Browser/device manufacturers & MITMing/proxying HTTPS

Discussion in 'privacy general' started by TheWindBringeth, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    Came across this today:

    Nokia Admits Decrypting User Data But Denies Man-in-the-Middle Attacks
    http://www.techweekeurope.co.uk/new...e-middle-attacks-103799?ModPagespeed=noscript

    which also suggests that Opera Mini does a MITM of HTTPS connections. Elsewhere I saw contradictory information about whether Amazon Silk does this as well. Then stumbled across these:

    http://www.igvita.com/2012/06/25/spdy-and-secure-proxy-support-in-google-chrome/
    http://www.igvita.com/2011/12/01/web-vpn-secure-proxies-with-spdy-chrome/

    which suggest Amazon Silk doesn't route the *HTTPS* traffic through their SPDY proxy. This is my first introduction to SPDY proxies and I find the scenario of tunneling SSL over an SSL connection to a SPDY proxy interesting. I think this passes target hostname/port to said proxy which may or may not be acceptable based on the situation.

    Anyway, thought I'd post some of this as an FYI and reminder to check how browsers/devices actually operate.
     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    This comes back down to the whole trusting of these special compression services. All of them pretty much work the same way. The server does the browsing and sends that data back to your mobile device in compressed form. That server could do anything with your data.

    Personally, I wouldn't trust any of them. But I'm lucky enough not to live in an area where I'd need compressed web browsing.
     
  3. ComputerSaysNo

    ComputerSaysNo Registered Member

    Joined:
    Aug 9, 2012
    Posts:
    1,425
    Nokia has been caught doing this kind of stuff for awhile now, selling equipment to opressive regeims so it's no surprise they would do this.
     
Loading...
Thread Status:
Not open for further replies.