Can Opera be fully Trusted
-
A Former User last edited by
Recently I came upon a short article by Hallvord R M Steen, a former software tester at Opera Software from 2000 to 2012. Here are his words: "My final thoughts: AFAIK the browser-developing parts of old Opera Software is no longer a publicly traded company and will no more issue public quarterly reports and such things. (I hope someone will correct this if I’m wrong here). This means we - the general public - will now know way less about how Opera earns money. Per a Mozilla document (WoSign and StartCom - very technical stuff) Quiho 360-related entities have done some questionable things that don’t indicate a deep understanding of the Internet’s fragile trust models."
Now this concerns me given the shady things Quiho 360 has done (i.e. in 2016 Quiho was caught cheating in all the antivirus tests. Here is just a small part of a much longer article containing many violations against Quiho:
Q.A) Qihoo masking their browser as a critical Windows security update to IE users.
http://wmos.info/archives/7717 / http://www.theregister.co.uk/2013/02/01/qihoo_government_warning_fraud/
Qihoo displayed a misleading security update for Windows users that instead installed their browser.Q.C) Qihoo browser actively enables insecure cryptography.
https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit
Qihoo's browser is notably insecure with respect to SSL/TLS, with some of the insecure changes requiring active modification to the low-level source libraries that Chromium (of which they're based on) uses.Q.E) Qihoo apps removed from app stores due to malware
https://www.techinasia.com/qihoo-committing-fraud-google-making-huge-mistake / https://www.techinasia.com/qihoo-apps-banned-apple-app-store
Qihoo Apps have repeatedly been banned from Apple's App Store due to issues
the
Q.G) Qihoo "security" apps repeatedly found as unfair competition
https://www.techinasia.com/qihoo-360-loses-chinas-courts-ordered-pay-sogou-82-million-unfair-competitionSo... each of us has to make up our minds regarding the security of this Opera browser. I'm very skeptical of continuing its use given the fact that so many engineers quit within a month's period of the Chinese consortium acquiring the company.
-
blackbird71 last edited by@coffeelover said in Can Opera be fully Trusted:
...
So... each of us has to make up our minds regarding the security of this Opera browser. ...This. However, it applies to any browser; and it should be pondered continually and not just at browser adoption, if browser 'security' is a conscious factor in one's browser usage (though it's not, frankly, for many users). Part of the basic issue is that a browser user must necessarily entrust part of his personal data and his browsing preferences/habits to the care and competence of software designers and parent corporations which the user has never met nor really knows little about, regardless of the user's level of inquiry. Moreover, the kinds of 'insecurities' that may be knowingly ignored by one user may be considered 'catastrophic' by another, depending on how he defines "security". Truly, YMMV.
Obviously, you mentioned some past indications of questionable behavior on the part of subsidiaries of one partner in Opera's new parent ownership consortium. Whether or how those kinds of behavior might somehow ripple down or transfer into the actual design and 'security' of an Opera browser version is difficult to determine with any certainty. There is some measure of protection under Norwegian privacy laws, under which the Opera organization continues to operate. There is a greater measure of protection present in the inherent integrity and competency of Opera's software designers, since at the end of all factors, it's the designers who actually commit code to end product.
The real proof-of-the-pudding lies in the code itself. However, few modern browsers are fully open-source in every code fragment they contain... otherwise the makers risk giving away the store to competitors in how they solve technical problems and provide key features. So every browser containing closed-code presents a level of uncertainty regarding what is truly going on internally. It's part of the air which ordinary users must breathe in today's software world. In such cases, a security conscious user must remain ever alert for relevant fresh reports of insecurities within a given browser or its design operations.
Personally, I'm not unduly troubled by the revelations you list, since I believe those occurred historically in products created by entities distantly apart from the current Opera design group. In reality, the opacity of future corporate-owner influences on browser design within Opera is not much different from that characterizing Microsoft or Mozilla or most other browser makers - publicly or privately held. There are a few browser makers which seem more open in what they do (though it would be rude to discuss them in an Opera-sponsored forum), but there are no guarantees even then.
-
A Former User last edited by
@blackbird71 There are no guarantees as you say and I agree. However, given the fact that many of the software engineers promptly resigned after the consortium took over and several have raised red flags regarding the direction and the trust that one might give to the new browser, I've chosen to no longer trust it. I don't trust China - period. I do not trust its expansion in the China Sea. I do not trust its persecution of Christians and violations of human rights - period. I do not trust its constant attempts to infiltrate our country's infrastructure, government and military. You might counter with the fact that we do the same and I accept that as a fact BUT I trust my own country more than China which for me is the bottom line. I've dumped Opera on all my devices. I think a much safer alternative is Vivaldi for a variety of reasons. I wish it weren't so but I'm not about to give my information willingly to a company with such close ties to China AND that includes Kaspersky/Russia connection.
