Option to edit DEFAULT SEARCH ENGINES

stealth789

stealth789 last edited by

I guess we won't agree on this. The last thing in the world I want is for Opera to permit browser search engines it views as inherently unsafe. I look to The Opera developer to establish safety standards in its browser. I don't want their carelessness or negligence in setting up a pruduct -- or in capitulating to certain forum complainant's demands -- to put users at risk. If they deem more search engines as dangerous, but permit them on the browser, they would be remiss in their responsibility to users. It would be negligent to do so, particularly given the grave consequencies that can flow from hijacked search engine searches.
I fully support more search engines as a default in Opera, when the Opera developer deems it safe to do so.

I'm not talking about making Opera less secure. I'm talking about option to safe change of search engine, if it's possible. And I think there are ways how to make it possible to be safe for standard users, but even power users. And simply if you allow something, it doesn't necessarily mean it insecure. It's like say, that it's insecure for my firewall to allow opera access to port HTTP.
Here it's question if it's possible to allow users to change engine safe way. And when you don't agree, I'm asking why and trying to giving other options. When someone say simple no, I'm asking why, and if there's not any other way. What's wrong with that?

lem729

lem729 last edited by

Yes, but I defer to Opera on what is safe. If they think adding more default search engines is not safe (because of the risk of search engine hijackings), that's enough for me. There's nothing in any of the posts in this thread to demonstrate or even to suggest that Opera has exercised its discretion in an improper manner. It is Opera's call, and Opera's alone. If you're saying that you want more default search engines, if Opera determines that adding them is safe, then I agree with that.

stealth789

stealth789 last edited by

...
And you're telling that Opera 12.17 and other browsers are not protecting users? I'm sorry, but from my point of view, this is only excuse.
And give me example what is hijacked now in current implementation of Opera Blink and why it's no problem in Opera 12.17?
...
They allow in Opera Presto.
...

As for what other browsers do, they may not have had the hijacking problem, or they may be acting in a careless manner.
It's fine to ask for Opera to permit more default search engines, as long as Opera determines that adding them would not be a significant security risk for the user.

Please don't make statement that other browser are careless! First give some prove. It's not honest to argument like this. And Opera 12.17 (and older long time used older versions) is careless? So basically Opera is careless?
...
Wrong. In Presto Opera 12.15 through 12.17, it is NOT allowed to set a custom default search engine and have it persist across a browser shutdown/restart cycle. That is one of the major changes made in the update from 12.14, and the statement by Opera made at the time was that it was being done to prevent browser hijacking. That new approach to limiting default search engines was simply continued with Blink Opera. You or I may disagree with Opera's thinking on this, but it's their call to make, and they've given their reasons for why; further, it's been the case from the later Presto days onward.

Maybe partially wrong. I used Opera 12.17. And even older releases. You can't claim it wrong just on your selected sample versions from many of them. But still in this case it strictly question of security. Not about that you can't use engine XYZ.

Back in Presto days, Opera had another policy that used to drive some users crazy, which was their adherence to standards that, on an https page, disallowed browser connections being made/called from that page to an unsecure http page/site. That played havoc for some users at certain web sites that were coded sloppily, and those users were vehement in their demand that Opera relax their practices "like all the other browsers". Opera would not, citing security issues as their rationale.

I understand that security is primary. So if it's security in this case. Let's say if only power users, or even in file like "Web Data" will change this. Is it still insecure? Or basically you saying, there's no secure way to provide this option? I don't think so.

Opera makes the browser; Opera is responsible for the security protections they put in it. As a suggestion that Opera find a way to safely allow user customization of the browser default search engine, I can heartily agree. But any suggestion that they simply relax their perceptions of what is safe for users is not something that I would be willing to do.

Ok, so why for example in search engines there are some that don't use HTTPS connection, even when server side supports it? Where's the security there?
Sure I highly honor security. But not as excuse for right reasons.

stealth789

stealth789 last edited by

...
Please give me an example, when custom / extension provided search engine is not threat, but changing default one is.
...

