Active Topics

 


Page 3 of 4 12 3 4
Reply
Thread Tools
peterleinchen's Avatar
peterleinchen is offline peterleinchen
2013-01-11 , 12:05
Posts: 4,117 | Thanked: 8,901 times | Joined on Aug 2010 @ Ruhrgebiet, Germany
#21
Originally Posted by reinob View Post
I don't get what the fuss is all about. If you want to use a proxy you know what you're getting.
FUSS is that Nokia does so without informing! (according to the blog)

Originally Posted by reinob View Post
I don't want a proxy, don't use one. Nobody forces you to do so.
Yep!
But this counts only for us "educated" people.

@juiceme
You are totally right.
And I am not (yet) going paranoid.
But this is one (in my eyes not needed) step more ...
__________________
SIM-Switcher, automated SIM switching with a Double (Dual) SIM adapter
--
Thank you all for voting me into the Community Council 2014-2016!

Please consider your membership / supporting Maemo e.V. and help to spread this by following/copying this link to your TMO signature:
[MC eV] Maemo Community eV membership application, http://talk.maemo.org/showthread.php?t=94257

editsignature, http://talk.maemo.org/profile.php?do=editsignature
 

The Following 2 Users Say Thank You to peterleinchen For This Useful Post:
juiceme is offline juiceme
2013-01-11 , 12:41
Community Council | Posts: 4,920 | Thanked: 12,867 times | Joined on May 2012 @ Southerrn Finland
#22
Originally Posted by peterleinchen View Post
@juiceme
You are totally right.
And I am not (yet) going paranoid.
But this is one (in my eyes not needed) step more ...
Yes, of course, I understand that. Mainly I was pointing out that you just have to trust something, even if nothing is really secure.
On the other hand being paranoid does not mean they are not out to get you...
 

The Following User Says Thank You to juiceme For This Useful Post:
reinob is offline reinob
2013-01-11 , 14:08
Posts: 1,808 | Thanked: 4,272 times | Joined on Feb 2011 @ Germany
#23
Originally Posted by peterleinchen View Post
FUSS is that Nokia does so without informing! (according to the blog)
Nokia announced the Xpress browser as being able to compress traffic 90%. OK, AFAIK they didn't explicitly say that this also applies to SSL, but they also didn't deny it.

I personally wasn't surprised they compress HTTPS traffic. After all, most ("useful") websites (except of course TMO) use SSL by default, or allow you to choose that as default (google, facebook, etc.)

In fact, if they didn't compress SSL-encrypted traffic, most "non-educated" users would (have) complain(ed) that they're not getting the claimed advantages when using this browser.
 

The Following 2 Users Say Thank You to reinob For This Useful Post:
kumary is offline kumary
2013-01-11 , 19:51
Posts: 152 | Thanked: 70 times | Joined on Aug 2012 @ India
#24
just an update on the issue reported here...

http://gaurangkp.wordpress.com/2013/...ia-https-mitm/

this is the complete blog and as per the update on 11th January Nokia has rolled out and update for xpress browser and it no longer decrypt the encrypted SSL data (ssems like a quick fix) but the data is still routed through the Nokia servers.

I hope they will soon release another update for browser to fix this once for all.

Cheers.. and continue supporting nokia as any body can make mistake

but it seems they made it a habbit :P (ditching maemo and meego was the biggest of all)
 

The Following 2 Users Say Thank You to kumary For This Useful Post:
woody14619's Avatar
woody14619 is offline woody14619
2013-01-11 , 20:22
Posts: 1,455 | Thanked: 3,309 times | Joined on Dec 2009 @ Rochester, NY
#25
Originally Posted by thedead1440 View Post
- Opera only compress http traffic and do not touch https traffic other than transmitting it from your phone to the destination
Sorry, but Opera Mini support and Wikipedia both say you're wrong here. They explicitly state that all traffic from the device to the server is compressed and encrypted (as of version 4.X), and that SSL encryption starts at Operas server. If they did it any other way, they would not be able to offer the services they do, like image shrinking/de-res and text compression.

