mnot’s blog

Design depends largely on constraints.” — Charles Eames

Friday, 5 June 2009

Opera Turbo

HTTP performance is a hot topic these days, so it’s interesting that Opera has announced a “turbo” feature in Opera 10 Beta;

Ever felt a Web site was loading slowly? Do you think it will happen again? Think again: Opera Turbo is a compression technology that provides significant improvements in browsing speeds over limited-bandwidth connections like a crowded Wi-Fi in a cafe or browsing through your mobile phone while commuting.

They go on to give more details in their sales materials as well as a blog entry (both found by a search engine, not linked from the feature description):

That’s why we’ve been working on Opera Turbo, a server-side optimization and compression technology that provides significant improvements in browsing speeds over limited-bandwidth connections by compressing network traffic. This does not only make you surf faster, but also lowers the cost of browsing when you are on a pay per usage plan.

Note the use of “server-side” here. The interesting thing here is that when I turn on Turbo and sniff the network to see what’s going on, all of my connections seem to go to a server like this:

Macintosh:~> nslookup 064.255.180.252
Server:		192.168.1.254
Address:	192.168.1.254#53

** server can't find 064.255.180.252: NXDOMAIN

Macintosh:~> nslookup 64.255.180.252
Server:		192.168.1.254
Address:	192.168.1.254#53

Non-authoritative answer:
252.180.255.64.in-addr.arpa	canonical name = 252.0-24.180.255.64.in-addr.arpa.
252.0-24.180.255.64.in-addr.arpa	name = global-turbo-1-lvs-usa.opera-mini.net.

In other words, this isn’t a “server-side” technology; it’s a proxy.

From a technical standpoint, this is an interesting approach; intermediation is a great way to introduce new features into the request stream (here, they’re compressing content and stripping headers, by the look of it).

However, I’m in Australia, and they’re sending all of my requests — even for Australian content — through a US proxy, which adds several hundred milliseconds to every request, and depending on my provider, may cost me more (some AU providers make local content free). Considering that the people who this technology’s marketing will appeal to most — e.g., those in the Australian bush, or rural India — won’t be served well by this, it seems like it would be important to point this out.

More damningly, a quick test shows that Turbo’s proxy doesn’t honour the Cache-Control: no-transform directive, and moreover, strips it from responses. no-transform is specified to assure that clients and servers have a way of avoiding problems with transcoding proxies — just like Turbo (emphasis added):

no-transform
Implementors of intermediate caches (proxies) have found it useful to convert the media type of certain entity bodies. A non- transparent proxy might, for example, convert between image formats in order to save cache space or to reduce the amount of traffic on a slow link.
Serious operational problems occur, however, when these transformations are applied to entity bodies intended for certain kinds of applications. For example, applications for medical imaging, scientific data analysis and those using end-to-end authentication, all depend on receiving an entity body that is bit for bit identical to the original entity-body.
Therefore, if a message includes the no-transform directive, an intermediate cache or proxy MUST NOT change those headers that are listed in section 13.5.2 as being subject to the no-transform directive. This implies that the cache or proxy MUST NOT change any aspect of the entity-body that is specified by these headers, including the value of the entity-body itself.

To put it mildly, this is disappointing, given Opera’s historical focus on standards compliance.

From a privacy standpoint, it gets worse. Calling this a server-side technology is frankly unconscionable. A reasonable person who reads the blurb and follows the in-browser instructions will have no idea that their requests are being routed through Opera, and no disclosure is made about what is done with that data. I’m a little surprised by this, considering that Opera is an EU-based company, and therefore subject to the European Data Protection laws.

It is worth noting that in their blog entry (which again, has to be found separately), they do say

Your privacy is important

Even when Turbo is enabled, encrypted traffic does not go through our compression servers. This means that when you are on a SSL site, we bypass these traffic and let you communicate with the SSL site directly. Opera generates statistics of the usage of Opera Turbo, but these are aggregated numbers and no information can be linked to a single user. Opera does not store any users’ private information.

So, their heart is in the right place, but this doesn’t make up for not informing users up-front.


Filed under: HTTP Web

20 Comments

Brad Fults said:

Thanks for the elucidation here.

Isn't Opera based in Norway (not part of the EU), though?

