Nokia 監控使用者連線...

Nokia 被抓到 Xpress Browser 會監控使用者連線,不論是 HTTP 或是 HTTPS:「Nokia Running A Man In The Middle Attack To Decrypt All Your Encrypted Traffic, But Promises Not To Peek」。

兩篇原始發現人的文章,第一篇「Nokia phone forcing traffic through proxy」是講 HTTP 的部份,第二篇「Nokia’s MITM on HTTPS traffic from their phone」是 HTTPS 的部份。

實際運作是類似於 HTTPS proxy 的作法。在「Nokia: Yes, we decrypt your HTTPS data, but don’t worry about it」有詢問 Nokia 後的官方回覆:

"Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them," the company said. "When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users’ content, it is done in a secure manner.

"Nokia has implemented appropriate organizational and technical measures to prevent access to private information. Claims that we would access complete unencrypted information are inaccurate."

GIGAOM 的翻譯簡單多了:

we decrypt your data, but trust us, we don’t peek. (對,我們的確這樣作,不過相信我們,我們沒有監聽。)

你真的相信這鬼話嗎 XDDDDDDDDD


Leave a Reply

Your email address will not be published. Required fields are marked *