HTTPS interception in Nokia's mobile browser
Posted Jan 25, 2013 12:27 UTC (Fri) by osma
Parent article: HTTPS interception in Nokia's mobile browser
The proxy is used to speed up mobile browsing by using compression. It is similar to what is done by the Opera Mini browser, which Pandya also noted in his first report. But, Nokia was also using the proxy for HTTPS traffic, which meant that it was decrypting the incoming stream at the proxy and re-encrypting it, using the real destination's key, before sending it onward.
This gives the impression that Opera Mini would not have done the same trick with decryption, compression and reencryption in its proxy server. But it does, mainly because the Opera Mini client is not a full web browser at all and doesn't work without the proxy part.
The only difference is that Opera has been a little bit more open about what it's doing, and the reasons for that. Technically both browsers did the same thing, sacrificing some security and privacy in the name of efficiency (less data to transfer over mobile networks, faster rendering on a resource-constrained device etc.).
to post comments)