Friday, June 5 2009 at 1:41 PM +10:00

anon said:

Hey, cut him some slack over Norway and the EU, it's hard enough knowing there's anything at all beyond the US.

Friday, June 5 2009 at 2:35 PM +10:00

Mark Nottingham said:

Ah, that's correct; sorry. Eurovision != EU ;)

Friday, June 5 2009 at 3:33 PM +10:00

Will McGugan said:

Hi,

What else would 'server-side technology' be, other than a proxy? Granted, the term 'proxy' is more technically correct but for the less technical savvy server-side seems like a good way to tell the user that the work is not done on their PC, its done remotely.

Will

Friday, June 5 2009 at 9:25 PM +10:00

Nicolas Mendoza said:

I hope you are not transferring medical imaging on a flaky network that needs Opera Turbo to run acceptable ;-)

Nice that you tried out the best browser out there, though ;)

Friday, June 5 2009 at 11:09 PM +10:00

Mark Nottingham said:

"Server-side" doesn't imply that a third party (Opera) is seeing the data. There are non-technical ways to communicate this to users; e.g., "Your requests will be sent to Opera servers to make them more efficient."

I've notified some folks I know at Opera, and they're having a look at it now.

Again, I don't see malice in this, it's just that this sort of stealthy intermediation has historically been a very touchy subject (e.g., the whole OPES debacle), with good reason.

Friday, June 5 2009 at 11:12 PM +10:00

duryodhan said:

What worries me is that if they wanted they could have setup SSL to go through their servers too. And as they own the browser too, they can make sure that this doesn't throw the "invalid site" SSL error.

Just a thought on why I wouldn't use a technology like this from the browser developers itself.

Saturday, June 6 2009 at 12:16 AM +10:00

Matt Simmons said:

This /is/ an optional feature, right? I hope?

Saturday, June 6 2009 at 1:44 AM +10:00

aks said:

Yes, it's optional.

Saturday, June 6 2009 at 2:04 AM +10:00

tuxhelper said:

So then is it possible to use this proxy in earlier builds ? For proxy information what would I enter ? It would be nice if my isp did this by default (dial-up). But, you must install windows software in order to do so...

Sunday, June 7 2009 at 4:33 PM +10:00

Jan Standal said:

Hello,

Jan from Opera here. Firstly thanks for the feedback (that is really what beta products are for). We really do appreciate it and will try address them in our products and information.

Some feedback to you:

>> So, their heart is in the right place, but this doesn’t make up for not informing users up-front.

You should have been sent to this page (http://www.opera.com/portal/turbo/) the first time you try Opera Turbo. You can also access this page if you right click on the Turbo button and go to "What is Opera Turbo?". This page _should_ give enough information to the users to figure out what Opera Turbo is and what the consequences are when running it.

>> However, I’m in Australia, and they’re sending all of my requests — even for Australian content — through a US proxy, which adds several hundred milliseconds to every request,

True. Thats why Opera tries to detect whether you network speed is so slow that you will benefit from Opera Turbo or not.

>>and depending on my provider, may cost me more (some AU providers make local content free).

We make software that is used by people all around the world, and such it is pretty hard to us to make one solution that works for some local conditions in AU. Having said that, we actually try through providing commercial solutions for operators/providers a such as these.

>> To put it mildly, this is disappointing, given Opera’s historical focus on standards compliance.

Standard compliance is extremely important for us. There are as you say certain deviations in Opera Turbo, and we expect to bring changes forward to the right W3C WG like we always do.

And finally, We are indeed a Norwegian company (and not part of the EU), which means that we follow the Personal Data Act (http://www.datatilsynet.no/templates/Page____194.aspx). If you don't care to read it, take my word that it is extremely strict.

Jan

Monday, June 8 2009 at 3:29 AM +10:00

Mark Nottingham said:

Hi Jan,

Many thanks for the feedback.

A few responses:

"""You should have been sent to this page (http://www.opera.com/portal/turbo/) the first time you try Opera Turbo. You can also access this page if you right click on the Turbo button and go to "What is Opera Turbo?". This page _should_ give enough information to the users to figure out what Opera Turbo is and what the consequences are when running it."""

That page (and this is the first time I've seen it) doesn't explain that requests will be routed through Opera servers.

"""We make software that is used by people all around the world, and such it is pretty hard to us to make one solution that works for some local conditions in AU. Having said that, we actually try through providing commercial solutions for operators/providers a such as these."""