The entire subject of extensions is incredibly complex, in part because it opens a door to a browser becoming an entirely different "animal" than it was in its bare-bones state. Opera is accountable for the design of its browsers; in most cases, 3rd-party developers are responsible for the design of their extensions. Opera does what it deems safe in its browsers. If extensions bypass some of Opera's safety-related design choices, that's for the extension developers and the users to decide... but it doesn't impact what Opera feels is safe at any given time. Just because an extension might bypass a protection of a default setting doesn't equate to Opera necessarily agreeing with it.
Frankly, the whole business of extensions is its own security "fur ball", at least in how it's usually done (the extensions not being designed, supported, vetted, and supplied by the browser maker itself). It's one of the modern browser developments that I take strong issue with... but that's just me.

I used extension as example. To know if problem is?

• a) We can't use any / specific search engine - mean to select engine ABC, as Opera didn't check it whatever.
• b) We can't use other engines, because for now there's no secure way to change this engine, without compromising security.

stealth789

stealth789 last edited by

Opera extensions undergo a fairly rigid Opera review, before being approved, including Opera's "review of the code," and that the extension: "must not collect private information without authorization from the user."
http://dev.opera.com/extensions/tut_publishing_guidelines.html
My understanding is that Opera gives has given a more rigorous review/vetting to it's extensions than Google has to Chrome extensions, at least as of a year ago. http://browserfame.com/1928/chrome-vs-opera
In any event, this issue of Opera setting up a procedure where one can add a search engine, by going to the website of the search engine and right clicking on the search bar, then have a one letter (or maybe two) code to type before a search from the Opera address bar is strictly within Opera. It is not an extension work-around. And it is presumably deemed by Opera safer than permitting the adding of more default search engines.
If the Opera developer deems that process safer for the user than adding default search engines (which has certain hijacking risks deemed by Opera unacceptable), I have no reason or desire to second-guess Opera on that.

From developer point of view. Practically speaking, there's no huge difference between custom and define search engine. If we're talking about code. More about are different reasons why don't allow it.

But if I make extension that allows to use any there defined engine, would it be acceptable by Opera? Let's say some Disconnect Search act like extension with ability to use custom engine? Or when this extension will have let's say 100 fixed engines, but you can set any as default. Will Opera allow it? Again using also address bar to input search term?

lem729

lem729 last edited by

But if I make extension that allows to use any there defined engine, would it be acceptable by Opera? Let's say some Disconnect Search act like extension with ability to use custom engine? Or when this extension will have let's say 100 fixed engines, but you can set any as default. Will Opera allow it? Again using also address bar to input search term?

You say: "But if I make extension that allows to use any there defined engine, would it be acceptable by Opera?"

I have no idea as to the answer to your question. You'd have to meet the Opera review criteria, which are fairly extensive. http://dev.opera.com/extensions/tut_publishing_guidelines.html

Every case is individual, and must meet the extensive Opera review criteria for approval of an extension. You cannot generalize from Opera's approval of the Disconnect Search extension. The Disconnect Search extension was approved by Opera (but the whole Disconnect enterprise is focused on safety (designed to prevent Internet Service Providers and thousands of websites from seeing your searches and tracking you), so the Opera review (of the code of that extension) and the determination that it was okay and safe for Opera users, is no precedent for how Opera would react to a different extension that permitted a search (using a search engine that is not one of the five Opera Default engines) from the Opera Address Bar. It would no doubt be coded differently, reviewed on its own terms, based on the Opera review criteria. The whole Disconnect enterprise by an ostensibly reputable enterprise has has a lot of positive reviews, and surely was determined by Opera to add needed and valuable functionality (providing a search that is anonymous).