-
leocg Moderator Volunteer last edited by
Some people left Opera after the company's acquisition by the Chinese consortium, at the same time that many others arrived. And the same happened before that, like it's normal in any work place.
I would say that most probably there are more people that left because of the decision to concentrate the Opera for desktops development in Poland than ones that have left because of the Chineses.
-
A Former User last edited by
@leocg That's possible, Leo. I can only say that "some" of these engineers have raised these questions and that as individuals we have to make the decision to either entrust the new Opera with our data and hope that it is used wisely or decide to look elsewhere. As I mentioned in my first post, my use of Opera goes back to 1999 and right up to the Chinese buy-out. I was not one to jump ship when Opera turned to Chromium. I would like to believe otherwise. I've not done enough digging into the matter to present more of the story but I'll keep digging. I wondered if perhaps others felt the same way and how it affected their usage of the browser.
-
leocg Moderator Volunteer last edited by
There are some info on how Opera makes money at https://investor.opera.com/
-
-
A Former User last edited by
I looked over these pages and yet found little to change my views. Today I see that China has been using tiny microchips to gain access to US companies. This is yet another reason why I personally do not trust software or hardware that comes from China. Read about it by going to the link below. Meanwhile, Leo you can close this thread if you like. For those like me who no longer trust Opera, the evidence seems enough. For others like Blackbird who believe the evidence is not compelling, there is little point in continuing the discussion. It really boils down to what one is willing to place his/her trust in and for me... that is no longer Opera software.
-
-
blackbird71 last edited by
@coffeelover said in Can Opera be fully Trusted:
... Today I see that China has been using tiny microchips to gain access to US companies. This is yet another reason why I personally do not trust software or hardware that comes from China. Read about it by going to the link below. ... For those like me who no longer trust Opera, the evidence seems enough. For others like Blackbird who believe the evidence is not compelling, there is little point in continuing the discussion. It really boils down to what one is willing to place his/her trust in and for me... ...
Writing as someone who has spent much of his career dealing with highly classified materials, I feel there's a vast difference between an adversarial government covertly placing spy-chips into a market-leading company's industrial/commercial/military server hardware by bribing/coercing factory personnel within that adversarial nation in hopes of penetrating corporate/government networks so as to acquire strategic information versus that same adversary somehow getting some lines of snooping code covertly inserted into a second-tier Internet web browser that's designed by code experts outside the adversarial country and aimed at individual non-commercial users. Of course anything is always possible, but 'possible' doesn't make it likely - and it certainly doesn't necessarily make it even worthwhile. Covertness always carries the risks of unexpected disclosure, whose costs and fallout can be considerable when measured against probable reward for the effort. Consequently, the potential payoff must always be worth the risks incurred - and, frankly, the market exposure of Opera into truly strategic arenas doesn't really qualify as worth it.
But, as I think we agree, it all comes down to personal opinions and preferences. For me and the equipment upon which I use browsers, Opera is currently OK in a security sense. For equipment that really matters in a real-world security sense, I personally believe there should be complete isolation from the public Internet - a genuine airgap, if you will. Hence, the only practical browser risks for ordinary users is from non-nation-state hackers and vandals.
-
A Former User last edited by
I've been using Chrome practically since the first versions. I remember earlier that Firefox was my browser. But Google appeared with a speedy browser, and I changed, at that time Firefox weighed a severe problem of browsing speed and resource consumption. Although Opera has always made sporadic appearances, now I've forgotten it since Chrome started releasing stable versions.
For a web browser I do not look for a Swiss army knife, only the following:
A browser that meets the standards.
Fast painting the web
Light regarding resources
Multiplatform: PC, OS X, and iOS.
Synchronization between platforms.
That I can install an advertising blocker.
After reading this article, I saw that Opera covered my needs, so I arranged for him to have another occasional appearance in my life.The thing did not start very well, the first thing I went to look at was the client for iOS. Wrong, it has not been updated for more than a year, I do not say to upgrade every week, but one year it makes me think that it is in a state of advanced abandonment. Touched and sunk in the first shot, but I kept investigating a bit.
I remembered the news from a few months ago that Opera Software had been sold to a Chinese company. So I accessed his website in search of information, and I was surprised by what I found, nothing. I had to go to a financial report of the close of the first quarter of 2017 indicating that the operation with the Chinese investment group ("the Buyer") of 575 million dollars had been completed and closed.
