The statements I have posted on this site are mine alone and do not necessarily reflect the views of Unisys
Tested On
| Handset Model | Nokia Asha 302 |
| OS Version | 14.78 (31-08-12), RM-813 |
| Browsers Tested On | Nokia Browser, Opera Mini |
| OS Type | Series 40 (S40) |
It has been noticed that internet browsing traffic, instead of directly hitting requested server, is being redirected to proxy servers. They get redirected to Nokia/Ovi proxy servers if Nokia browser is used, and to Opera proxy servers if Opera Mini browser is used. Given below is HTTP request header I noticed while browsing a simple site of checkip.dyndns.org, which reveals public ip address used by browsing device.
POST / HTTP/1.1
Host: cloud13.browser.ovi.com
Content-Type: text/plain
x-nokiabrowser-host: checkip.dyndns.org
connection: Keep-Alive
accept: */*
cache-control: no-cache
x-device-id: <removed>
Content-Length: 293
Connection: Keep-Alive
User-Agent: Nokia302/5.0 (14.78) Profile/MIDP-2.1 Configuration/CLDC-1.1
x-wap-profile: "http://nds1.nds.nokia.com/uaprof/Nokia302r100.xml"
Upon browsing a site, no attempt is made to resolve host name of site that is being browsed, but DNS request goes for resolving Nokia/Ovi’s cloud server which is shown in “Host:” part of above stated HTTP request. The site that needs to be browsed is sent to nokia server as parameter of “x-nokiabrowser-host”. Not just site browsing using their web-browser, but also some built-in applications such as mail client and twitter client (these are tested ones) seem to use same nokia browser, hence traffic for those applications as well is proxied through Nokia servers in above stated manner. Even after checking various settings, I could not see any straightforward way to bypass this proxy setting and let my internet traffic pass through normally. This behavior is noticed regardless of whether the browsing is done through 3G or Wifi network connections. I have tested this on Wifi by sniffing at wifi router and on 3G network by browsing self owned server and looking at packet capture.
In case of Opera Mini browser, there are two browsing options available 1) http 2) socks. This has been tested in both the browsing methods and results are similar. First of all, no dns request was seen for the site being browsed, but dns request was noticed for the opera site.
Given below is http request header for browsing the same site of checkip.dyndns.org using Opera Mini browser with http option:
POST / HTTP/1.1 Host: mini5.opera-mini.net Content-Type: application/xml accept: */* Content-Length: 15 Connection: Keep-Alive User-Agent: Nokia302/5.0 (14.78) Profile/MIDP-2.1 Configuration/CLDC-1.1 x-wap-profile: "http://nds1.nds.nokia.com/uaprof/Nokia302r100.xml" ...Q....l....z.
The screenshot given below shows packet flow captured by tcpdump (with host filter enabled for my mobile device) on wifi router, while browsing above mentioned site using Opera Mini browser over http.
Whereas same site, when browsed using Opera Mini browser over Socks option, looks like the screenshot given below, which is again packet capture by tcpdump (with host filter enabled for my mobile device) on my wifi router.
Again I couldn’t find a way in Opera Mini browser to bypass this behavior and let the traffic pass normally to target server, after seeing such shocking behavior, I quickly checked same things in a bit older Nokia mobile phone (C5-03), and couldn’t find any such behavior in that. Other thing to notice is whether we use Nokia browser or Opera Mini browser, http header’s User-Agent parameter shows exactly same values.
Now such behavior in Nokia mobile phones does raise few questions and concerns.
- What about individual’s privacy?
- What is Nokia/Opera doing behind the scene with all these information?
- Is Nokia selling such devices/OS only in India or even in other places?
- Is Nokia doing this to meet any regulatory requirement?
- And lastly, can’t this method be (mis)used to proxy even normal desktop/laptop Internet browsing through their proxy servers, to hide real source??
Fresh commenting/pingbacks has been disabled on this post.
Treasure Hunt 
Opera funnels requests through their servers as a way to improve performance. Their servers compress and reformat the browsed material to reduce bandwidth needs. Wearing my conspirator’s hat, there may also be some financial incentives (replace ads on web pages with their own ads, sell details of browsing patterns to marketing firms, etc.)
My guess is that Nokia is also engaging in either performance enhancements or data tracking when users use the built-in Nokia browser.
Yeah, BUT Opera is also well know to be extremely cooperative with law enforcement…
And Nokia, in regard to its recent cash flow problems, must sell this information to big companies.
As a matter of big companies is general and specifically telecom spirit, imagine the worst, multiply it by 10, and you should be close to reality.
Opera has done this for time! It was IMHO what made it the best browser for GPRS devices as the performance increase is huge! Nokia seem to be going for the same on their cheaper devices that are big in far east markets where connectivity is not as good as Europe etc. All proxies are open to abuse of the kind you suggest. If your worried about interception by a man in the middle I suggest using https and better still tor as your ISP is just as likely to poke your packets as anyone else, then there is the government etc.
http://www.nokia.com/global/privacy/privacy/details/browser/nokia-browser/
Pingback: Nokia’s MITM on HTTPS traffic from their phone « Treasure Hunt
opera mini has always done this… people wanted it for this reason as it made page renders on slow phones (or slow connections) much faster. Opera mobile does not use a the opera proxy.
(Disclosure: Working for Opera Software)
About Opera **MINI** it is the way the browser is working. It’s by design. It’s called a proxy browser. The Opera mini software on your device is a thin client, with no rendering engine for traditional html, js, etc. The thin client on the device takes the URL and sends it to an Opera server proxy which as the really rendering engine. The proxy makes the requests to the server and then sends back an interactive image format OBML (Opera Binary Markup Language), which is compressed and saves a lot of bandwidth. One of the costs being a more reduced set of features, in particular for everything animated.
If you need a full browser on your device, you need to install Opera Mobile (not available on all devices), this will have rendering engine, etc, and will not go through Opera proxy servers.
All of that said Opera has been always crystal clear about Opera Mini and Opera Mobile. Check the web site.
I am in agreement with this, thanks. I have not commented about Opera’s browser (in this post), I have spoken about Nokia’s browser, which doesn’t seem to be doing right thing.
You are saying in this post:
“Again I couldn’t find a way in Opera Mini browser to bypass this behavior and let the traffic pass normally to target server, after seeing such shocking behavior,… ”
It is not shocking. It is the way the thin client is working. It can’t work without the proxy. Opera Mini != Opera Mobile.
Pingback: Nokia: Yes we decrypt your HTTPS data, but don’t worry about it — Tech News and Analysis
Pingback: Nokia: Yes we decrypt your HTTPS data, but don’t worry about it ← techtings
Pingback: Nokia: Yes we decrypt your HTTPS data, but don’t worry about it | ImpressiveNews
Pingback: GIASTAR – Storie di ordinaria tecnologia » Blog Archive » Nokia: Yes we decrypt your HTTPS data, but don’t worry about it
Pingback: Nokia ‘hijacks’ mobile browser traffic, decrypts HTTPS data | Ezspk Tech
Pingback: Bad Nokia! HTTPS Data Decrypted by Nokia but we Have No Cause for Alarm | Land of Technology
Pingback: Nokia decripta tráfego HTTPS em seus smartphones | Blog de Programação Literati.com.br
how did you capture the http header when browsing from mobile
traffic sniffed at wifi router not at mobile.
Pingback: Nokia caught wiretapping encrypted traffic from its handsets ~ Richard Falkvinge « Stop Making Sense