Search Engine Default
-
A Former User last edited by
The debate is not about how, just about allowing it. And no one will convince me there's no any way to make it happen. It's about if you want to. Not how to.
Even Firefox that's getting huge money can change this. Money are factor, but cannot by used in this case as reason to build walls.
Money is not being used as a factor, I was explaining to you why they can't include each and every engine that exists as choices, I was not explaining why they won't allow you to choose to set a custom search engine as default.And yes you can set a custom search engine as default in Firefox, but since Mozilla didn't implement any security then the option can be abused by third-parties. Ask, Babylon and much worse malware can hijack this config easily. So yes the discussion in the context of security is about how to implement it, not a raw discussion on allowing/forbidding without considering the consequences.
-
blackbird71 last edited by
...
It's about freedom, when even this default list cannot be expanded. Because then there's no argument about security. And then there are totaly different reasons for this. And it has nothing to do with security. It's just excuse to use forced list.
...
It's just deceiving. Correct question is, why then they didn't add StartPage. Ixquick,... to default serach engines, when it's safe, better much safer than engines they provide, and many are asking for it? It's lot of work? It's safer?@stealth: One last time, I'll venture in here. There are many areas and details related to security in a browser, as we all know. Some of them are more difficult or costly to deal with than others, some involve limitations in external security protocols, some are dependent on proper implementation/behavior by websites, and so on.
In January 2013, with version 12.15, Opera altered its browser behavior to prevent anyone or any thing from readily altering its list of default search engines, stating that this was done in response to browser-hijacking security threats against its browser that it deemed signficant. That default engine behavior was continued in all of the Blink Opera versions thereafter, thus far. One either accepts Opera's statements at face value of why they "locked" the default list or one must accuse them of lying or deception. My own knowledge of security issues leads me to believe their explanation is legitimate, and I've attempted in my posts to explain that.
Neither you nor I have the accurate details of the economics, shortcomings, reliability, prioritization or relative merits of how Opera might or might not implement this or that method of restoring user customization of the default search engine list. Opera does. For me, it is sufficient that Opera has said they have not rejected the idea of user customization in principle, but that a reliable, appropriate solution has not yet come to be, in their judgment. Apparently, you do not accept that statement. OK, we agree that there's a disagreement, but what is the point of further discussing that? As with their statements about why the default list was 'locked', they have already expressed their viewpoints. They will deal with the default list issue further if and when they deem it appropriate; in the meantime, that particular security threat is blocked in their estimation, and the present negative user consequences are simply user 'inconvenience' since alternative search engines not on the default list can still easily be used, if a user so desires. The original problem that existed involved a potential hijacking of the search engine that maliciously locked it to an ersatz default engine that the user could not readily remove or restore from, even by restarting the browser.
All the other issues raised here (other security details, relative risks of various search engines, tradeoffs/merits of various ways of adjusting defaults, user "freedom", who gets paid for what via list placements, etc, etc) have no bearing on the default search-engine list problem and Opera's explanations, plain and simple. They are extraneous. Opera has done what it has for the reasons it's given; Opera will do what (if anything) further it needs to when it's ready; in the meantime, the browser is what it is. Either one accepts Opera's explanations or one must call them liars.
-
stealth789 last edited by
The debate is not about how, just about allowing it. And no one will convince me there's no any way to make it happen. It's about if you want to. Not how to.
Even Firefox that's getting huge money can change this. Money are factor, but cannot by used in this case as reason to build walls.
Money is not being used as a factor, I was explaining to you why they can't include each and every engine that exists as choices, I was not explaining why they won't allow you to choose to set a custom search engine as default.Sure I got this. And also as I stated this suggestion was showed as an alternative, to some of reasons why not.
And yes you can set a custom search engine as default in Firefox, but since Mozilla didn't implement any security then the option can be abused by third-parties. Ask, Babylon and much worse malware can hijack this config easily. So yes the discussion in the context of security is about how to implement it, not a raw discussion on allowing/forbidding without considering the consequences.
Sure if it's about how, then it's kind of OK. But also there's need to understand, that Browser is not security software, to protect machine's file system. For this there's antivirus, hips, ...
Because Opera is now protecting one file with default engines against local changes, like it's biggest problem. But at same time not protecting file Web Data. Basically user can change password or any private data securely, but can't default search engine? What's the difference? Also in Chromium default engines are just in this file with custom one. Opera decided to move it away, to separate place. So then what should I think? That Opera cares more about default search engines, than user private data? So sure it's really questionable what kind of security Opera means. Or what they want to be secure.
-
Deleted User last edited by
The discussion is gone nowhere, we are just repeating everything again. Let's wait for the new versions. Linux's users had waited a year to Have Opera for Linux. So we can wait as well.
-
stealth789 last edited by
...
It's about freedom, when even this default list cannot be expanded. Because then there's no argument about security. And then there are totaly different reasons for this. And it has nothing to do with security. It's just excuse to use forced list.
...
It's just deceiving. Correct question is, why then they didn't add StartPage. Ixquick,... to default serach engines, when it's safe, better much safer than engines they provide, and many are asking for it? It's lot of work? It's safer?@stealth: One last time, I'll venture in here. There are many areas and details related to security in a browser, as we all know. Some of them are more difficult or costly to deal with than others, some involve limitations in external security protocols, some are dependent on proper implementation/behavior by websites, and so on.
