I'm curious if they have data about how much compression they are achieving? Most HTTPS servers are set up by people who use quite a bit of compression in the payload (gzip of web pages, etc, "minification" of javascript), so I would hypothesize that the actual savings are minimal on the average.

However, it points out that there is a man-in-the-middle problem with HTTPS alone. Your phone's browser should be checking the certificates more rigorously than it does. It can do that quite easily, and I think the destination can do that in Javascript that comes with the pages.

"We don't look" is not a defense in the EU privacy regime, and probably not in the US one (though many US Senators think that ISP's looking at content is just fine).

-----Original Message-----
From: "Maciej Soltysiak" <maciej@soltysiak.com>
Sent: Thursday, January 10, 2013 9:46am
To: cerowrt-devel@lists.bufferbloat.net
Subject: [Cerowrt-devel] Nokia decrypts user's HTTPS to compress to improve speed

http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking

Have a look at what corporations resort to when they're in need of serious debloating and things like TCP Fast Open? :-|

Regards,

Maciej