SplitBrowserSurvey

tkadlec edited this page Jul 21, 2015 · 22 revisions

This page is a survey of "split browsers" - i.e., browsers that connect through pre-configured network services, usually to improve performance or reduce data transfer.

Interesting questions to answer, if possible:

  • Does the split browser MITM TLS connections?
  • Is it selective about when it splits -- e.g., just on mobile networks, just when bandwidth is limited?
  • What documentation is there about privacy/security?

Opera Mini

Browser is on Opera's machines; proprietary protocol between the handset and those machines. TLS is therefore terminated on Opera's machines; a separate form of encryption is used to the handset.

The Opera Mini app is a thin client only capable of rendering the proprietary OBML markup, so direct connections are impossible by design.

Opera is #1 mobile browser in Africa, with a 49.7% market share, and #2 mobile browser in Indonesia with a 23.3% market share.

Opera Turbo

Split browser technology; used by Opera Mobile, Opera Browser (opt in), etc.

"When you enable Opera Turbo, the pages you request are passed through one of Opera's data-saving servers." " If you browse a secure site, like your bank or email, Opera Turbo stays out of the way. Your sensitive data is sent directly between your device and the secure site."

UCBrowser

  • MITM - ???
  • Selective - ???
  • Privacy docs - ???

Number one desktop, mobile or tablet browser in India, with a 31.47% market share. Leads mobile there with a 47.49% market share.

Number one mobile browser in China, neck-and-neck with Android with a 37.24% market share.

Number one mobile browser in Indonesia, with 34.38% market share -- and rapidly increasing.

UC Browser Mini

UC Browser is similar to Opera Mini. If "Speed Mode" is disabled, the browser does no proxying and instead the website is loaded into a WebView. If "Speed Mode" is enabled (which it is by default), then the rendering is done on UC's servers and passed back to the client in a proprietary format. TLS is terminated by UC's machines.

10,000,000 to 50,000,000 installs on Android

Google Chrome (Mobile)

Uses Google Data Compression Proxy. Thorough report of functionality is available in a paper entitled Flywheel: Google's Data Compression Proxy for the Mobile Web.

Currently, the user needs to opt in through configuration. Data gathered by ScientiaMobile for the Q4 2014 version of their MOVR Report had proxy usage at 7.5% of global mobile Chrome usage. The highest concentration was in South America, where they reported 10.67% of mobile Chrome traffic to be using the proxy.

  • MITM - No.
  • Selective - A little. Once user enables, it will run for all sites and all networks. But it does have a "proxy bypass" mechanism that may disable the proxy for a given URL if the client detects conditions like: HTTP request loop, unreachable origin, server overload, blacklisted site, missing control header, or generally an unproxyable request.
  • Privacy Docs - somewhere in https://www.google.com/intl/en/chrome/browser/privacy/ ???

Amazon Silk

Split browser; said to use SPDY to talk to Amazon cloud services.

"Amazon Silk routes secure (SSL) web page requests directly from your computer to origin servers so they do not pass through Amazon servers. "

QQ Browser

Appears to be a split browser, based upon third-party statements.

Number 4 mobile browser in China, with a nearly 9% market share.

Yandex Browser

Split browser; "Turbo Mode" uses Yandex servers for recompression, etc. It's based on Opera Turbo.

  • MITM - No.
  • Selective - Yes. Turbo mode is automatically triggered if the connection speed falls below 128 Kbit/s. It will remain on until the speed exceeds 512 Kbit/s. It can also be enabled and disabled by the user.
  • Privacy Docs - ???

Mozilla Janus

No longer under active development. Split browser project at Mozilla.

  • MITM - they hope not
  • Selective - ???
  • Privacy Docs - ???

Puffin Browser

Browser is on Puffin's servers. A proprietary protocol is used between the handset and those machines. TLS is therefore terminated on those machines and a separate form of encryption is used between them and the handset.

Similar to Opera Mini and UC Mini, Puffin on the handset is more a client than a browser. One big difference is that Puffin only sends diffs of the changes on a page over their persistent connection after user interaction, instead of a fully refreshed snapshot (like both UC Mini and Opera Mini do).


Other Info about Split-Browsers