http://techcrunch.com/2013/04/17/disconnect-2-brings-more-privacy-to-your-browser-lets-you-block-2k-sites-from-tracking-your-activity-online/

http://blogs.wsj.com/digits/2011/02/27/wall-street-journal-privacy-series-inspires-one-start-up/

http://www.nytimes.com/2014/04/03/technology/personaltech/sweeping-away-a-search-history.html?_r=0

Opera's review of extension codes is designed to determine among other things, that there are no obvious bugs. If Opera deems the extension code malicious (one that could permit a search engine hijacking), one could easily guess to a 99.9 percent certainty that they would not approve it, or at least I would hope I mean a third party search bar (created by an extension) which can be easily taken over and hijacked would seem like an obvious "bug." Also, all extensions are reviewed to ensure that the extension must not collect private information without authorization from the user. It must not send private data to an external store.

On the insurance of safety through the native browser, and its review of extensions, at this point, it seems to me that it's Opera's call. I see no reason to second guess Opera. The safety decision is theirs.

As to the "safety" issue in the native Opera browser, I cannot urge Opera developers to "safely" add additional default search engines (as you have suggested), because that presumes that it can be safely done, and in a cost effective manner. That's putting the cart before the horse. Rather, I would urge that IF they can safely and cost-effectively add additional search engines, then they should do it.

stealth789

stealth789 last edited by

But if I make extension that allows to use any there defined engine, would it be acceptable by Opera? Let's say some Disconnect Search act like extension with ability to use custom engine? Or when this extension will have let's say 100 fixed engines, but you can set any as default. Will Opera allow it? Again using also address bar to input search term?

You say: "But if I make extension that allows to use any there defined engine, would it be acceptable by Opera?"
I have no idea as to the answer to your question. You'd have to meet the Opera review criteria, which are fairly extensive. http://dev.opera.com/extensions/tut_publishing_guidelines.html
Every case is individual, and must meet the extensive Opera review criteria for approval of an extension. You cannot generalize from Opera's approval of the Disconnect Search extension. The Disconnect Search extension was approved by Opera (but the whole Disconnect enterprise is focused on safety (designed to prevent Internet Service Providers and thousands of websites from seeing your searches and tracking you), so the Opera review (of the code of that extension) and the determination that it was okay and safe for Opera users, is no precedent for how Opera would react to a different extension that permitted a search (using a search engine that is not one of the five Opera Default engines) from the Opera Address Bar. It would no doubt be coded differently, reviewed on its own terms, based on the Opera review criteria. The whole Disconnect enterprise by a ostensibly reputable enterprise has has a lot of positive reviews, and surely was determined by Opera to add needed and valuable functionality (providing a search where that search is anonymous).

Sure I understand that it's individual. But I don't find there anything mentioning my scenario. Still Opera can remove any contents on their pages if they want. Or there's part about option to edit.

To be accurate, Opera has 10 engines (now). But sure 5 are active based on location. When I don't count location variants there are: allegro, amazon, baidu, bing, google, rambler, seznam, wiki, yahoo, yandex. From this 10: 1 use secure connection, 2 don't use HTTPS (even it's supported by server), and 7 don't use HTTPS, because they just don't support it. So basically only 1 is secure, without uncovering my privacy!

And when we're talking about positive reviews, also read about StartPage/Ixquick or DuckDuckGo. Or other secure and safe search engines. Not to force you, but to know, there are other alternatives. And power users knows it, and want to be secure.

http://techcrunch.com/2013/04/17/disconnect-2-brings-more-privacy-to-your-browser-lets-you-block-2k-sites-from-tracking-your-activity-online/
http://blogs.wsj.com/digits/2011/02/27/wall-street-journal-privacy-series-inspires-one-start-up/
http://www.nytimes.com/2014/04/03/technology/personaltech/sweeping-away-a-search-history.html?_r=0
Opera's review of the codes is designed to determine among other things, where there are any obvious bugs. If Opera deems the extension code malicious (one that could permit a search engine hijacking), one could easily guess they would not approve it, or at least I would hope I mean a third party search bar (created by an extension) which can be easily taken over and hijacked would seem like an obvious "bug." Also, all extensions are reviewed to ensure that the extension must not collect private information without authorization from the user. It must not send private data to an external store.

