Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

SECURITY CONCERN - Opera fraud check requests

  • I posted in the suggestion box that the user should be given a choice on this collection of data for the Fraud Check of sites.
    https://forums.opera.com/topic/3276/fraud-check-of-site-in-opera-22
    If you feel strongly about it, or just think it would be fairer for the user to have the choice, then comment there also. That's the better place to be having this discussion.

    Thank you. I'll take a look there ;).

  • Just so I understand this; I live in Ontario, Canada.
    When I access my local newspaper, you mean the request first goes to Norway, is checked to make sure the site is valid, and if so, then goes to the news site and finally back to me. Is that correct?

    Correct. Every new site you visit is checked. No matter where do you live.

    If so, that is not acceptable.
    Not because of privacy concerns, but because of response time concerns.

    Just to be correct. It's not checking one site on all requests. Basically if you request new site, it's sent to Opera. There is also parameter that stated for how long this request is cached = check valid (max-age-7200). Now it's for 7200 seconds (2 hours). So basically new request to same site is send after expiration of this period. It means after 2 hours.

    I also see that some traffic uses HTTP and also there are some requests using HTTPS. This only indicates some kind of flaw. Now it see that it looks like, that it uses the same protocol as request itself. Strange. I mean if I'm visiting "http://www.abc.com" request to check is "http://sitecheck2.opera.com" -> non-secure. But when I'm visiting "https://www.def.com", then check is "https://sitecheck2.opera.com" -> at least secure.

    If there is no way to disable this "feature", then I will stick with Opera 12 and at some point move entirely to Firefox.

    Not possible to disable for now. But as many features, also this one is maybe in plan to add. But I just want to make sure, that this kind of forced functionality is not acceptable by me, or anyone who cares about security. Because if software is honest, it doesn't need to force you to use some setting. It can be set default, with warning for users. But forcing means that something is wrong.

    And basically if I start to think of possibilities that Opera, ISP can do with such requests. Better not to.

    Also the interesting question is, why Opera replaced default Chromium check "Enable phishing and malware protection" with Fraud check in first place? But its ok, because, they can have better collection of sites, or whatsoever. That's not main concern to me. But practical part of deployment of this feature is. So they have to finish this concept of checking, to make it right, secure, and optional.

  • After a lot of problems trying to figure out why I can't open my favorite forum I find this..

    I've wasted much of a day trying to figure what was wrong.

    Goodbye. I'm switching back to Chrome.

  • Goodbye. I'm switching back to Chrome.

    Goodbye! Hope you have enjoyed your staying.

  • It's been nearly a year and this problem has not been solved!

  • It's been nearly a year and this problem has not been solved!

    Maybe, they simply don't want to solve it.

    Other browsers have unique browser ids that is not clear how they are used and where and how long data is stored.

    Simply privacy is not a high priority for many browser vendors. 😢

  • Let's see what version 30 brings.

    If the option to disable is not included, some people will simply switch to something else.

    This feature (option) could be implemented with an hour of programming time.

    If Opera refuses, then there is something going on behind the scenes.

  • It's been nearly a year and this problem has not been solved!

    Maybe because it's not considered a problem.

  • Let's see what version 30 brings.
    If the option to disable is not included, some people will simply switch to something else.

    It won't be included. And i also don't think it will be included in 31.

  • It's been nearly a year and this problem has not been solved!

    Maybe because it's not considered a problem.

    I think so too, but it should.

    The current approach maybe unlawful according to European Union laws, because data are sent outside the Union without any knowledge of a large part of the users who live there and use Opera.

    Pay attention, I don't say Opera is doing something unlawful with those data, but not giving detailed info about how those data are managed and stored is nevertheless an infraction.

    Everything I know about this issue is written in this thread and I cannot consider it a "official statement" from Opera.

    However, each modern browser has serious privacy problems while managing a big amount of "personal data" outside the European Union (open source ones like Firefox too).

    Even Vivaldi will add in the future a unique id to the browser in order to track what users do while on line, though it should have an option to deactivate it. This info is taken from Vivaldi dev blog.

  • The current approach maybe unlawful according to European Union laws, because data are sent outside the Union without any knowledge of a large part of the users who live there and use Opera.

    Well, EULA (browser://about/eula) and Privacy Policy (browser://about/privacy) says something about data being collected, even by third parts.

    Everything I know about this issue is written in this thread and I cannot consider it a "official statement" from Opera.

    Well, i don't think there will be one.

    However, each modern browser has serious privacy problems while managing a big amount of "personal data" outside the European Union (open source ones like Firefox too).

    What kind of personal data? An url is not a personal data.

    Even Vivaldi will add in the future a unique id to the browser in order to track what users do while on line

    Welcome to the real world. 🙂

  • Well, EULA (browser://about/eula) and Privacy Policy (browser://about/privacy) says something about data being collected, even by third parts.

    Thanks, for the info.

    What kind of personal data? An url is not a personal data.

    A single URL surely is not, but multiple URLs sent during a browsing session tied to an IP address surely is.

    I don't know if the sitecheck server logs or not the IPs and the sent URLs, but even if it doesn't, users should know what is happening in a detailed manner.

    Welcome to the real world. 🙂

    Oh, well, I know since long time that what is called "free" not always is such. 😉

  • A single URL surely is not, but multiple URLs sent during a browsing session tied to an IP address surely is.

    I don't think so. For me an url itself will never be a considered a personal data.

    I don't know if the sitecheck server logs or not the IPs and the sent URLs, but even if it doesn't, users should know what is happening in a detailed manner.

    I've found this

    =====

    Opera's Fraud and Malware Protection and your privacy

    The server used for Opera's Fraud and Malware Protection does not save your IP address or any other information related to your identity. There are no cookies related to the use of this feature. By default, Opera Fraud and Malware Protection is enabled. With Opera Fraud and Malware Protection enabled, the domain name of websites you visit is sent to Opera's Fraud and Malware Protection server together with a hash of the domain name. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.

    Opera's Fraud and Malware Protection server does not save your IP address or any other information related to your identity. There are no cookies or other session information. Anonymized, aggregated data pertaining to the most popular >domains may however be stored in order to improve our products and services.

    ============

    Oh, well, I know since long time that what is called "free" not always is such. 😉

    In fact, such thing as privacy never really existed in this world if we think about it. 🙂 There will always be someone, somewhere, knowing something about you.

  • Even Vivaldi will add in the future a unique id to the browser in order to track what users do while on line, though it should have an option to deactivate it. This info is taken from Vivaldi dev blog.

    https://vivaldi.net/en-US/blogs/teamblog/item/28-snapshot-1-0-167-2-better-keyboard-shortcut-editing-and-user-statistics.
    "We do not collect any usage data."
    "...every 24 hours, your browser, if running, will send via https, the following info:

    • The unique user ID
    • Browser user agent
    • CPU architecture
    • Screen Resolution
    • Accept Language "

    So it's nothing serious.

  • Leo ... thanks for the link. The statement "Note that checking against the database does not delay the opening of webpages."

    is encouraging.

  • 5/20/2016. I just received my first warning that Opera checks for fradulent websites through a third-party. With that, as I attempt to log into Gmail through Opera, as I have done daily for years, I am told that Gmail is a fraudulent website and may obtain passwords and information from me.

    Is this the same thing being discussed in this thread and the previous related thread.

    I enjoy the smooth operation of Opera... but this one has me ready to jump ship and find another browser.

    1. Do they check every website I visit?

    2. Why would Gmail (google) just today show up as a fraudulent site after years of never seeing such a warning?

    Thanks for any input or direction.

  • This is the message on my screen when I go to Gmail:

    Fraud warning

    This site may be hacked or fraudulent. Giving it passwords or personal information could put you at risk for identity theft or financial fraud.

    Opera Software strongly discourages visiting this page.

    Would it be possible for a solution to this problem to be given?

    Thank you

    R

    1. Do they check every website I visit?

    AFAIK, yes, but not all the time. The address is checked against a database.

    1. Why would Gmail (google) just today show up as a fraudulent site after years of never seeing such a warning?

    Because just today it was included in one of the third part databases used by Opera for the pishing and malware protection.

  • Would it be possible for a solution to this problem to be given?

    Yes, click on "why was the page blocked", see who have added the page to the "blacklist" and contact them asking for the page to be removed from that list.

  • Today I started getting the same Fraud Alert for any of the Google sites I try i.e., Calendar, Gmail, etc.

    What is going on?