.

In other words, when the user went to look at a website the Row44 in-flight internet system altered the content being returned to the laptop. It changed the cache lifetime of the page, likely to reduce bandwidth consumed should the passenger refresh the page. That’s almost a reasonable action to improve performance, though caching on the gateway rather than the client is probably more appropriate. But the provider also added some of their own content to the page in the form of those javascript files. It isn’t clear what those files actually did (other than break things when the guy got back to the office) but they were definitely there.

Row44 isn’t alone in playing this sort of game to improve performance "behind the scenes" in ways that customers might not be aware of. Gogo will alter images as they are loaded to the end-user device, increasing the compression and decreasing the image quality to reduce file size where possible, for example.

Users won’t continue to pay for the product if the service quality doesn’t meet their needs. And as it stands already finding paying customers is a challenge for the providers. So it makes sense that they are doing anything they can to reduce the bandwidth consumed, especially where it doesn’t seem to impact the user experience. But actions like this can also have a quite negative customer impact. The company involved in the above discovery has now prohibited use of the Row44 services, owing to the data manipulation issues. Oops.

Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.


Seth Miller

I'm Seth, also known as the Wandering Aramean. I was bit by the travel bug 30 years ago and there's no sign of a cure. I fly ~200,000 miles annually; these are my stories. You can connect with me on Twitter, Facebook, LinkedIn and .

12 Comments

  1. Does Row44 allow ssl encrypted connections? If not, then it is crap, if they do then problem solved.

  2. Almost any data manipulation is, technically, illegal. The owner of the original content (HTML page, script, whatever) owns its copyright and will most likely have a policy prohibiting manipulation without approval. I agree with you and go a step further: the *only* acceptable way for them to do what they’re doing is to do it on the gateway, which is their property.

  3. It seems like some hotel systems do this kind of thing too. Often I am forced to reboot before successfully using my computer elsewhere.

  4. @Seth

    Does Southwest participate, or plan to participate, in any of the mega point alliances (e.g. one world, star, etc)?

    I want to make an international trip and have a ton of Southwest point and am wondering how I can use those points towards a trip.

  5. @Derick: They do not participate in an alliance, but you can redeem for international tickets a couple of ways.

    First is through being a Rapid Rewards credit card holder. You can redeem your points through Chase for international flights with any carrier, based on availability. Not sure of the redemption rates, but it’s an option.

    Second is that you can transfer your RR points to Airtran and book international travel (mainly Caribbean and Mexico) on Airtran’s network.

    Don’t know if there are other ways to redeem. Check out Milepoint.com or Flyertalk.com to learn more from the “experts.”

  6. So in other words, Row44 installed “malware” on the computer that caused economic damage. Nice!

    1. I won’t go so far as to call it malware without knowing exactly what was in the javascript files. And suggesting that there was economic damage is certainly a stretch. That said, there is definitely evidence out there that the content is being altered at some point in the process and that is somewhat worrisome.

      As for the SSL thing, not all sites support SSL and the performance hit from a VPN tunnel – assuming you can keep one up consistently with the latency – isn’t worth it for most folks. And that doesn’t even get to the potential for man-in-the-middle SSL spoofing.

      1. A quick update here…I heard back from some folks at Row44 and they are suggesting that the claims being made aren’t 100% accurate. I have a follow-up call with them scheduled for Friday to get more details. We’ll see where that leads.

  7. i am a web developer and I was doing some QA work on a gogo equipped delta flight and I was chatting with my team on the ground about an issue with low image quality. They said it looked great, so I finally sent them the image I was seeing and it was much lower quality. Extra compression is standard for gogo and i see it a lot more now. I have never checked to see if other elements were being manipulated. Theoretically they could intercept ad views and replace them with their own but that would certainly be a violation of copyright and not good for the users.

Comments are closed.

BoardingArea