On the subject of cache-timeout alteration, the company maintains that they are absolutely not altering those settings for pages which are loaded through the service. Moreover, when there is content being loaded which they serve directly they are setting the cache option to a "no-cache; must-revalidate" setting which should force all modern browsers to pull a fresh copy of the data every time. Because the claims about the cache alteration came from a 3rd party which they haven’t been able to validate there isn’t a lot more to go on here as to what actually happened. We are left with something of a he said, she said sort of situation. Still, knowing that the service shouldn’t be altering the cache setting is somewhat reassuring.
Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.
I’d rephrase “And pages loaded via a secured protocol (HTTPS) won’t be altered at all between the server and the end-user” somewhat: even if they wanted to, they cannot look into and change the SSL traffic, so they cannot modify/”enhance” the pages.
It seems pretty clear where that “Flying Adapter” is likely going to be used for. Today they show you weather and flight info. Tomorrow… “useful” ads.
Saying they cannot do it is slightly disputable, Oliver. It depends on whether they wanted to play the man-in-the-middle attack game or not. I wouldn’t ever expect any legitimate company to do that but I figured it was worth noting that they aren’t.
As for the space becoming a platform for advertising, that wouldn’t surprise me. It also wouldn’t disappoint me if that meant the product was free. If I’m paying for it I’d be less welcoming of the ads.
A man-in-the-middle attack over HTTPS would be very difficult because they would not be able to provide a valid SSL certificate. Even if they were able to hijack the public key, un-encrypt, inject additional code, and re-encrypt, your web-browser would be throwing up major warnings over the lack of authentication from a certification authority.
Comments are closed.