Sure I understand about privacy. But there are extensions that allow you to search from specific popup windows. But still if it's possible to override default engine like Disconnect Search extension, then it's just possible.

On the insurance of safety through the native browser, and its review of extensions, at this point, it seems to me that it's Opera's call. I see no reason to second guess Opera. The safety decision is theirs.

Sure if Oprea won't approve it, there's no way. At least not to provide extension on Opera site. Still there are Options to use different site. But it sure will look unsafe in first place. So hope people don't use any of this kind of extensions.

I cannot urge them to "safely" add additional default search engines, because that presumes that it can be safely done in a cost effective manner. That's putting the cart before the horse. Rather, I would urge that if they can safely and cost-effectively add additional search engines, then they should do it.

Sure. I'm not asking anybody to do it, just because. I'm trying to argument, and find a way. And anybody can read arguments, and made decision on their own. I don't think that argue more is worse for decision.

As for now I use 5 browsers. For example IE for specific portal applications, and also Chromium, Firefox, TorBrowser and sure Opera as main browser. In any other of them I have custom engine. So basically when I switch to another one, I'm expecting it to work. Now when I'm in Opera I have to press key. And as you know people forget. So time to time it's hard when you again see results you won't see. It's disturbing, and also from my personal point un-secure (it's just personal preference).

Deleted User

Deleted User last edited by

Does it is necessary to discuss the same thing in two topics?

blackbird71

blackbird71 last edited by

Does it is necessary to discuss the same thing in two topics?

Perhaps not "necessary"... but you have to admit, it adds to the challenge of keeping one's mind straight as to where one posted what.

Deleted User

Deleted User last edited by

Does it is necessary to discuss the same thing in two topics?

Perhaps not "necessary"... but you have to admit, it adds to the challenge of keeping one's mind straight as to where one posted what.

LOL

lem729

lem729 last edited by admin

@stealth789

You mentioned in that other thread that you never save your password on a browser.

https://forums.opera.com/topic/3441/search-engine-default/29

I do, and I'm sure many others do. There are just too many passwords at too many sites one needs to access to have to re-enter them all the time. But maybe that is is a reason why you are less concerned about a search engine hijacking. If your search engine is hijacked, there are no passwords of yours in the browser that are insecure/compromised. Fine, so you can be relaxed about using a less secure/higher risk search engine.

I feel strongly about the issue (that I want Opera to not offer less safe search engines) because if my search engine is hijacked my data, including passwords, is compromised -- and a lot of things adverse to me can come into play from that.

stealth789

stealth789 last edited by admin

@stealth789
You mentioned in that other thread that you never save your password on a browser.
https://forums.opera.com/topic/3441/search-engine-default/29
I do, and I'm sure many others do. There are just too many passwords at too many sites one needs to access to have to re-enter them all the time. But maybe that is is a reason why you are less concerned about a search engine hijacking. If your search engine is hijacked, there are no passwords of yours in the browser that are insecure/compromised. Fine, so you can be relaxed about using a less secure/higher risk search engine.
I feel strongly about the issue (that I want Opera to not offer less safe search engines) because if my search engine is hijacked my data, including passwords, is compromised -- and a lot of things adverse to me can come into play from that.

My answer's here https://forums.opera.com/post/42565 . Also more about your "safe" engines I mentioned just here above https://forums.opera.com/post/42511 . From 10 only 1 act at least in secure connection. But is suspicious from tracking uses, so basically their privacy!

stealth789

stealth789 last edited by

But if I make extension that allows to use any there defined engine, would it be acceptable by Opera? Let's say some Disconnect Search act like extension with ability to use custom engine? Or when this extension will have let's say 100 fixed engines, but you can set any as default. Will Opera allow it? Again using also address bar to input search term?

