Purple.com is apparently Virgin Atlantic’s choice of domain for its In-flight Wi-Fi landing page. But what does that mean? Greetings from sky bar of Airbus A330! Shortly after I boarded my favourite airline, I couldn’t help but notice the crew member sneak in something along the lines of, during the safety announcement. I did not, at the time know if this was an official branding strategy employed by Virgin or something that the cheeky crew manager made up uffice to say, the technical gears in my head started turning rapidly. “If you can’t find the page that lets you connect to Wi-Fi, just go to purple.com and you’ll get there,” in the air. S It’s clever. After all is Virgin Atlantic’s theme colour, as abundantly evident from cabin décor and colour scheme. But as always, I’m here to help you understand the technical workings behind the scenes that make “claiming” at 35,000 feet possible. purple purple.com In , the domain is owned by mattress giant and is actively used by them. On Earth, visiting would lead you to the mattress retailer’s website. This also becomes clear right after you pay for Gogo In-flight Wi-Fi and retry visiting in your browser. That’s when you’ll get to the mattress seller’s website instead. real life purple.com Purple® purple.com purple.com But that should make you wonder, how could be owned by Virgin Atlantic, Gogo Inflight Wi-Fi and the mattress seller all at the same time? This is where come into play. purple.com local domains Local domains and DNS Local domains or hostnames, in a make it possible for network administrators to (pun) and redirect it to an intranet website of their choice, such as a . That’s the “sign-on to Wi-Fi” portal typically presented by hotspots until you accept their terms of service or if applicable, pay the charges. Whether such a domain exists on the gigantic World Wide Web WWW or not, has no relevance. That means a network admin could make anything up … , whether these domains exist in on the internet or not isn’t a prerequisite. certain context, make any domain up in the air Captive Portal localhost axsharma, ax.wifi, inflight.com, purple.com, virginwifi.go… reality — Anyone connecting to the network — your routing devices or access points, will be redirected to the location of your choice when they visit these locally setup domains. In some cases, the Wi-Fi access point, also acting as the DNS server, can the actual IP address of a domain with a different one, thereby redirecting you elsewhere. through you override Local domains indeed make it possible to host your websites accessible only to a select few members of a dedicated network but not the outside world — the internet. It’s what makes possible! corporate intranet However, in case of most Wi-Fi hotspots — in-flight or on ground, local domains may not be at play because visiting virtually website should redirect you to the in-flight W-Fi purchase portal or “sign-in page,” as long as you haven’t paid charges or accepted terms of service. always any Typical workflow implemented by Wi-Fi hotspots ( ) Image credit Security This is also why when connecting to webpages beginning with https — which is nearly all of the pages today, over a public Wi-Fi hotspot, you get a series of SSL errors up until the point you “sign-in to the hotspot” or visit a non-HTTPS website. This happens because of a certificate mismatch. The website you are trying to visit, let’s say, is “ facebook.com” but the router is persistently redirecting all HTTP/HTTPS traffic to its access point homepage, the SSL certificate of which was issued (e.g. https:// only for that homepage airborne.gogoinflight.com). https:// An example SSL/TLS certificate mismatch errors Web browsers treat this as a security issue because you are visiting but effectively being served a website whose certificate clearly dictates you are on . Browsers see this as an ominous sign of a attack where an attacker has possibly in-flight routing devices to redirect users to a malicious page instead, although in most cases this isn’t the case. facebook.com airborne.gogoinflight.com Man-in-the-Middle (MitM) hijacked It can further be confirmed that local domains are not at play here by running a simple DNS lookup. Looking up the IP addresses of DNS servers, returned the same result and both in-flight (whether prior to or post payment) as well as on Earth. purple.com’s 104.20.55.235 104.20.56.235 DNS query (nslookup) results for purple.com in-flight, pre or post payment: DNS query (nslookup) results for purple.com on Earth: The finding implies aren’t really being used and rather employed by Gogo In-flight WiFi is redirecting any and all HTTP(S) traffic to its sign-in page, up until the point a payment is made. Had this not been the case and was officially setup locally by the network admin, we’d get very different DNS results at 35,000 feet and on Earth. local domains captive portal purple.com Impromptu Branding Although fair point to note, more likely than not, the name or for that matter is merely being used as a catchy, marketing phrase that’s easy to remember for passengers. In actuality, or phrase — even your own name followed by a forward slash, should redirect you to the in-flight Wi-Fi page as you’ve likely observed. purple.com any domain any domain purple.com or any domain redirects users to the Wi-Fi captive portal until they sign-in. When asked if had anything to do with strategic branding, Virgin Atlantic’s spokesperson officially responded with: purple.com the specific website mentioned isn’t something we’re affiliated with and it isn’t part of our procedure to tell our customers to use that site, so we expect that it was a case of the crew using their initiative on the day. But for Virgin Atlantic, this is clever marketing generated by the crew member. At over 35,000 feet you may easily lose track of time left to your destination or what your choice of red wine was, but stays fresh in your memory for long. on the fly purple.com © 2019. ( ). All Rights Reserved. Akshay “Ax” Sharma Twitter
