dannyman.toldme.com


Technical, Technology, Testimonials

Southwest WiFi and Net Neutrality

Good news! Southwest Airlines offers wifi on my flight! Only $5 introductory price! I have to try this out!

The service is “designed by Yahoo!”

It is kind of really really slow to make connections.

Wait . . . WTF is this?!!

Southwest Header Injection

Yup. Southwest Airlines wifi does HTTP session hijacking to inject content in to your web pages.

This is a perfect illustration of the need for net neutrality: your Internet Service Provider should not interfere with your ability to surf web pages. This would be comparable to your phone company interrupting your telephone calls with commercials. Outrageous! Wrong! Bad!!

(On Mei’s computer there are actual ads in the blue bar on top, but my AdBlock plugin filters those.)

It gets worse from there. On the “designed by Yahoo!” experience you can surf on over to Yahoo! just fine. But I’m a Google man. Here’s what Google looks like:

You Can't Get There From Here

Work-around #1: On sites that support them, use HTTPS URLs. Those are encrypted, so they can’t be hijacked. So, where http://www.google.com/ fails, https://www.google.com/ gets through!

But my little WordPress blog lacks fancy-pants HTTPS. And the session hijacking breaks my ability to post.

Work-around #2: If you have a remote shell account, a simple ssh -D 8080 will set up a SOCKS proxy, and you can tell your web browser to use SOCKS proxy localhost:8080 . . . now you are routing through an encrypted connection: no hijacking!

Update: they charge is $5/segment, so $10 if your plane stops in Las Vegas, and you get to type your credit card number a second time. Though, on the second segment, Google loads okay, but I still had to route through the proxy because the magic header was blocking WordPress’ media interface.

Update: holy packet loss, Batman!

0-20:20 dannhowa@dannhowa-w510 ~$ ping -qc 10 www.yahoo.com
PING any-fp.wa1.b.yahoo.com (72.30.2.43) 56(84) bytes of data.

--- any-fp.wa1.b.yahoo.com ping statistics ---
10 packets transmitted, 8 received, 20% packet loss, time 10011ms
rtt min/avg/max/mdev = 805.813/1669.936/3452.445/936.527 ms, pipe 4
0-20:21 dannhowa@dannhowa-w510 ~$ ping -qc 10 www.google.com
PING www.l.google.com (74.125.19.99) 56(84) bytes of data.

--- www.l.google.com ping statistics ---
10 packets transmitted, 6 received, 40% packet loss, time 11460ms
rtt min/avg/max/mdev = 661.391/2203.774/4022.638/1383.736 ms, pipe 5

At least they aren’t discriminating at the packet level.

Update: it sucked less later on, but still incredible latency:

0-21:07 dannhowa@dannhowa-w510 ~$ ping -qc 10 www.yahoo.com && ping -qc 10 www.google.com
PING any-fp.wa1.b.yahoo.com (98.137.149.56) 56(84) bytes of data.

--- any-fp.wa1.b.yahoo.com ping statistics ---
10 packets transmitted, 8 received, 20% packet loss, time 8998ms
rtt min/avg/max/mdev = 699.470/1023.412/2003.447/481.359 ms, pipe 3
PING www.l.google.com (74.125.19.147) 56(84) bytes of data.

--- www.l.google.com ping statistics ---
10 packets transmitted, 8 received, 20% packet loss, time 9003ms
rtt min/avg/max/mdev = 690.500/1201.541/2052.341/483.891 ms, pipe 3

The Gogo Wireless on Virgin America always worked way better than this, and Google covers the cost over the holidays. And as far as I know: no session hijacking!

Read More

Next:
Previous:
Categories: Technical, Technology, Testimonials

  • Anonymous

    Freudian slip with “ssd -D 8080” ?

  • Whoops! Nice catch, sir! Thanks! -danny

  • clply_admin

    They also manipulate the cache headers so the content is cached way longer than intended – this then breaks the page when you load the page the next day from a real network and it can’t find their injected scripts.

  • blahblah98

    Came here to say this. The day after a SWA flight refreshing a page on my home network, I notice ridiculous slowness and non-loading items. Checking Adblock Plus Blockable Items, I see “http://connected.southwestwifi.com/adapter/{top,bottom}_post.js” showing up. Plus I could NOT do any freakin’ google searches.

    WTF, Southwest? Do y’all even use your own crapware? I keel you now.

  • sanbeiji

    Same problem here. Clearing cookies did the trick. Useless to have that cookie set for more than the maximum ride on any given Southwest flight, not to mention it makes the browsing experience horrific to add their own header/footer nonsense.