Again, I think just informing users that their requests are going through your servers (ideally, this would include *where* they are) would be enough.

"""Standard compliance is extremely important for us. There are as you say certain deviations in Opera Turbo, and we expect to bring changes forward to the right W3C WG like we always do."""

The W3C doesn't have change control over HTTP; the IETF HTTPbis WG (which I chair) currently does. Regardless of where the work lies, however, disregarding no-transform is a clear violation of HTTP/1.1; the only way to incorporate this change is to start a new, backwards-incompatible version of HTTP (most likely HTTP/2.0).

"""And finally, We are indeed a Norwegian company (and not part of the EU), which means that we follow the Personal Data Act (http://www.datatilsynet.no/templates/Page____194.aspx). If you don't care to read it, take my word that it is extremely strict."""

I'll take your word. :)

Cheers and thanks again,

Monday, June 8 2009 at 7:03 AM +10:00

Benjamin Carlyle said:

Mark (long time no comment... I really have to start reading my feeds more often),

One interesting addendum to you comment about being in Australia: What is perhaps happening here is that users are being asked to opt-in to what could effectively be Opera's own Content Distribution Network. There is no reason why they couldn't set up servers in Australia to add a level of caching that ISPs now offer only rarely.
It'll be interesting to watch the experiment develop, really... CDNs are obviously increasingly valuable. So who's going to pay for them? The server, or the client? Obviously thumbs up again to REST in this case for creating space for the market to make this decision through its layering, caching and statelessness constraints.

Benjamin.

Monday, June 8 2009 at 1:41 PM +10:00

per said:

"The W3C doesn't have change control over HTTP; the IETF HTTPbis WG (which I chair) currently does. Regardless of where the work lies, however, disregarding no-transform is a clear violation of HTTP/1.1; the only way to incorporate this change is to start a new, backwards-incompatible version of HTTP (most likely HTTP/2.0)."

True. The problem here, however, is that all no-transform images I've ever seen on the web are ads.

So all the advertisement would be sent at maximum quality, while the content will be compressed.

It's not really optimal.

And as for not telling about the servers, the page clearly states that it's 'Server side'

Monday, June 8 2009 at 8:41 PM +10:00

Mark Nottingham said:

Yes, per, but *whose* servers?

Monday, June 8 2009 at 9:21 PM +10:00

Mark said:

It's an interesting (paraphrased) point implying that you may not trust the company to have your data put through their servers, and basically that they could breech your trust if they used their servers. The fact is that you're using *their* program. Why would you do that if you don't trust them?

The program could do anything it wants, including storing sensitive data, and sneakily sending it off later while you're not paying attention. It does not need a server side solution for that. If you trust them enough to pass your sensitive data through their program, then you should trust them enough to pass your sensitive data through their servers too. They control both of them, after all.

Opera said it best with their Opera Mini FAQ (Opera Mini also uses a server-side approach like this); "If you do not trust Opera Software, make sure you do not use our application to enter any kind of sensitive information."

Wednesday, June 10 2009 at 6:56 PM +10:00

per said:

Well. I can see that there could be some confusion there, but the only alternative from the opera servers would be the webservers?

Installing software from Opera on all web servers in the world is probably not feasible. But knowing this indeed requires technical knowledge in excess of what the average user should need to have.

There is no FAQ page like for Opera Mini yet from that I can see, that should probably be added.

Wednesday, June 10 2009 at 8:20 PM +10:00

Artur Nankran said:

Even if the FAQ is not there, the product is still in beta.
And one of the purposes of beta products is exactly generating discussions like this, that can make the final release better.

I've been trying the Automatic enable of Opera Turbo, and so far it was only enabled on extremely slow situations.

But anyway, great topic, I am using Opera 10 and I will do some sniffing to see what I find out, since I am in Brazil.

Artur

Wednesday, June 17 2009 at 6:28 AM +10:00

AiMAN PANSAR said:

Hmm.. I would like to know if I can modify the server of the browser when in turbo mode? I want to edit it for more fast browsing..

Thursday, June 18 2009 at 2:23 AM +10:00

Gregory said:

Is there any way to setup Opera's Turbo proxy in Firefox, so it could load pages faster?

Tuesday, November 3 2009 at 8:26 AM +10:00

Creative Commons