You say: "But if I make extension that allows to use any there defined engine, would it be acceptable by Opera?"
I have no idea as to the answer to your question. You'd have to meet the Opera review criteria, which are fairly extensive. http://dev.opera.com/extensions/tut_publishing_guidelines.html
Every case is individual, and must meet the extensive Opera review criteria for approval of an extension. You cannot generalize from Opera's approval of the Disconnect Search extension. The Disconnect Search extension was approved by Opera (but the whole Disconnect enterprise is focused on safety (designed to prevent Internet Service Providers and thousands of websites from seeing your searches and tracking you), so the Opera review (of the code of that extension) and the determination that it was okay and safe for Opera users, is no precedent for how Opera would react to a different extension that permitted a search (using a search engine that is not one of the five Opera Default engines) from the Opera Address Bar. It would no doubt be coded differently, reviewed on its own terms, based on the Opera review criteria. The whole Disconnect enterprise by a ostensibly reputable enterprise has has a lot of positive reviews, and surely was determined by Opera to add needed and valuable functionality (providing a search where that search is anonymous).

Sure I understand that it's individual. But I don't find there anything mentioning my scenario. Still Opera can remove any contents on their pages if they want. Or there's part about option to edit.
To be accurate, Opera has 10 engines (now). But sure 5 are active based on location. When I don't count location variants there are: allegro, amazon, baidu, bing, google, rambler, seznam, wiki, yahoo, yandex. From this 10: 1 use secure connection, 2 don't use HTTPS (even it's supported by server), and 7 don't use HTTPS, because they just don't support it. So basically only 1 is secure, without uncovering my privacy!

Just to be accurate one mistake in numbers. So as I tried now there's one more engine that can use secure connection, but is not set correctly:

• 1 engine use secure connection HTTPS (SSL secure connection): google
• 3 engines are set wrong by Opera, as they accept secure conection (on server side), but are not set to use it: bing, wiki, yahoo
• 6 engines doesn't support secure connection: allegro, amazon, baidu, rambler, seznam, yandex

And when we're talking about positive reviews, also read about StartPage/Ixquick or DuckDuckGo. Or other secure and safe search engines. Not to force you, but to know, there are other alternatives. And power users knows it, and want to be secure.

http://techcrunch.com/2013/04/17/disconnect-2-brings-more-privacy-to-your-browser-lets-you-block-2k-sites-from-tracking-your-activity-online/
http://blogs.wsj.com/digits/2011/02/27/wall-street-journal-privacy-series-inspires-one-start-up/
http://www.nytimes.com/2014/04/03/technology/personaltech/sweeping-away-a-search-history.html?_r=0
Opera's review of the codes is designed to determine among other things, where there are any obvious bugs. If Opera deems the extension code malicious (one that could permit a search engine hijacking), one could easily guess they would not approve it, or at least I would hope I mean a third party search bar (created by an extension) which can be easily taken over and hijacked would seem like an obvious "bug." Also, all extensions are reviewed to ensure that the extension must not collect private information without authorization from the user. It must not send private data to an external store.

Sure I understand about privacy. But there are extensions that allow you to search from specific popup windows. But still if it's possible to override default engine like Disconnect Search extension, then it's just possible.

On the insurance of safety through the native browser, and its review of extensions, at this point, it seems to me that it's Opera's call. I see no reason to second guess Opera. The safety decision is theirs.

Sure if Oprea won't approve it, there's no way. At least not to provide extension on Opera site. Still there are Options to use different site. But it sure will look unsafe in first place. So hope people don't use any of this kind of extensions.

I cannot urge them to "safely" add additional default search engines, because that presumes that it can be safely done in a cost effective manner. That's putting the cart before the horse. Rather, I would urge that if they can safely and cost-effectively add additional search engines, then they should do it.

