The responses are sent back to the phone via MMS, in up to 5 (I think?) segments. I download the webpage along with all resources (stylesheets, images, etc.) and put everything in a zip file. I encode the zip file as a PNG (each RGB pixel is 3 bytes of the zip file) and send the PNG in the MMS.
I display a warning when the user tries to navigate to an HTTPS URL that messages sent to/from Smozzy aren't encrypted and it's not recommended that you proceed. I had a general idea for an encryption scheme (hardcode Smozzy's certificate's public key into the application and use it to encrypt a randomly generated string with each request and then send that encrypted string with the request and use the unencrypted string as a symmetric key to encrypt the rest of the request/response), but I was kind of too lazy to implement it for the initial release.
You are obviously welcome to block my domain/IP (not that I could stop you). I don't currently plan to expand beyond a single host. Even in the midst of all this coverage my single VPS seems to be working fine. Sorry in advance if I cause problems for you or any other admins...
The motivation behind the scheme I came up with is that it could be done with no pre-communication, hence why my RSA public key would be hardcoded into the client.
The png optimizers you see (optipng, pngcrush, etc)? What they do is carefully pick the optimum filters to get the best file size. So I'd say those filters were the most important part of the compression.
Probably not for long!
This is so impressive.
You'll be surprised about all the boxes that have been erected for people to think in, as soon as you have discovered the world outside the particular box you've grown up in.