Re: ACTION-893: Start putting together a set of guidelines that could help address the security issues triggered by links rewriting. from Luca Passani on 2009-01-18 (public-bpwg@w3.org from January 2009)

From: Luca Passani <passani@eunet.no>
Date: Sun, 18 Jan 2009 17:12:53 +0100
To: Mobile Web Best Practices Working Group WG <public-bpwg@w3.org>
Message-ID: <49735505.3020206@eunet.no>

David Storey wrote:
>>
>> I think they are both wrong. But since OperaMini tends to be "opt-in" 
>> by nature, it does not bother the rest of the ecosystem as much as 
>> the others. FYI, Opera partnered with ByteMobile, which leverages 
>> Opera's technology to reformat websites exactly as Novarra and all 
>> the others (look at Voda Ireland, for example). Glad to hear that 
>> Opera does not like this model.
>
> "I" and "Opera" are not exactly the same thing.  I don't doubt it is a 
> solution to a problem, especially when the transcoders are good quality.

Noted. For those who wonder what we are talking about:

http://www.opera.com/press/releases/2007/02/06/

>>>
>>> In regard to the no transform header; this can't work for solutions 
>>> such as Opera Mini, where they only support using a proxy.
>>
>> I think OperaMini should stop transcoding HTTPS content
>
> Wouldn't work.  Opera Mini only supports transcoded content.  Without 
> it we'd have to show a screen saying "site not supported"  Not exactly 
> good user experience, or what the user wants.

right. Not a good user experience. But totally against what the content 
owner may want. If I make the effort to create an HTTPS site, it may 
well mean that I don't want anyone to interfere in the communication 
between me and the client, don't you think?

After all, also waiting in line is not a good user-experience. Users 
have the right to complain about the long wait, or just vote with their 
feet and go somewhere else. They do not have the right to walk behind 
the counter and help themselves (i.e. break HTTPS).

>   If a browser supports both regular html and transcoded content then 
> I personally fully agree, but otherwise we need to serve the content.

again, you don't need to. You want to. And you do it with the hope that 
nobody gets seriously mad at what you are doing.

>
> Opera Mini exists to run on phones that wouldn't support a full 
> browser.  Users do also run it on smart phones as it saves the user 
> money in data traffic (and assumably the operator in data traffic costs).

well, operators make money on data traffic, but let's not go there, it 
would be a digression.

Luca

Received on Sunday, 18 January 2009 16:13:32 UTC