Nokia Admits Decrypting User Data

[shabby]

http://www.techweekeurope.co.uk/news/nokia-decrypting-traffic-man-in-the-middle-attacks-103799
http://falkvinge.net/2013/01/11/dea...etapping-encrypted-traffic-from-its-handsets/

When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.

So it seems nokia is decrypting all secure content when using its browser, same goes for opera mini(wonder if amazon's silk does this too?), but its ok its done is a secure manner...
Not sure nokia understands the purpose of ssl, its supposed to be secure between the user and the target, anything that decrypts it in between is a mitm attack.

 

[podspi]

How did you expect it to work? I suppose uneducated users might be surprised, bit this is the only way to do it if your compressing data. I never looked into it, but I always assumed they were doing it this way for Opera Mini as well as any other browsers that pass data through a proxy for compression.

I don't think there is much to see here. If a product says it passes browsing data through its servers to compress and speed up delivery, that is what you should expect. I don't think they are being dishonest at all.

 

[Mopetar]

I don't know about Opera, but I believe that Amazon just doesn't route https through their proxy so it's not a problem.

 

[Jodell88]

I don't think they're doing this with their Windows Phone handsets.

 

[Canbacon]

This is for the "Nokia Xpress Browser". Nokia's version of Opra Mini. They take pages and compress the data for people on super low data caps. This is mainly for the low end phones and the Asha (features phone) line.

If I remember correctly, Nokia in the agreement screen states that this should not be used for sensitive information. I think Opera Mini has that same disclaimer. Nothing really new here.