A Blog From Behind the Trenches

Attack of the Bugs

Opera Mini makes you more secure on public WiFi connections

Thursday, April 15, 2010 12:27:39 PM

, ,

Did you know that all communication between the Opera Mini servers and the Opera Mini client on your phone is encrypted?

This is actually something you can take advantage of to increase security if you are connected to a public WiFi network. Such networks will allow anyone to spy on you. But the encryption in Opera Mini means that even if your Internet connection is wide open, anyone who tried to capture your private details would just get a blob of encrypted data.

Opera Mini can actually make you more secure.

Of course, this means that you have to trust Opera Software. If you don't trust us, you shouldn't use Opera Mini for anything sensitive. You should only do what you feel comfortable doing, but if you do trust us to respect your privacy, you now have a way to increase your security by using Opera Mini.

Opera Mini iPhone tip: Don't pinch to zoom!One million downloads: Opera Mini beats Skype, PayPal on the iPhone

Comments

Zimak Thursday, April 15, 2010 12:31:43 PM

Good news!devil

Tamil Thursday, April 15, 2010 12:41:51 PM

Paul GeorgeWolfHook Thursday, April 15, 2010 1:40:25 PM

I was reading a load of comments on a blog post last night about Opera's proxy and security. I noticed that some guy was hounding you on Twitter Haavard, going on about how Opera mini is not a real browser and users should be warned.

Do I trust Opera with sensitive information? About as much as I do my ISP, my government, Facebook, Twitter, Google etc etc... Not much, but what can you do about it these days, live in a cave I suppose?

Some of the one star ratings on the app store about Opera Mini were in relation to logging into Facebook, doesn't seem fair to me to report that as a negative considering that Facebook has a dedicated app made for it to make the whole user interface accessible on both iPhone and Android.

Personally I like choice and Opera Mini on my iPhone has been quite useful. It does seem that some rabid Apple fans are dead against having a rival web browser on their device and will use anything to try and attack it, weird.

Marcomyeagle Thursday, April 15, 2010 4:51:29 PM

In Opera we trust !!

UtkarshUtkarsh1 Thursday, April 15, 2010 5:04:48 PM

Well, as they say it, 'If you really want to protect your privacy, stop using the Internet'.

I'm pretty sure that Opera maintains the anonymity. Some privacy paranoid people just keep on searching for something to bash upon.

d4rkn1ght Thursday, April 15, 2010 6:40:59 PM

up

Uncle MickMickeyjoe-Irl Thursday, April 15, 2010 9:42:02 PM

If I have to trust somebody, it might as well be you guys. Seems better than trusting whoever might be packet sniffing a public network.

Charles SchlossChas4 Thursday, April 15, 2010 10:37:02 PM

Cutting Spoonhellspork Friday, April 16, 2010 4:44:10 PM

"means means" Time for the second cup of coffee?

This is a much better way for Opera to position itself. I hope that such language makes its way into the official marketing materials. So its compressed, encrypted, passworded and "its not a real browser" means there is no way to hijack the phone or its data through browser vulnerabilities.

Mad Scientistqlue Saturday, April 17, 2010 12:21:24 PM

The good news is that while the server has to decrypt things, the average Opera Software employee does not have access!. And even those that do would have a devil of a time tracing me! leftp.

Haavardhaavard Saturday, April 17, 2010 1:40:52 PM

"Regular" employees definitely do not have access to the servers. We are running servers and services for several major business customers in addition to end-users, so access is tightly controlled and restricted. We would have never been able to keep these companies as customers if we didn't have an extremely high degree of security and access control.

Cutting Spoonhellspork Sunday, April 18, 2010 3:13:32 AM

Thank you, I figured such a juicy market would be high on your list. Since Opera has developed every component of such technology, it makes perfect sense to court the organizations that need such functionality and high security.

Putting it another way, high-level corporate customers are a strong endorsement for small-time users.

selurus Wednesday, April 21, 2010 7:04:35 AM

I'm glad to hear that Opera Mini is secure. What about Opera Mobile used with or without Turbo?

Cutting Spoonhellspork Wednesday, April 21, 2010 4:04:30 PM

I *think* Turbo does not work with https, but I could be mistaken. If it does, then the same security as Mini would apply.

Haavardhaavard Wednesday, April 21, 2010 4:35:23 PM

Turbo is disabled for HTTPS sites.

selurus Wednesday, April 21, 2010 5:41:31 PM

So does that mean Opera Mini provides security by encrypting the connection always, while Opera Mobile provides security only when you are not visiting https websites.

Cutting Spoonhellspork Wednesday, April 21, 2010 6:05:21 PM

Not quite. Opera Mobile supports completely normal direct security with your bank, in the same way as a desktop browser. Part of Mini's security is OBFUSCATION; when all traffic is encrypted and goes through a proxy, observers can't even tell that you are trying to visit a bank or other secure site. This means that a hacked wireless router cannot give you the wrong DNS, potentially sending you to the wrong site. For obfuscation, Opera Mini is about as useful as TOR or I2P browsing.

Mobile and Desktop Opera use other mechanisms to improve security, such as strong dynamic encryption, excellent certificate checking and use of third-party trust networks. Mobile is as safe as Desktop, which was considered the best for security in 2009. Mini is one of the safest things in this universe.

digitalinksmudge Thursday, April 29, 2010 9:01:05 PM

Thanks for clearing things up a bit Haavard.

Originally posted by haavard:

Did you know that all communication between the Opera Mini servers and the Opera Mini client on your phone is encrypted?



Nice!

Originally posted by haavard:

"Regular" employees definitely do not have access to the servers. We are running servers and services for several major business customers in addition to end-users, so access is tightly controlled and restricted.



So who are non "Regular" employees? I know your super Haavard!

Originally posted by haavard:

Turbo is disabled for HTTPS sites.



Good to know.

It would be great to see an official Opera Mini for iPhone Security FAQ. Your blog is great, and we appreciate your effort, but the general iPhone Opera Mini user may not see this page.

Cheers!



digitalinksmudge Thursday, April 29, 2010 9:06:01 PM

Originally posted by Cutting Spoon:

This is a much better way for Opera to position itself. I hope that such language makes its way into the official marketing materials. So its compressed, encrypted, passworded and "its not a real browser" means there is no way to hijack the phone or its data through browser vulnerabilities.



Well said Hellspork guy!

Originally posted by Cutting Spoon:

Putting it another way, high-level corporate customers are a strong endorsement for small-time users.



Again, well said.

Originally posted by Cutting Spoon:

Part of Mini's security is OBFUSCATION; when all traffic is encrypted and goes through a proxy, observers can't even tell that you are trying to visit a bank or other secure site. This means that a hacked wireless router cannot give you the wrong DNS, potentially sending you to the wrong site. For obfuscation, Opera Mini is about as useful as TOR or I2P browsing.



This needs to be on the Official Opera Mini for iPhone support page.
You and Haavard tag-teamed this blog very well...

Cheers!


JaredpieRr0Ur Monday, May 24, 2010 2:59:40 PM

That really is good news.

One word: yes

JaredpieRr0Ur Sunday, June 27, 2010 3:12:03 AM

Originally posted by myeagle:

In Opera we trust !!



And in god!

Write a comment

You must be logged in to write a comment. If you're not a registered member, please sign up.