[Cerowrt-devel] Nokia decrypts user's HTTPS to compress to improve speed

dpreed at reed.com dpreed at reed.com
Thu Jan 10 06:58:00 PST 2013


I'm curious if they have data about how much compression they are achieving?  Most HTTPS servers are set up by people who use quite a bit of compression in the payload (gzip of web pages, etc, "minification" of javascript), so I would hypothesize that the actual savings are minimal on the average.
 
However, it points out that there is a man-in-the-middle problem with HTTPS alone.  Your phone's browser should be checking the certificates more rigorously than it does.  It can do that quite easily, and I think the destination can do that in Javascript that comes with the pages.
 
"We don't look" is not a defense in the EU privacy regime, and probably not in the US one (though many US Senators think that ISP's looking at content is just fine).
 
-----Original Message-----
From: "Maciej Soltysiak" <maciej at soltysiak.com>
Sent: Thursday, January 10, 2013 9:46am
To: cerowrt-devel at lists.bufferbloat.net
Subject: [Cerowrt-devel] Nokia decrypts user's HTTPS to compress to improve speed



[http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking] http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking

Have a look at what corporations resort to when they're in need of serious debloating and things like TCP Fast Open? :-|

Regards,
Maciej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20130110/bc7eaab3/attachment.html>


More information about the Cerowrt-devel mailing list