Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Can Opera be fully Trusted

  • Recently I came upon a short article by Hallvord R M Steen, a former software tester at Opera Software from 2000 to 2012. Here are his words: "My final thoughts: AFAIK the browser-developing parts of old Opera Software is no longer a publicly traded company and will no more issue public quarterly reports and such things. (I hope someone will correct this if I’m wrong here). This means we - the general public - will now know way less about how Opera earns money. Per a Mozilla document (WoSign and StartCom - very technical stuff) Quiho 360-related entities have done some questionable things that don’t indicate a deep understanding of the Internet’s fragile trust models."

    Now this concerns me given the shady things Quiho 360 has done (i.e. in 2016 Quiho was caught cheating in all the antivirus tests. Here is just a small part of a much longer article containing many violations against Quiho:
    Q.A) Qihoo masking their browser as a critical Windows security update to IE users.
    http://wmos.info/archives/7717 / http://www.theregister.co.uk/2013/02/01/qihoo_government_warning_fraud/
    Qihoo displayed a misleading security update for Windows users that instead installed their browser.

    Q.C) Qihoo browser actively enables insecure cryptography.
    https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit
    Qihoo's browser is notably insecure with respect to SSL/TLS, with some of the insecure changes requiring active modification to the low-level source libraries that Chromium (of which they're based on) uses.

    Q.E) Qihoo apps removed from app stores due to malware
    https://www.techinasia.com/qihoo-committing-fraud-google-making-huge-mistake / https://www.techinasia.com/qihoo-apps-banned-apple-app-store
    Qihoo Apps have repeatedly been banned from Apple's App Store due to issues
    the
    Q.G) Qihoo "security" apps repeatedly found as unfair competition
    https://www.techinasia.com/qihoo-360-loses-chinas-courts-ordered-pay-sogou-82-million-unfair-competition

    So... each of us has to make up our minds regarding the security of this Opera browser. I'm very skeptical of continuing its use given the fact that so many engineers quit within a month's period of the Chinese consortium acquiring the company.

  • @coffeelover said in Can Opera be fully Trusted:

    ...
    So... each of us has to make up our minds regarding the security of this Opera browser. ...

    This. However, it applies to any browser; and it should be pondered continually and not just at browser adoption, if browser 'security' is a conscious factor in one's browser usage (though it's not, frankly, for many users). Part of the basic issue is that a browser user must necessarily entrust part of his personal data and his browsing preferences/habits to the care and competence of software designers and parent corporations which the user has never met nor really knows little about, regardless of the user's level of inquiry. Moreover, the kinds of 'insecurities' that may be knowingly ignored by one user may be considered 'catastrophic' by another, depending on how he defines "security". Truly, YMMV.

    Obviously, you mentioned some past indications of questionable behavior on the part of subsidiaries of one partner in Opera's new parent ownership consortium. Whether or how those kinds of behavior might somehow ripple down or transfer into the actual design and 'security' of an Opera browser version is difficult to determine with any certainty. There is some measure of protection under Norwegian privacy laws, under which the Opera organization continues to operate. There is a greater measure of protection present in the inherent integrity and competency of Opera's software designers, since at the end of all factors, it's the designers who actually commit code to end product.

    The real proof-of-the-pudding lies in the code itself. However, few modern browsers are fully open-source in every code fragment they contain... otherwise the makers risk giving away the store to competitors in how they solve technical problems and provide key features. So every browser containing closed-code presents a level of uncertainty regarding what is truly going on internally. It's part of the air which ordinary users must breathe in today's software world. In such cases, a security conscious user must remain ever alert for relevant fresh reports of insecurities within a given browser or its design operations.

    Personally, I'm not unduly troubled by the revelations you list, since I believe those occurred historically in products created by entities distantly apart from the current Opera design group. In reality, the opacity of future corporate-owner influences on browser design within Opera is not much different from that characterizing Microsoft or Mozilla or most other browser makers - publicly or privately held. There are a few browser makers which seem more open in what they do (though it would be rude to discuss them in an Opera-sponsored forum), but there are no guarantees even then.

