Nokia, You’ve gotta be kidding me!

Meatloaf is not amused

From GigaOM:

Nokia has confirmed reports that its Xpress Browser decrypts data that flows through HTTPS connections – that includes the connections set up for banking sessions, encrypted email and more. However, it insists that there’s no need for users to panic because it would never access customers’ encrypted data.

Nokia is playing the role of the man in the middle with the Xpress Browser. Nokia installs its own SSL/TLS certificate in the XPress Browser so it could create a secure/encrypted session to Nokia’s own server. The server then initiates https session with the website.

Does anyone remember what Opera Mini does?

Some corporate networks use proxy that request https session on the proxy on behalf of the computers in their networks.

90803