I'm curious if they have data about how much compression they are achieving?
Most HTTPS servers are set up by people who use quite a bit of compression in
the payload (gzip of web pages, etc, "minification" of javascript), so I would
hypothesize that the actual savings are minimal on the average.
However, it points out that there is a man-in-the-middle problem with HTTPS
alone. Your phone's browser should be checking the certificates more
rigorously than it does. It can do that quite easily, and I think the
destination can do that in Javascript that comes with the pages.
"We don't look" is not a defense in the EU privacy regime, and probably not in
the US one (though many US Senators think that ISP's looking at content is just
fine).
-----Original Message-----
From: "Maciej Soltysiak" <[email protected]>
Sent: Thursday, January 10, 2013 9:46am
To: [email protected]
Subject: [Cerowrt-devel] Nokia decrypts user's HTTPS to compress to improve
speed
[http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking]
http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking
Have a look at what corporations resort to when they're in need of serious
debloating and things like TCP Fast Open? :-|
Regards,
Maciej
_______________________________________________
Cerowrt-devel mailing list
[email protected]
https://lists.bufferbloat.net/listinfo/cerowrt-devel