  • @blackbird71 There are no guarantees as you say and I agree. However, given the fact that many of the software engineers promptly resigned after the consortium took over and several have raised red flags regarding the direction and the trust that one might give to the new browser, I've chosen to no longer trust it. I don't trust China - period. I do not trust its expansion in the China Sea. I do not trust its persecution of Christians and violations of human rights - period. I do not trust its constant attempts to infiltrate our country's infrastructure, government and military. You might counter with the fact that we do the same and I accept that as a fact BUT I trust my own country more than China which for me is the bottom line. I've dumped Opera on all my devices. I think a much safer alternative is Vivaldi for a variety of reasons. I wish it weren't so but I'm not about to give my information willingly to a company with such close ties to China AND that includes Kaspersky/Russia connection.

  • Some people left Opera after the company's acquisition by the Chinese consortium, at the same time that many others arrived. And the same happened before that, like it's normal in any work place.

    I would say that most probably there are more people that left because of the decision to concentrate the Opera for desktops development in Poland than ones that have left because of the Chineses.

  • @leocg That's possible, Leo. I can only say that "some" of these engineers have raised these questions and that as individuals we have to make the decision to either entrust the new Opera with our data and hope that it is used wisely or decide to look elsewhere. As I mentioned in my first post, my use of Opera goes back to 1999 and right up to the Chinese buy-out. I was not one to jump ship when Opera turned to Chromium. I would like to believe otherwise. I've not done enough digging into the matter to present more of the story but I'll keep digging. I wondered if perhaps others felt the same way and how it affected their usage of the browser.

  • There are some info on how Opera makes money at https://investor.opera.com/

  • @leocg Thanks. I'll check this out. I appreciate your help.

  • I looked over these pages and yet found little to change my views. Today I see that China has been using tiny microchips to gain access to US companies. This is yet another reason why I personally do not trust software or hardware that comes from China. Read about it by going to the link below. Meanwhile, Leo you can close this thread if you like. For those like me who no longer trust Opera, the evidence seems enough. For others like Blackbird who believe the evidence is not compelling, there is little point in continuing the discussion. It really boils down to what one is willing to place his/her trust in and for me... that is no longer Opera software.

    https://www.theblaze.com/news/2018/10/04/china-used-tiny-microchips-to-gain-access-to-us-companies-banks-government-contractors-report

  • US government does (or used to do) the same. 🙂

  • @coffeelover said in Can Opera be fully Trusted:

    ... Today I see that China has been using tiny microchips to gain access to US companies. This is yet another reason why I personally do not trust software or hardware that comes from China. Read about it by going to the link below. ... For those like me who no longer trust Opera, the evidence seems enough. For others like Blackbird who believe the evidence is not compelling, there is little point in continuing the discussion. It really boils down to what one is willing to place his/her trust in and for me... ...

    https://www.theblaze.com/news/2018/10/04/china-used-tiny-microchips-to-gain-access-to-us-companies-banks-government-contractors-report

    Writing as someone who has spent much of his career dealing with highly classified materials, I feel there's a vast difference between an adversarial government covertly placing spy-chips into a market-leading company's industrial/commercial/military server hardware by bribing/coercing factory personnel within that adversarial nation in hopes of penetrating corporate/government networks so as to acquire strategic information versus that same adversary somehow getting some lines of snooping code covertly inserted into a second-tier Internet web browser that's designed by code experts outside the adversarial country and aimed at individual non-commercial users. Of course anything is always possible, but 'possible' doesn't make it likely - and it certainly doesn't necessarily make it even worthwhile. Covertness always carries the risks of unexpected disclosure, whose costs and fallout can be considerable when measured against probable reward for the effort. Consequently, the potential payoff must always be worth the risks incurred - and, frankly, the market exposure of Opera into truly strategic arenas doesn't really qualify as worth it.

    But, as I think we agree, it all comes down to personal opinions and preferences. For me and the equipment upon which I use browsers, Opera is currently OK in a security sense. For equipment that really matters in a real-world security sense, I personally believe there should be complete isolation from the public Internet - a genuine airgap, if you will. Hence, the only practical browser risks for ordinary users is from non-nation-state hackers and vandals.