Sure. I'm not asking anybody to do it, just because. I'm trying to argument, and find a way. And anybody can read arguments, and made decision on their own. I don't think that argue more is worse for decision.
As for now I use 5 browsers. For example IE for specific portal applications, and also Chromium, Firefox, TorBrowser and sure Opera as main browser. In any other of them I have custom engine. So basically when I switch to another one, I'm expecting it to work. Now when I'm in Opera I have to press key. And as you know people forget. So time to time it's hard when you again see results you won't see. It's disturbing, and also from my personal point un-secure (it's just personal preference).

lem729

lem729 last edited by

alaxanderzeus,

You're repeating verbatem the arguments already made by stealth789 and me.

We all agree that if they can safely and cost effectively add additonal search engines, we recommend they do it. Everyone agrees it shouldn't be done if Opera concludes it's not safe.

There is nowhere else for this thread to go. It's really time to close it.

stealth789

stealth789 last edited by

alaxanderzeus,
You're repeating verbatem the arguments already made by stealth789 and me.
We all agree that if they can safely and cost effectively add additonal search engines, we recommend they do it. Everyone agrees it shouldn't be done if Opera concludes it's not safe.

I just don't agree that they can't do it safely and cost effectively.

As you stated before you're not specialist on this specific topic or developer. So basically no one responsible didn't react the way why exactly this cannot happen. So then I can argue to it, why it should be possible. As I'm used from any other forums that I can argue about my suggestion also with people really responsible for possible application of suggestion. But maybe my misunderstanding.

There is nowhere else for this thread to go. It's really time to close it.

linuxmint7

linuxmint7 last edited by

alaxanderzeus,
You're repeating verbatem the arguments already made by stealth789 and me.

Of course he was, because he was (past tenths) a spammer.

lem729

lem729 last edited by

linuzmint7

Crazy? Past tense? (yes, his post was thankfully deleted). Thanks.

blackbird71

blackbird71 last edited by

alaxanderzeus,
You're repeating verbatem the arguments already made by stealth789 and me.
We all agree that if they can safely and cost effectively add additonal search engines, we recommend they do it. Everyone agrees it shouldn't be done if Opera concludes it's not safe.
There is nowhere else for this thread to go. It's really time to close it.

Sigh...!
@lem729 -- OT: things I really wish this forum possessed: a means of indicating (in the original place) that a poster's message was deleted by a mod. I read forums in linear fashion... so when I stumbled on your reference to alaxanderzeus's post, I went back looking for it, over and over again (thinking it really must be there somewhere). Eventually I gave up and continued reading beyond your post, only to discover that he was a spammer and his posts were made to evaporate... quite understandably, of course. But it does leave a messy trail behind in references of subsequent posts, and readers can too easily fall off that cliff as they follow along. Oh well... there are worse things in life, I guess.

lem729

lem729 last edited by

You are right, blackbird71. I noticed it too Like what were we all commenting on (once the spammer's post was deleted). If I had been quick enough, I would have ignored the post, so there would be no trail when the moderator deleted the post. I'll try to remember that in the future.

Yes, ideally if the Moderator deletes a post, maybe the name of the spammer should remain with the message by the Moderator about "Post deleted because it . . . " (whatever). Then if people saw the comments, they would understand it. Sometimes, I've seen the Moderator's do that.

blackbird71

blackbird71 last edited by

@lem729, it's only a guess, but the mods may have more than one way to attack spamming, and depending on what technique they use, the results/effects may vary. If they go after an individual post, perhaps they can comment in place of it... but if they extinguish the hacker's account in certain ways, perhaps all his posts simply evaporate... I'm really not sure. In any case, the mods have a heavy enough load, so I certainly wouldn't want to add to it by asking for more manual intervention in such situations. I just wish the forum machinery itself did some things a little differently, this being one of them...

But, as I noted earlier, in the grand scheme of things, there are certainly worse things. Frankly, I'm glad (and very appreciative) that the mods are jumping on spam as fast as they do... it's a major, major improvement over the early days of this forum.