"Because of the issues in the past, they should really be worried about reestablishing trust with their customers," Walter said. "And performing a man-in-the-middle is the wrong way to go about that."
According to Francis Turner, VP of Research at Carlsbad, CA-based ThreatSTOP Inc., Gogo's approach also has usability consequences.
A user who is, say, visiting one of the sites that Gogo set up the proxy for would set of browser alarms because there is no way to distinguish between Gogo's fake certificate and a malicious one.
Chrome, for example, detects that the certificate is invalid and makes it hard to continue to the site, said Turner.
Matt Nelson, president and CEO of Alabama-based AvaLan Wireless Systems, Inc., a wireless hardware manufacturing firm, said that new laws are needed to make this kind of activity illegal.
"This is equivalent to wiretapping or recording of phone conversations without the person's knowledge," he said. "While I appreciate the airlines wanting to keep things safe, there should be limits to how much personal information is needed in order to hop onto a plane and use their WiFi."
Sign up for Computerworld eNewsletters.