Wow Jesus Christ. This isn't the default on Nokia phones. You'd have to specifically NOT use the default browser and download the Nokia browser to be exposed to this.

No, this is with the default browser on the lower end phones.

For Lumia it's an optional download, but then again the Lumia markets don't have to worry so much about big brother.

Given the proliferation of Android and the iPhone, you probably wouldn't have anyways.

Maybe that might be so, but I still had Nokia until 2 weeks ago and still won't have either Android or iPhone. Thing is basically until now I have only used Nokia phones and that might be somewhat understandable when I say I'm Finnish.. Anyway security should never be exchanged for speed.

You do realize Nokia Lumia phones have IE as well as Xpress? This issue affects Xpress alone. You could use IE without any of this affecting you.

This is about trust and not about the one browser.

The Lumias have this Xpress thing?! Why?

Essentially, Nokia improves webpage load performances by utilizing data compression algos on their servers through Xpress - similar to Opera and Amazon Silk. In between, Nokia decrypts HTTPS traffic - Opera and Amazon apparently don't.

So, effective use of Xpress could be limited to articles (The Verge), magazines and mailbox use could be done through IE or through the mail app. The problem is limited on the Lumia phones but it is a bigger deal just on their S40 phones.