So the same report and Wikipedia gave me the name: Golden Brick Capital Management Limited. Accessing their website I see that they have investments in 4 companies, 3 of them Chinese and Opera that is Norwegian. I look at the companies: ISP, cable operator (TV and radio), a kind of YouTube that I find it hard to find information.
We know the level of censorship, control, and analysis of the information that the Chinese government imposes on their companies, so I do not get too good a thorn that a Chinese investment group that invests in critical channels of information distribution also has to its credit a Web navigator.
Call it paranoia, conspiracy, an influence of Hollywood or whatever you want, but if even Opera itself is funny to present them on their website, it makes me less thankful to use a program paid for by the Chinese.
Nothing is free if Google traffics with my data thanks to Chrome at least I know. Opera does not know where the Chinese have told him he should generate profits.
-
blackbird71 last edited by blackbird71
@thephototoday said in Can Opera be fully Trusted:>
...
Call it paranoia, conspiracy, an influence of Hollywood or whatever you want, but if even Opera itself is funny to present them on their website, it makes me less thankful to use a program paid for by the Chinese.Nothing is free if Google traffics with my data thanks to Chrome at least I know. Opera does not know where the Chinese have told him he should generate profits.
If you're not actually living in China, then Chinese control/censorship/tracking of their own citizenry is not a technically-relevant issue for your use of a web-browser even if the browser were somehow covertly altered to support such native control schemes (and of which, there is absolutely no evidence yet in Opera). The only remaining risk of something dangerous covertly coded into a browser would be some form of spyware/malware designed to steal your personal data or to spread itself along and into the local network for malicious/covert purposes... and that would have relevance to China only if you were involved in critical/defense-related infrastructure professions. Again, there's absolutely no evidence yet that anything like that exists in Opera.
Certainly, in one's imagination, anything might be possible for a Chinese owner of Opera. But 'possible' by no means is the same as 'likely' or 'reasonable'. One's rationality must always outweigh their paranoia. Embedding malware/spyware into a browser like Opera would seriously risk being discovered by the numerous far-flung Opera developers in multiple lands, having access to its code; it would risk discovery by countless 3rd-party monitors of software products and malware/spyware exploits throughout the world. Once discovered, it would be in clear violation of governing Norwegian laws, and it would be a truly product-killing event that would utterly destroy Opera's reputation thereafter and damage the reputation of any Chinese enterprise exporting any software/firmware product. To most nation-state 3-letter actors (NSA, FSB, etc), such risks would far outweigh any likely reward.
-
A Former User last edited by
I've tried to balance my paranoia as it were. I will NOT allow the Opera browser to go to any banking site or use it to make purchases. Instead I use it for moderate browsing periodically. That's as far as I'm willing to make use of it. Each to his own.
-
-
A Former User last edited by
@leocg That's true, Leo. I "think" (not sure so it's a total guess on my part) that most people believe coding can be more easily hidden in software than hardware so they're more willing to trust their devices than the programs they load onto them. Does it make sense? Probably not but my gut feeling is that this is how most people think.
-
-
blackbird71 last edited by blackbird71
@coffeelover said in Can Opera be fully Trusted:
... I "think" (not sure so it's a total guess on my part) that most people believe coding can be more easily hidden in software than hardware so they're more willing to trust their devices than the programs they load onto them. Does it make sense? Probably not but my gut feeling is that this is how most people think.
You're right that it's how most people think (at least most people who even think about security - the vast bulk of users rarely even consider it in any depth). But since most "hardware" contains "firmware" (which is code embedded into PROMS or flash memory), there is far less difference than many folks might imagine. Discovery of backdoor code (intentionally malicious or simply heedlessly left over from factory testing access) has popped up in the news continually in everything from chips to full-blown PC boards for years.
Having worked in the digital and national security realms for 40+ years, I find no more security against spyware/malware in general code-capable parts/devices than I do in downloadable software programs, unless those parts/devices have been procured and tested against a published DoD/military QPL (qualified parts list). In reality, assuming one practices "safe hex", the key issues have more to do with who you are (your profession) and what you have to lose (in terms of secrets) than what an adversary may or may not do. In other words, if you have secrets that make you a worthwhile target or link you to a prime critical/infrastructure target, then you have reason to be super-cautious about national-origin of equipment or software. Otherwise, not nearly so much...
-
A Former User last edited by
@blackbird71 Thanks for the enlightenment. That makes a great deal of sense.