In January 2013, with version 12.15, Opera altered its browser behavior to prevent anyone or any thing from readily altering its list of default search engines, stating that this was done in response to browser-hijacking security threats against its browser that it deemed signficant. That default engine behavior was continued in all of the Blink Opera versions thereafter, thus far. One either accepts Opera's statements at face value of why they "locked" the default list or one must accuse them of lying or deception. My own knowledge of security issues leads me to believe their explanation is legitimate, and I've attempted in my posts to explain that.To be accurate, I tested x86 releases of Opera Presto. Basically there's no problem at all to change default search engine. It's located in one ini file "search.ini": 12.14 b1738, 12.15 b1748, 12.16 b1860, 12.17 b1863. All no problem at all. Blink Opera only changed location and format to json. Simply means Presto is "secure" but Blink has problems.
Neither you nor I have the accurate details of the economics, shortcomings, reliability, prioritization or relative merits of how Opera might or might not implement this or that method of restoring user customization of the default search engine list. Opera does. For me, it is sufficient that Opera has said they have not rejected the idea of user customization in principle, but that a reliable, appropriate solution has not yet come to be, in their judgment. Apparently, you do not accept that statement. OK, we agree that there's a disagreement, but what is the point of further discussing that? As with their statements about why the default list was 'locked', they have already expressed their viewpoints. They will deal with the default list issue further if and when they deem it appropriate; in the meantime, that particular security threat is blocked in their estimation, and the present negative user consequences are simply user 'inconvenience' since alternative search engines not on the default list can still easily be used, if a user so desires. The original problem that existed involved a potential hijacking of the search engine that maliciously locked it to an ersatz default engine that the user could not readily remove or restore from, even by restarting the browser.
All the other issues raised here (other security details, relative risks of various search engines, tradeoffs/merits of various ways of adjusting defaults, user "freedom", who gets paid for what via list placements, etc, etc) have no bearing on the default search-engine list problem and Opera's explanations, plain and simple. They are extraneous. Opera has done what it has for the reasons it's given; Opera will do what (if anything) further it needs to when it's ready; in the meantime, the browser is what it is. Either one accepts Opera's explanations or one must call them liars.Sure but from technical point of view security restriction how it's in current conditions doesn't make much sense. There's no logical explanation for this. And after year and half, they didn't changed anything.
-
stealth789 last edited by
The discussion is gone nowhere, we are just repeating everything again. Let's wait for the new versions. Linux's users had waited a year to Have Opera for Linux. So we can wait as well.
There's no problem with waiting if you know, that change will come. But question is for how long it is. But let's hope it will come to this.
But from this point rather security related arguments are going nowhere, and has many flaws. Or sometimes there's lack of logic in decisions made. But sure maybe desperate times called for desperate measures.
-
blackbird71 last edited by
...
To be accurate, I tested x86 releases of Opera Presto. Basically there's no problem at all to change default search engine. It's located in one ini file "search.ini": 12.14 b1738, 12.15 b1748, 12.16 b1860, 12.17 b1863. All no problem at all. Blink Opera only changed location and format to json. Simply means Presto is "secure" but Blink has problems.
...I haven't played around with manually altering search.ini files, nor do I know that such alterations will "stick" after Opera is restarted. But when I refer to "readily" changed, I mean simply that the ability to do it is not incorporated within the browser itself via settings or tweaks, since Opera 12.15 came on the scene. I do know that such kinds of manual file alterations often don't survive a version upgrade. I also know that the MyOpera forum was replete with threads complaining about the user's inability to alter the default search engine beyond those in Opera's list, and I was intimately involved in many of those threads because my StartPage was one of those affected... and in none of those threads was anything discovered that would persist in an Opera installation across restarts and/or version upgrades. At the end, the best one could do was to swap the locations of the default Opera search box and a second custom-focused search box that one had manually added to a toolbar, and use the custom box in lieu of the default box. For that, and several other reasons, I'm still at Opera 12.14, rather than having moved on with the Opera versions.
My point, in any case, is that manually altering files does not mean there's an easy, secure means of doing the same thing from within the browser via settings, etc. that can also be kept free from malware's tamperings.
-
stealth789 last edited by
@blackbird71: In mentioned 12.x versions it's allowed to alter default search engine standard way via Manage Search Engines \ Add \ Set Use as default search engine. I mean standard user's way. So maybe only in specific builds of 12.x is was restricted. I only checked final builds of files from http://ftp.opera.com/pub/opera/win/.
Also I was used to backup "search.ini" file in many OS re-installs without problems. But sure there can be some problems related to new upgrades now.
And about secure way by user, as I mentioned in other thread, I don't see difference from managing password. When it can work (and I hope work safe), the same way data can be encrypted and saved to SQLite file, just like password_value is in Login Data file.
-
A Former User last edited by
To be accurate, I tested x86 releases of Opera Presto. Basically there's no problem at all to change default search engine. It's located in one ini file "search.ini": 12.14 b1738, 12.15 b1748, 12.16 b1860, 12.17 b1863. All no problem at all. Blink Opera only changed location and format to json. Simply means Presto is "secure" but Blink has problems.
Add startpage.com as search engine in Opera 12.15 and up, set it as default, exit and reopen the browser. It won't keep your setting.
search.ini could be easily edited by third-parties up to 12.14, in 12.15+ only the engines included in the built-in lists for Opera's various partner locations could be set as default.
-
stealth789 last edited by
Oh, I see now. Just a little bit crazy. I'm sure how users should be crazy about it. At least they could disable check box, to don't deceive users. As it looks there are again hashes in file "files.sig", suggesting some 2048 bit function. So also encrypted by Opera.
Still no making sense to me use this madness. Should store it the same way as passwords. Period.