Originally Posted by thedead1440 View Post
- Unlike Opera, Nokia's privacy policy or terms of service does NOT mention this
I would be very surprised if it's not mentioned in the legal section of the terms, be that with the software or in the documentation on the device if it's shipped with it. Since you clearly are wrong on your other point, I'm a bit skeptical at accepting your word on this as well.
__________________
Maemo Council Member: May 2012 - November 2012
Hildon Foundation founding member.
Hildon Foundation Board of Directors: March 2013 - Jan 15, 2014
 

The Following 2 Users Say Thank You to woody14619 For This Useful Post:
shadowjk is offline shadowjk
2013-01-12 , 19:01
Posts: 1,258 | Thanked: 672 times | Joined on Mar 2009
#26
SSL is broken, period. The trust model doesn't work.
 

The Following 2 Users Say Thank You to shadowjk For This Useful Post:
thedead1440 is offline thedead1440
2013-01-12 , 19:23
Moderator | Posts: 6,215 | Thanked: 6,400 times | Joined on Nov 2011
#27
Originally Posted by woody14619 View Post
Since you clearly are wrong on your other point, I'm a bit skeptical at accepting your word on this as well.
And you missed the caveat:
The above is what I gathered from the original blog but haven't verified it myself...
Anyway on the second page juicme corrected me on the Opera part of things already after I had asked for a clarification and as for Nokia's terms well I haven't had the time to go dig their policy but their quick PR replies and now action show they knew they had screwed up
 

The Following 2 Users Say Thank You to thedead1440 For This Useful Post:
The Wizard of Huz is offline The Wizard of Huz
2013-01-20 , 14:28
Posts: 347 | Thanked: 441 times | Joined on Dec 2010
#28
How is Nokia able to decrypt it? Isn't it supposed to only be readable to the end parties only?
__________________
Motorola M3688 → Ericsson R320 → Siemens S40 → Motorola V60c → Palm Treo 650 → Blackberry 9000 → Nokia N900 → HP Pre 3 → Nokia N900 → Nokia N9 → Nokia N900 → Nokia 808 → Blackberry Z10 → Blackberry Passport

Only dead fish swim with the stream.
 
erendorn's Avatar
erendorn is offline erendorn
2013-01-20 , 19:43
Posts: 738 | Thanked: 983 times | Joined on Apr 2010 @ London
#29
Originally Posted by The Wizard of Huz View Post
How is Nokia able to decrypt it? Isn't it supposed to only be readable to the end parties only?
In the usual way, for a given site, youe browser encrypts the data with the site's key. Only the website can decrypt it. Note that it's your browser that does the encryption.

If you want to compress data (not using full webpage) like this nokia browser or opera mini, you need to compress before encrypting, and decompress after decripting, and that doesn't work using the above method. So the browser compress the data, encrypts the data with nokias or opera's key, nokia decrypts it on his servers, decompress the data, encrypts with the target site's key, and the target site decrypts the data.

It's like you have half of your browser on your phone, and half in the cloud. As most cloud applications, it works best if you trust the cloud service provider.
 

The Following 4 Users Say Thank You to erendorn For This Useful Post:
The Wizard of Huz is offline The Wizard of Huz
2013-01-22 , 23:57
Posts: 347 | Thanked: 441 times | Joined on Dec 2010
#30
So Nokia has access to the target site's key and the browser's key?
__________________
Motorola M3688 → Ericsson R320 → Siemens S40 → Motorola V60c → Palm Treo 650 → Blackberry 9000 → Nokia N900 → HP Pre 3 → Nokia N900 → Nokia N9 → Nokia N900 → Nokia 808 → Blackberry Z10 → Blackberry Passport

Only dead fish swim with the stream.
 
Reply
Page 3 of 4 12 3 4

« Previous Thread | Next Thread »

 
Forum Jump


All times are GMT. The time now is 12:55.

Contact Us - Home - Archive - Top