Opera Mini Users Alert: theres a proxy server in your ssl connection

In Geek Stuff on January 17, 2008 at 2:34 pm

From the Opera Mini FAQ:

Is there any end-to-end security between my handset and — for example — or my bank?

No. If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.
Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the web page. Therefore no end-to-end encryption between the client and the remote web server is possible.

To the non geeks, what this means is that if you are using the Opera Mini (NOT the regular Opera) browser on your mobile phone to browse the Internet, all connections are actually being passed through servers within Opera rather than going directly to the web site.

This is done so that Opera can optimise and customise the web page so that it displays in a clean and neat format on your tiny mobile phone screens. A very nice feature. Except that for SSL (the secure connections) this is a HUGE BIG FAT NO. If you’re doing Internet banking or trading or buying something with a credit card, your so called secure connection is actually being intercepted by Opera and is being decrypted for you before being re-encrypted using their own encryption implementation. All your bank/credit card/personal data *can* be seen in plain text by Opera or rather the folks who work in Opera.

WTF! They shouldve left SSL connections alone. I don’t think this is very responsible of them. If you have to use Opera Mini as the alternative to the piss poor BlackBerry browser, just make sure that you don’t submit any confidential or sensitive information using any forms. Or just don’t bother with Opera at all.

  1. There are people who do banking through the Mobile?! Jeebus–that sounds so uncomfortable, but then again, what do I know… I don’t believe in logging on the ‘net through my mobile in the first place. Facebook and e-mail can wait till i get home.

  2. I have recently started a website, the info you provide on this site has helped me greatly. Thank you for all of your time & work.

  3. That is not exactly true. Firstly tls/ssl is decrypted only in certain cases and secondly they do not keep or be able to actually view any information (a little naive maybe but it is written in their privacy statement). Honestly I think it’s more worrying to have sneaky apps(or programs in case of PC) that record all that instead of opera doing that. And if you’r going to do that sort of things on the unprotected wifi network then… well… nothing to say more….

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: