SECURITY CONCERN - Opera fraud check requests

samkook

samkook last edited by

https has to be set on the server side and is a secure version of the standard http, it help prevent people from intercepting the data from you to the destination server.

Fraud check is a good thing to have enabled by default since it helps making sure the website you're visiting won't screw you over, but it comes at the price of less privacy and slower browsing which some people aren't comfortable with.

Personally, I don't find this useful since I'm careful with the site I visit and there's already ssl verified certificates to protect me on the important sites so having my browsing slowed down by checking on an extra server and waiting for an answer before displaying it as safe(well, it's my assumption of how it would logically work, it might be different) and wasting bandwidth in the process is not something I want.

I know Win8 does this for every software you install(it can be disabled though), but I'm not sure if other browsers have such an option.

As for an option to protect their privacy, the only way I can think of besides not using the browser would be to block the access to opera sitecheck server, but that might have undesirable consequences like webpage not loading or taking much longer.

lem729

lem729 last edited by

Https has to be set on the server side? Do you mean it's something your internet provider would have to do?

If Opera blink is the only one doing this, is it a plus or minus -- the protection versus the loss of privacy? There are extensions that can supposedly check for the safety of sites. Of course, if you go that route, you're giving your data (requested site) to the one who runs that extension. I would think, though, that this Opera feature ought to be an option, that people can turn off if they don't want it.

Now if none of the other browsers do this, and Opera Blink does (maybe the others do?), then it's a feature differential -- forced (lol) tracking protection
I've just seen where IE 11 has a Safety feature (under safety tab), "turn on tracking protection.". So they provide a perhaps similar feature, but let the user turn it off. That's a more user-friendly feature.

sgunhouse

sgunhouse Moderator Volunteer last edited by

I tend to disable fraud protection anyway - I don't click unknown links, and at times the delay can be too long. Opera corporation itself doesn't record sitecheck information, but that doesn't mean a "man in the middle" - including someone at your ISP - couldn't record that. Though obviously your ISP would already know, so maybe that's redundant.(They have to route traffic between your computer/device and the destination, so of course they know where you are requesting pages from.)

lem729

lem729 last edited by

But sgunhouse, unlike the IE feature, where you can turn on or off the tracking protection (and Chrome's "Enable Phishing and Malware Protection") with Opera there is no option to disable it. I thought those third party extensions I cited in this thread were giving some of that tracking protection, but now I'm a bit confused on this. It sounds like they deal with a different matter entirely, not the browser's communication with Opera.

samkook

samkook last edited by

The website makers are the one who decide if their website use a secure connection(slower) or not, nothing to do with the ISP.

Depending on which side you're on, it's either a plus or a minus, but with an option to disable it, then it magically becomes a plus pretty much no matter where you stand(some people will still complain if it's the default setting or not though).

@sgunhouse Are you saying there's an option to disable it in the new opera?

And it doesn't matter if they record it or not, it's the fact that they could that matters and the less people that can, the better.

@lem729 The extensions can prevent/lessen the ability of the websites themselves from tracking you, but this is an internal opera thing which the extensions don't have any control over so the browser itself can track you no matter what.

sgunhouse

sgunhouse Moderator Volunteer last edited by

Are you saying there's an option to disable it in the new opera?
And it doesn't matter if they record it or not, it's the fact that they could that matters and the less people that can, the better.

I thought there was such an option, but I don't see it now.

Laws in Norway are such that they can't record personal information without permission, and then only for a specific stated purpose - as soon as that purpose has been accomplished they must destroy the recorded information. (They have sent me Christmas presents for helping in the forum, every year they have to ask me for my address again. So I asked them why ...)

lem729

lem729 last edited by

That's good to hear.

Here's something I found on Opera and privacy.

http://www.opera.com/privacy

And thank you, @Sgunhouse, for your years of being a moderator, and putting up with us sometimes impossible users. It seems like only yesterday, you were explaining to me how to put a widget in a sidepanel. Those were the days.

samkook

samkook last edited by

Those privacy policies are still talking about my opera which doesn't exist anymore so it doesn't inspire much confidence.

You can put all the policies you want and it might be illegal, but people with bad intention can be anywhere and if one of such people happens to have access to your information, they can do as they wish with it, even if the company or the law doesn't agree.

I know it's an unlikely scenario, but some people might not want to have such a risk imposed on them.

Still, it's good to know the company takes privacy that seriously even when it doesn't seem like it with some of the features they force upon us.

And I also thank you @Sgunhouse, you've helped me quite a few times over the years, especially to not give up on this forum even though it drives me crazy most of the time.

stealth789

stealth789 last edited by

Try an OPera extension, designed to protect privacy, like:
Disconnect https://addons.opera.com/en/extensions/details/disconnect/?display=en
Disconnect Search https://addons.opera.com/en/extensions/details/disconnect-search/?display=en
Do Not Track Me https://addons.opera.com/en/extensions/details/donottrackme-online-privacy-protection/?display=en
Zen Mate for Opera https://addons.opera.com/en/extensions/details/zenmate-for-operatm/?display=en
Ghostery https://addons.opera.com/en/extensions/details/ghostery/?display=en

This extensions won't override core application requests. But FYI I use Adblock Plus and HTTPS Everywhere. Plus good Firewall and Antivirus is enougt for me. Still waiting for some extension like NoScript for Firefox.

stealth789

stealth789 last edited by

How about Settings (Alt P), Privacy and Security, and put a check in: "Send a ‘Do Not Track’ request with your browsing traffic." Doesn't that help?

It won't stop Fraud check. And this set only header of my requests. Basically any site can ignore this. It's good to use this, but id doesn't mean, that site won't track. It's decision of site implementation to read this parameter and decide what to do with it. And for sure even ignore it at all.

samkook

samkook last edited by

Still waiting for some extension like NoScript for Firefox.

There was scriptweeder(which I like much more than noscript) for the old opera, but it doesn't look like it has been ported to 15+ and it wouldn't help with this problem at all, nothing would short of a feature to disable it or a firewall.

Not sure how https anywhere can even work if the server doesn't accept https connections.

stealth789

stealth789 last edited by

add option to disable this Fraud check requests, with default to DISABLED!
Luckily, that's never going to happen. This is a basic protection and won't get disabled.
(Using https & post wouldn't hurt though)

In Opera till 12x there was option to disable Fraud Check. Also other browsers doesn't use this kind of "extended" protection. Any functionality like this should be in options. If it's not, there reason for it. And if developers intensions are honest, there's no need to disable this specific setting.

But what concerns me, is that you are making decisions on your own!
No way! A company that decides how to design their product without you having the last word?
Didn't even think something that obscure could ever happen.

And sure company can do decision on their own. But then I do mine. And if product is stated that does something, but it does also something I didn't approve, it's incorrect. Because if you approve this, even viruses are just fine. The question is, if I know, that some software does something that I don't like, if I'll use it anymore.

any software, that does something behind my back is dangerous.
No. Every software does a lot that you can't see. If you want to stop using software that does something that you can't see, than simply press that button with the circle and this little line at its 12 o'clock position in it.

And sure a lot of software does a lot of things I can't see. But some parts of it can be controlled (Firewall, HIPS, ...). And yes, id i see that software does something strange, I start restricting, even for sandboxing level. Or just stop using it.

stealth789

stealth789 last edited by

add option to disable this Fraud check requests, with default to DISABLED!
Luckily, that's never going to happen. This is a basic protection and won't get disabled.
(Using https & post wouldn't hurt though)>

Https? and post? Not sure what that means, or why it wouldn't hurt. Is there a setting to change addresses to https?

Just technical details. I mean to user sercure SSL request over HTTP request. And even user POST request rather than GET.

