- From: Charles McCathieNevile <chaals@opera.com>
- Date: Sun, 08 Mar 2009 22:13:37 +0100
- To: "Luca Passani" <passani@eunet.no>, public-bpwg@w3.org
On Fri, 06 Mar 2009 12:40:32 +0100, Luca Passani <passani@eunet.no> wrote:
>> ... Opera Mini quite clearly states "Is there any end-to-end security
>> between my handset and — for example — paypal.com or my bank? No. If
>> you need full end-to-end encryption, you should use a full Web browser
>> such as Opera Mobile."
>>
>> Barclays Bank recommends it http://www.barclays.mobi/
>
> I suspect that whoever made the choice had not fully grasped the fact
> that their secure HTTPS is being broken at your proxy.
Really?
I suppose it is possible that banks make naive statements about customer
security on the internet, and just trust everyone out there without doing
any reasearch. It may be that they just randomly copied and pasted a bunch
of stuff into their security sections and never check. It is a possibility
(technically speaking) that they are really completely incompetent and
just make stuff up - that they keep your money in a bucket at the bank
manager's house, hire a 14-year-old nephew of one of the directors to do
all their advice for users, and have an ATM system that doesn't actually
check your funds, just reandomly decides to give you money or not.
But I strongly suspect you are wrong. While I am sure that Barclays Bank
makes mistakes from time to time, I strongly suspect that in line with
their generally quite good understanding of Web technology, they have
based their advice to their customers on things they actually understand.
Perhaps you could ask them, before asserting that they made a positive
statement without checking obvious public sources.
>> Opera mobile does not "attempt to redefine HTTP".
>
> with reference to past discussions on this list, I think this is
> arguable (ref: HTTPS and how it can be legitimately tampered with).
Anything is arguable.
However, Opera does not attempt to redefine HTTPS. It provides a
connection from any web service chosen by a user to the Opera server that
is secured. Since it needs to render the site at that point, it does so,
and in the spirit of HTTPS provides another secured connection from the
secured rendering service to the user's handset.
[who controls presentation on the web is continued elsewhere]
>>> Some applications are naturally mobile only (think ringtone/wallpapers
>>> downloads).
>>
>> Yes, but that's an edge case - entirely device-specific content.
>
> which happens to be where most of the money has been in mobile (after
> voice and SMS, of course).
> Anyway there are others examples.
> Anyway my point that it must be a content owner's decision to "export"
> their content to mobile devices. It cannot be "mandated" by W3C, by
> Opera, by Novarra or by anyone else.
I simply don't see the logic in your assertion. So let me rephrase what I
understand your position to be, to ensure we are talking about the same
thing...
A content owner decides to put up a web service, and open it to all comers.
If a technically savvy user decides to look at it in a way customised by
that user, this is fine.
If an ordinary user chooses a service to look at it in a way that
apparently suits that user, that is not fine.
What I fail to understand is
1. The difference between a person choosing their own modifications, and a
person choosing a service that does the modification for them.
2. How this difference is somehow importantly different to the capacity
for different browsers to have different rendering engines (it doesn't
come a lot more different than silent onscreen presentation and
presentation in voice, for example).
(What I further fail to understand is why Opera Mini, which makes every
effort to provide the intended rendering, and
>> If I have a black and white TV, I can watch a technicolour movie in
>> black and white, regardless of the director's intention.
>
> IMO, with transcoding you should reverse the analogy. The director may
> have prepared a technicolor movie for mobile devices, but the transcoder
> forces mobile users to see the miniaturized full-version in black and
> white.
I think you are missing the point of Bruce's analogy. If a user *chooses*
a TV service that converts content to Black and White, or puts a filter
that converts the signal to Black and White between the antenna and the
TV, or just has a Black and White TV, how is one of these scenarios
different from the other?
I also think it is a misleading example, since Opera Mini is *not*
equivalent to converting the colour movie to Black and White on a colour
TV. It might be more appropriate to use an analogy of it displaying TV on
a mobile phone, where that may be a Black and White phone. (It is an
imperfect analogy still, but I think closer to the reality).
>> Content owners create content, and they own it. They recommend display
>> but do not own the end user's experience.
>
> I wouldn't go as far as saying that content owners do not own the user
> experience. I think they do. I also think that it probably does not make
> much business sense for content owners to go out of their way to prevent
> techie users from redefining the user experience. On the other hand, I
> think it is a total abuse when a third-party changes the user experience
> for users without content owners' consent.
Why is it an abuse to offer a service which allows non-technical people to
have the same benefits that technical users know how to get?
I still fail to see how a user choosing a service is somehow not taking
responsibility for what they do.
If I have a car, is it OK for me to replace the carburettor, but not OK
for me to simply find a service like a mechanic who looks at it from time
to time and says "you should replace your carburettor"? Because as I
understand the discussion, this is equivalent to the question we are
asking.
>> If your site can be found in Google,...
>
> I find this situation you describe profoundly different from transcoding
> the whole page without the consent of the copyright holder, often
> stripping out ads and banners which constitute a site's business model
> (not to mention the case when operators inject their own ads in the
> process).
So do you really object to rendering a page somewhere, and providing that
rendering somewhere else? Opera Mini, and the X Server running a web
client and rendering it for me on a terminal somewhere else are both doing
this, and so is lynx over an Xterm, and so is using a virtual screen to
remotely run my browser. Or would this be OK if it is my server, but
unreasonable if it is my friend who set it up for me? How is it different
if a third party does so?
Or is the issue really that you object to some specific kind(s) of
transformation? I think that is a seperate discussion, but one I can see
as making sense, and one I think the CT work should address.
Cheers
Chaals
--
Charles McCathieNevile Opera Software, Standards Group
je parle français -- hablo español -- jeg lærer norsk
http://my.opera.com/chaals Try Opera: http://www.opera.com
Received on Sunday, 8 March 2009 21:14:37 UTC