[dehrmann]

This is a level of probing anyone with a good understanding of HTTPS could do. It's not like mac spoofing or or setting up a honeypot (have fun stopping those). I think you set your bar one or two notches too low for what someone in tech can do. Practically, though, your bar is fine because this isn't actually a "security" vulnerability in the sense that something was leaked (worry more about honeypots), just that one or two people per flight might be mooching, and that's not worth engineering for.

It's interesting that you and your team thought of legal consequences before asking if this is an edge case that's not worth engineering for.

[UperSpaceGuru]

Someone in tech can do a lot. But anonymity of the web vs being 1/~120 on an aircraft where you gave your name and other vital info before boarding is a little different. Anyone going to extremes (like using fake travel docs) likely has far more nefarious intent than getting a little free WiFi.