Faster, cheaper (and more secure)… ???

Faster and cheaper, as Application is tailored for mobile phone access. Only relevant info / links are shown (not the whole bank site). Less data to download.

For Opera Mini /Mobile to do the same, they would need an advanced *content blocker*… or rather *content designer*… to be able to only check balance and pay bills… (Maybe a widget could do the trick ?)

That said, the Application could also have been in the form of a Web page… but a download brings the bank *closer* to the customer, I guess

Originally posted by Remco:

…

SSL is no magic word that suddenly makes everything completely safe.

Of course SSL is not a magic word. SSL is an acronym that stands for Secure Sockets Layer. It is a form of encryption that ensures that other people are not eavesdropping on your HTTP traffic. This allows for things like user names, passwords, credit card numbers, etc. to be passed back and forth between your browser and a web server without fear of them being intercepted.

SSL is not easy to crack, therefore when you log into online services, or perform online transactions, the chances that someone could crack the SSL encryption and inspect the contents of the stream are close to non. Obviously it’s possible, but most SSL keys are long enough that it would take years to crack, and the average SSL encrypted stream will only last for a matter of seconds.

The way that people normally get ahold of your personal information, credit card numbers, login information, etc. is through a type of spyware known as a key logger (more info). While it is virtually impossible to crack an SSL encrypted stream, it is very easy to log keystrokes. It’s also far easier to get a key logger onto a user’s computer than it is to find an SSL encrypted stream in that wonderful mess of TCP/IP traffic that we call the Internet.

So, on a mobile platform that isn’t targeted by virus/spyware writers, you would be more than safe with a 128-bit SSL key.

they see everything (unless it’s encrypted)

Daniel, my problem is not with the internet service provider. HTTPS (using SSL) provides exactly the encryption you are referring to, so no man-in-the-middle attacks are possible between two peers communicating using HTTPS.

In a standalone banking application, the two peers are the device with the J2ME application using HTTPS and the bank server.

But with opera mini, there is Opera’s processing proxy inbetween the two points. And because the proxy processes the data for the client, this can only be done if the proxy can “understand” the data, so it is actually decrypting the data on receiveing and encyrptys it again when sending the request to the target server, and the same goes for the response.

So on Opera Mini’s proxy server, by design, all data must at one point be processed in plain text, which is a security risk for sensitive data like banking information.

And while a have no doubt that Opera Software takes the utmost care in securing this data, this does not exclude the possibility of a hacker attack that would retreive this data. So for banking applications, i feel that this is an unneccessary risk involving a third party (Opera software). Also, in the user agreement that you have to accept before using Opera Mini, it states exactly this and what i think is a standard disclaimer, so Opera probably can’t be held accountable if such user data would get compromised.

Exactly, as much as i love Opera in all flavours, banking sites should not be used with Opera Mini, as all data goes through an opera proxy server and opera holds no liabilty over this data (as you agree to in the usage agreement).

Dane, no matter which browser you use, all your data still has to go through your Internet provider, they see everything (unless it’s encrypted).

while I love Opera Mini for general browsing I’m always wary of pushing passwords and supposedly secure communications through a proxy that looks at the data coming through, especially as it’s a proxy run by a single commercial company.

Robin, if you’re worried about your passwords being pushed though a proxy, then why does it matter if it’s being pushed though a single company or multiple? Do you trust Cingular’s applications with your passwords?

Opera Mobile is another story, as all requests go directly from and to the device.

It would be nice to have this service usable with Opera mini, but I’m afraid the mobile web isn’t mature enough and still unknown.

Genjinaro, banking should work just fine with Opera Mini, since it support SSL.

“Sir, your house is safe, there’s a lock on the frontdoor.”

SSL is no magic word that suddenly makes everything completely safe.

why don’t we set up that proxy for all our desktop PCs as well

[irony] well, the next windows is allready in development, so we can expect that feature soon [/irony]

Wow this is sad. I’d also wonder about the privacy of those applications, whether the bank info is at all secure. I can trust Opera, but I can’t trust my cell phone carrier (which charges me way more than it should) to not “slip a tip into its pocket”. Sigh. How sad.

That said- there’s nothing *wrong* with optimizing for the mobile environment, provided the other conditions above are still met. I’d like to be able to get into any web account I have now with my mobile- hence my thoughts in the first paragraph. But there are a handful of applicaitons which, if given the choice, I would optimize for mobile experiences.

Example- banking: I’ve noticed the most frequent mobile banking function I perform is transferring funds from one account to another (apart from checking the balance, but that’s available as soon as you log in) I don’t necessarily do that most often on my desktop, it’s just one of many tasks I do.

…so if I had a RIA or… I don’t know… a WIDGET of some sort that allowed me to quickly check my balance and make a transfer, I would much prefer that to loading the browser and navigating through my banks web page.

But again, that doesn’t mean I don’t want my banks web page to be usable/available through Opera Mini- just that I’d choose to optimize my user experience.

I can imagine only a handful of widgets or apps, off the top of my head:
Banking
Netflix

I’d download and install an app that was tailored to “on the go tasks.”

this is of course assuming that the RIA developer takes the time to do usability studies of some sort on the type of tasks that lend themselves to the mobile experience and optimize for them.

However I do bank through Opera Mobile every one in awhile, never had issues with it since, going on three months now.