degrees of trust: software vs. data hosts

Overjoyed by all the SSL goodness around me (Twitter offers SSL-only as an option, so does Facebook, Google offers 2-factor auth), I started dutifully upgrading my web browsing experience on Firefox, specifically installing the EFF Add-On that turns on HTTPS everywhere it can, in particular when using Google (it uses encrypted.google.com by default). I googled myself to test it out, and I found this interesting blog post by CSS Squirrel from a few months ago, in regards to the issue I have with Opera Mini.

CSS Squirrel says:

Ben Adida offered the following question as a counter: “Does privacy matter? Cause Opera Mini proxies all of your connections, even SSL, via its servers.” It’s a valid question, especially considering his expertise in the field of privacy and security.

Actually it’s a valid question regardless of my credentials🙂

Not being an expert on how Opera does things, I poked at both Bruce Lawson and Molly Holzschlag, both Opera employees.

Both of them said “If you don’t trust us (Opera), then don’t use the service.”

[…]

So is Opera Mini fast? Yes. Is it secure? Yes.

But that’s not good enough. Trust is not a simple yes/no concept. I trust my dog walker to come into my home, walk my dog, and not go opening up drawers to find my medical records. But I’m not going to leave my medical records out in the open either, cause that’s just asking for trouble. I trust that the Opera browser, installed on my machine, is not phoning home my personal data, because that would be a huge breach of expectation. But if I use Opera Mini and all of my data is being shipped to Opera on every HTTP call, do I trust them never to look at it? Do I trust their security system to be so good that they won’t ever be hacked?

There are degrees of trust. I trust that most reputable installed software won’t phone home with my data. I trust that some data hosts won’t analyze my data too deeply, but certainly many will. And I’m pretty sure many data hosts will get hacked or will leak data unintentionally. So, it’s unreasonable to judge your software publishers and data hosts with the same degree of trust. There isn’t enough of a taboo against data hosts perusing your data. Facebook is mining our data, everyone knows it, and our general reaction is “oh well, what are you gonna do.” But if Microsoft Word scanned your hard drive and shipped your personal info back to Redmond, you’d be looking for a pitchfork right about now.

Opera Mini is misleading because it presents itself as an installable piece of software, when in fact it is almost a data host, and the degree of trust one should consider, when using Opera Mini, is a lot higher than that which is implied by their packaging.

5 thoughts on “degrees of trust: software vs. data hosts

  1. Think of Opera’s service as an option.

    If you don’t use it, people on the network could be looking at your traffic, including your ISP, for example.

    Stephan

  2. Your ISP can’t see your SSL traffic. But Opera can when you use Opera Mini. That’s much worse.

    But in any case, I would be okay with that if Opera made it clear what Opera Mini does. It’s being described as a web browser. But it’s not. It’s a web proxy. The browser is actually sitting at Opera HQ. Users are not being told sufficiently well.

  3. Hi Ben, It is a good question and not really easy. Opera Mini is an installable app which receives binary data OBML from a proxy. You might want to link to the articles explaining it, so people can understand. Specifically http://www.opera.com/mobile/help/faq/#security

    I fail to understand the SSL rationale. Under SSL, the data are encrypted. It is the same for any proxies in between aka it is the way HTTP is working. I’m not sure what you meant here. Could you clarify?

    The question is similar for things like the search box (this time in all browsers) which sends your data to the search engine you selected and public wifi network access. They do not usually say in big red letters: “Be careful HTTP is a protocol when not under ssl which shows you naked”😉

    Will you be at the Web Privacy Workshop. I want to discuss further with you? http://www.w3.org/2011/track-privacy/

  4. Thanks for your comments Karl. The issue I’m specifically concerned about, with SSL, is the one mentioned on the Opera site itself: “Therefore no end-to-end encryption between the client and the remote web server is possible.” In other words, when I connect to my bank via Opera Mini, Opera sees all of the unencrypted data. That’s *very* different from using a normal web browser. That’s why I’m not a fan of Opera Mini being described as a web browser.

    Sadly, no plans right now to be at the web privacy workshop…

  5. Understood for the point you are saying. There are two layers of encryptions. The one between Opera Mini client and Opera Mini proxy (encrypted) and the one between the Web and Opera Mini proxy (under SSL for example with your bank).

    What you describe is basically the same than someone over your shoulder or having broken into your computer. It’s why the FAQ says using Opera Mobile if you want an end to end encrypted connection. It reminds me also of all systems relying on third party trust systems. Hosting keys, passwords, etc. Or the way your data are hosted at the bank itself, securely or not.

    Would you have a specific recommendation? Visual cue or message to make the users more aware of it? As a future Mozilian and an Opera Mini user what would you recommend?

    Too bad for the workshop, please do submit a paper at least.

Comments are closed.