A number of publications, including Ars Technica, have reported that Gogo is issuing fake HTTPS certificates to users visiting YouTube. HTTPS, when properly used, assures users that:
1. They are actually visiting the real site; Youtube in this case.
2. The communications between the visitor and the site, including passwords and cookies, are encrypted.
Ars Technica shows a screenshot of the fake certificate. It clearly shows that the issuer is Gogo rather than a Certificate Authority (CA) that the browser trusts; hence, the pop-up warning. Unfortunately, Continue reading Gogo Issues Fake HTTPS Certificates
Over the past few days, media outlets have been reporting that Verizon has been inserting a string of letters and numbers called a UIDH into outgoing http requests made by its customers. The string uniquely identifies a specific device. The diagram in Jonathan Mayer’s blog post provides a good picture of how the process occurs and how this string can be used. Basically, a website that receives the string can pass it along to an advertising exchange which in turn pays Verizon for information on the subscriber that allows them to show more relevant ads.
Mayer’s post states that at a minimum, Verizon reveals Continue reading The Lowdown on Phone Carrier UIDH Injection
Comcast has begun injecting ads into webpages accessed by users using one of its 3.5 million public Wi-Fi hotspots. With this action, Comcast joins the list of businesses (e.g. airports) that provide Wi-Fi service with ads.
Another potential solution is to use a VPN, which encrypts all the traffic between you and the VPN provider instead of between you and the website.