Fraud Check of site in Opera 22

lem729

lem729 last edited by

For its desktop Opera (and also, Coast for Ipad and Ipod), Opera does a fraud check on every site a user visits. Data from the user's computer goes to Opera (presumably the intent is to protect the user), but this is private data. Opera needs to give the user an option, whether to agree to the collection of this data or not. However, no choice is given the user. This policy needs to be changed to give the user a choice.

In that regard, Internet Explorer 11 has a Safety feature (under safety tab), "turn on tracking protection." So the user is given a choice on whether to turn on the tracking protection or not. With desktop Chrome (vers. 35), you can "Enable Phishing and Malware Protection," but you don't have to. You can say no, and then the private data on sites the user is visiting is not collected. In desktop Firefox (vers. 29), one can chose to permit Mozilla to "block reported attack sites," or not. One can chose to have Firefox warn them when sites seek to install add-ons, or not be warned. I believe Internet Explorer, Chrome, and Firefox have the issue right. Opera does not.

There's a balance here between protecting the user and violating his privacy. It's admirable to attempt to protect the user, but many feel so strongly about their privacy rights that they'd rather not have protection when it comes at the cost of personal privacy. Opera (both for it's desktop browser, and its mobile browsers) should not be acting "in loco parentis" with regard to an essentially adult community. People are capable of making an informed decision here. And Opera ought to respect that choice.

lem729

lem729 last edited by admin

Here's a thread that discusses the issue. https://forums.opera.com/topic/3261/security-concern-opera-fraud-check-requests/30

stealth789

stealth789 last edited by

First thank you lem729 for posting it here.

I also think, that any feature of this kind, that can compromise users security should be optional. Other browsers respect our privacy(in this case), and I think Opera should also. Because now, users doesn't even know about such requests. They cannot control it. And I feel we're forced to use this feature. This is some kind of feature, that should be dealt with properly. With strict approval of user, that his privacy may be compromised. So I'd be glad to see if no such forced setting or feature will be implemented without option to disable it in future releases. I think this symbiosis of Opera and users should be honest in first place.
In this case, there's no space to apologize this actions that it's for best interest of users. In design, and specification like it's now, it's not.

So please:

• make it optional
• this check can be offline / use better concept to take user privacy in consideration
• use secure (HTTPS) request, and sure anonymize it, disable ability of ITS, or someone in network infrastructure to track and pair our actions

Also this current request are from my tests non secure. Basically it look like the request is secure (HTTPS) ONLY, if main request is also https. Let's say I'm visiting site "http://www.abc.com", then also check against opera is non-secure "http://sitecheck2.opera.com". But when I'm navigating to secure site "https://www.def.com", the check is also secure "https://sitecheck2.opera.com".

Thank you for considering this feature.

ithangover

ithangover last edited by

+1 for implementing this as an optional feature, with the caveat that even when enabled the connection to sitecheck2.opera.com should be done over SSL.

I have been evaluating Opera as a potential replacement for my current browser, but while sniffing packets I was shocked to discover that all of my websites visits were being sent to Opera and many of them in the clear.

I think this is a very useful feature for those that choose to leave it enabled, but it should be a choice. It's might even be best to have it enabled by default. I think a "Learn more" link should also be required, which explains exactly when data is being collected, what it's being used for, who is collecting it, and how long the it is stored.

Thanks.

eldani

eldani last edited by

+1

This is a must. The worrying thing is, that I didn't even know about this feature in Opera 15+, since it wasn't mentioned anywhere during or after the installation of the application. While additional functions directly included in the application are always appreciated - and that's what drew me to the Opera browser many years ago in the first place - there must always be an option to disable them. The Opera help ( http://www.opera.com/help/tutorials/security/fraud/ ) states "By default, Opera Fraud and Malware Protection is enabled", which suggests that a way to disable it should exist; but there's no description for that, of course.

Each and every time the browser connects to a third party server, the user should be hit with a privacy warning he can then click away and ignore in the future. Many people don't care about their privacy and I have no issue with that, but others would like to know what the application they're working with is actually doing under the hood and others may even require it.

The information about this fraud protection appears very well hidden from most Opera users and one cannot even disable this feature without affecting the general network traffic by use of a firewall or a DNS override (ie. entry in the hosts file) for example.

berng

berng last edited by

+1
I agree for many of the same reasons as given above.

donq

donq last edited by

+1

And into hosts file it went, thanks for informing about this fraud. I hope Opera team makes such sitecheck optional.

tim71

tim71 last edited by

It is quite old thread here, but nevertheless the topic is still on spot. I actually found this thing out by surprise, when spotted sitecheck2.opera.com on wireshark capture "flood" while troubleshooting my home network.

It has been a (popular) habit to accuse Google of "spying" on us with their browser, but now we have here something built on same code base, but even more locked up - without ANY options to switch features like this off.

It might be "bought" by big public, that this is done for a sake of our safety and security, but this kind of total lockdown (which even Google itself does not implement) can only be perceived as a guarantee for solid source of data, which is quite probably used for some business purpose. If Google collects my browsing data, it can provide me with better search results and "get smarter" for my use, but it's hard to see, what additional value can be for me in return for this "data mining".

Things being this way there might be only one valid solution - to stop being this "data source" and ditch the browser. Have been Opera user for 15 years and seen many things to happen, but this one "takes the cake"...