No end-to-end encryption in Opera Mini

At some point I realized that I cannot access www.careerbuilder.com website. For the first time it happened to me back in Switzerland when I worked few years ago. Since then I moved from there and from time to time I tried that website again. I like Money section on msn.com and careers.msn.com was always just a click away. But I had no luck. First I thought it was screened by a corporate firewall, but an attempt to connect at home did not improve the situation. Careerbuilder.com is not something I really need to use, but it has been a bothering feeling that there’s a major website where you are not allowed to access, and you do not know why.

As in a good detective story there was another plot developing independently from the Careerbuilder.com story. I have an iPod Touch and I installed Opera Mini browser there as I enjoy Opera browser in general (mouse gestures are very handy). After a while I noticed that with Opera Mini I can access some sites that I could not normally access from the country where I’m staying now (Russia). To my surprise it turned out that Opera Mini uses a transparent proxy, which is built-in and cannot be disabled, as according to my ip I was somewhere in Iceland (please see the screenshot below):

opera-mini-1

Puzzled I typed in careerbuilder.com and here you go, as if it has been always there for me:

opera-mini-2

Then I pinged careerbuilder.com in a usual way, and here’s the result:

careerbuilder.com-unreachable

Reply from 38.104.182.222: Destination net unreachable. As I could not decipher that message myself, I posted a question on Neowin.net forum.

And mighty BudMan replied in his typical elaborated manner, with a short summary in this quote: “Clearly ICMP is being blocked […]. Yeah it sucks with parts of the internet do not follow the RFCs and block icmp that should not be blocked..” He also said that “They have a pretty weird dns setup.” Well to me it was clear enough that I cannot do too much to fix it, and maybe it is good idea to contact guys at careerbuilder.com to point out this issue.

In the same post at Neowin forum, a guy with a nickname warwagon replied to my question as well, spotlighting an interesting issue with Opera Mini. As it stated on Opera Mini official FAQ webpage:

Opera Mini uses a transcoder server to translate HTML/CSS/JavaScript into a more compact format. It will also shrink any images to fit the screen of your handset. This translation step makes Opera Mini fast, small, and also very cheap to use. To be able to do this translation, the Opera Mini server needs to have access to the unencrypted version of the webpage. Therefore no end-to-end encryption between the client and the remote web server is possible. If you need full end-to-end encryption, you should use a full web browser such as Opera Mobile.

Isn’t that nice? In other words: the mandatory use of this transcoder server makes it impossible to provide end-to-end SSL security for client connections. Be aware.

Leave a Reply