BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 01-20-2007, 12:26 PM   #1 (permalink)
Thumbs Must Hurt
 
2Curious's Avatar
 
Join Date: Nov 2006
Location: SFlorida
Model: 8900
OS: 4.6.1.114
Carrier: TMo USA
Posts: 58
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Opera Mini 3.0 / security / elaborate?

Please Login to Remove!

I've been reading through the Opera Faq about encryption and security features. I need some help learning more about it, so I can fully understand how it (or any other mobile web service) can be truly secure.

FAQ info: http://www.operamini.com/help/faq/#encyption

1. I think the piece that I'm most fuzzy on is the Opera Mini Server itself.
True or false: We as users must trust that they will not store any secure information. But, they could. So, in the end it's up to us?
2. With the Advanced version (not Basic) of Opera Mini 3.0 the Complete End-To-End connection is secure and encrypted.
Just double-checked the downloaded file I installed for the Pearl as being the Advanced version for (MIDP 2)
3. Since they keep track of cookies set by the remote web servers, it would be up to us to be sure that we didn't choose "remember me" and such during loggins for banking and other sensitive sites? Mainly to avoid problems if we ever lost our phones. Even though we can clear all history using the menu/tools/history/clear all.

Any advice, or guidance would be appreciated. Even just a link so I can read up on it myself. I've been reading everything I can find on proxy servers as well. Just trying to learn so I can make educated decisions.

(8100 Pearl, running OS 0.64, Provider TMo US)
__________________
http://www.2Curious.tv
Offline  
Old 01-20-2007, 02:13 PM   #2 (permalink)
Talking BlackBerry Encyclopedia
 
Join Date: Jan 2007
Location: San Francisco
Model: 8300
Carrier: AT&T
Posts: 273
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

In general since they control the entire path from your client to the server, you must trust that they don't store any secure information.

I'm pretty sure Opera Mini can store all sorts of stuff about your content on their servers (cache, cookies, as well as security certificates needed for SSL). This is because it's their servers that ultimately acts as the HTTP client to the external sites.

Note, this is different from the traditional HTTP proxy server model in that the proxies are not able to view your content in a SSL/TLS session, as they don't have the private key required (which is stored in your browser). Also, traditional proxy servers generally will not parse any of the http body content. In order for Opera Mini to work and optimize a regular HTML page for the phone they have to parse the content and send down optimized rendering info.

So whether you trust them or not is up to you. Personally I have no problem using it for non-encrypted content. Yes, they can cache and use the information, but anyone with a packet sniffer can also do the same with your desktop browser. My browsing patterns aren't that interesting anyway...

I wouldn't use it for any secured https traffic though, based on the reasons above. Plus, most half-way decent secure sites (e.g. banks) probably won't accept any https sessions coming from Opera Mini.
Offline  
Old 01-20-2007, 10:17 PM   #3 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2006
Location: Iowa
Model: 7520
Carrier: Boost
Posts: 48
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am able to log in fine to 2 online Bank Accounts and 2 online Stock trading accounts using Opera Mini 3. Also, I can now login to my works Intranet using Opera Mini. To login to the work intranet I have to use a RSA SecurID kefob token generator, and I could never do that with any BB brower until Opera Mini 3

IMHO, Opera is doing some serious stuff right.
Offline  
Old 01-20-2007, 10:24 PM   #4 (permalink)
BBF Moderator
 
Stinsonddog's Avatar
 
Join Date: Mar 2005
Location: Northern California
Model: 9700
PIN: Agaboobie
Carrier: AT&T
Posts: 5,518
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Agreed - if you are a security hound, don't do anything important on Opera. There's a server in the middle, and they should be at the bar I just left.


Quote:
Originally Posted by kyububba
In general since they control the entire path from your client to the server, you must trust that they don't store any secure information.

I'm pretty sure Opera Mini can store all sorts of stuff about your content on their servers (cache, cookies, as well as security certificates needed for SSL). This is because it's their servers that ultimately acts as the HTTP client to the external sites.

Note, this is different from the traditional HTTP proxy server model in that the proxies are not able to view your content in a SSL/TLS session, as they don't have the private key required (which is stored in your browser). Also, traditional proxy servers generally will not parse any of the http body content. In order for Opera Mini to work and optimize a regular HTML page for the phone they have to parse the content and send down optimized rendering info.

So whether you trust them or not is up to you. Personally I have no problem using it for non-encrypted content. Yes, they can cache and use the information, but anyone with a packet sniffer can also do the same with your desktop browser. My browsing patterns aren't that interesting anyway...

I wouldn't use it for any secured https traffic though, based on the reasons above. Plus, most half-way decent secure sites (e.g. banks) probably won't accept any https sessions coming from Opera Mini.
__________________
Shortcuts Rule!! Download Link:[Stinsonddog's Blackberry Tips ] GET TORCHED
@ Stinsonddog
Offline  
Old 01-20-2007, 11:06 PM   #5 (permalink)
Thumbs Must Hurt
 
2Curious's Avatar
 
Join Date: Nov 2006
Location: SFlorida
Model: 8900
OS: 4.6.1.114
Carrier: TMo USA
Posts: 58
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Thanks - I agree - No https for me.

Thanks so much kyububba and Stinsonddog!

Banking and other https sites are specifically what I was getting at.

I love Opera to view many many sites that otherwise are difficult and cluttered to read with the BB Browser. And I agree, this browsing isn't that interesting, they can store whatever they want.

But to login to my banking site, or buy something by credit card online via Opera Mini?
I think I'll pass. None of it is that urgent that I can't wait till I'm home, or at work. And last time I checked, if it is urgent enough, I can always bank by phone.

I just wanted to learn as much as I could. Thanks again.
__________________
http://www.2Curious.tv
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.