I think people want to understand the reason for the fraud check on every use of the browser (new address)?

Yes it sends request for every address. Then got back time for how ling this site is valid. So again after this expiration request to same site is send. Some kind of cache.

Is it typical of browsers in general? -- such a check?

No it's not. But also Chrome (I don't mean Chromium!) use some call home and other stupid stuff. That's for me the reason not to use such product.

If it's new to Opera Blink, then why is it being done?

It was also in Presto Opera. Just with option to disable it.

Does the user have any options to protect their privacy, besides not using the browser? (Apparently the extensions I cited do not address the issue -- provide the protection)

stealth789

stealth789 last edited by

Still waiting for some extension like NoScript for Firefox.

There was scriptweeder(which I like much more than noscript) for the old opera, but it doesn't look like it has been ported to 15+ and it wouldn't help with this problem at all, nothing would short of a feature to disable it or a firewall.
Not sure how https anywhere can even work if the server doesn't accept https connections.

HTTPS anywhere sure won't work if server doesn't accept SSL. But it change requests from HTTP to HTTPS for known sites.

stealth789

stealth789 last edited by

I tend to disable fraud protection anyway - I don't click unknown links, and at times the delay can be too long. Opera corporation itself doesn't record sitecheck information, but that doesn't mean a "man in the middle" - including someone at your ISP - couldn't record that. Though obviously your ISP would already know, so maybe that's redundant.(They have to route traffic between your computer/device and the destination, so of course they know where you are requesting pages from.)

I also hope that Opera won't save this data for third party or something like this.
But generally I want to be able to set some kind of check, only if I want it. If someone restrict access to this setting, it's just thing I don't like.

samkook

samkook last edited by

HTTPS anywhere sure won't work if server doesn't accept SSL. But it change requests from HTTP to HTTPS for known sites.

Makes sense, thanks.

stealth789

stealth789 last edited by

But sgunhouse, unlike the IE feature, where you can turn on or off the tracking protection (and Chrome's "Enable Phishing and Malware Protection") with Opera there is no option to disable it. I thought those third party extensions I cited in this thread were giving some of that tracking protection, but now I'm a bit confused on this. It sounds like they deal with a different matter entirely, not the browser's communication with Opera.

In every browser I disable requests I don't need. For example in Chromium I disabled all main Privacy settings like "Use a web service to help resolve navigation errors"/"Enable phishing and malware protection", ..... And there's option like "Send suspicious downloaded files to Google". And imagine if this is enabled by default, and no option to disable. And you can't control what is "suspicious". No way for me.

Also I really check all "security" extensions. And don't use many of them, because I just don't trust them. So use only extensions certified by time. Also new extensions, that act like blockers, but I can't see any settings what it does block? It's just madness. If some things that there's not reason to cover them are hidden, there's reason for it.

stealth789

stealth789 last edited by

HTTPS anywhere sure won't work if server doesn't accept SSL. But it change requests from HTTP to HTTPS for known sites.

Makes sense, thanks.

In latest Chromium if I disable scripts in settings "Do not allow any site to run JavaScript", then on every site it's possible to enable specific ones on icon in address bar. There's icon that states that scripts are disabled. Similar to blocked 3rd party cookies. Still it's hard way, and far from what known extensions similar to NoScript can do. Opera has the same setting, but there's no easy access on from address bar icon like in Chromium.

colderwinters

colderwinters last edited by

I dont need Opera servers to check if the sites I visit are safe, I use WOT and the Comodo DNS Servers, What is the setting that enables or disables every site I visit be routed through Opera servers ? Also is this common among the various browers, or is Opera the only one doing this, I believe the old opera allowed you to disable that.

colderwinters

colderwinters last edited by

Ok, maybe it's not that big a deal, Srware Iron and Dragon has phishing and malware protection, but I leave it checkmarked as (ON), Ice Dragon has something similar that I leave (ON), Firefox has something similar also, but at least they give me the option to enable or disable it.