Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Can't set custom search engine as default

  • @jimunderscorep said in Can't set custom search engine as default:

    What is RCE?

    Remote Code Execution

    @jimunderscorep said in Can't set custom search engine as default:

    Instead of editing
    /usr/lib/x86_64-linux-gnu/opera/resources/default_partner_content.json
    and needing root permissions to do so, you can edit
    ~/.config/opera/default_partner_content.json
    with user permissions only. However, opera won't start if you edit it.

    oh hmm, THAT might lead to an insecurity, which would explain the reason for restricting it.
    thanks for that.
    could I possibly change the search paths to remove the ~/.config/ location??

    EDIT:
    poking around a bit in the files...

    ** DO NOT EDIT THIS FILE! It will not be used by Opera if edited.
    

    this is actually pretty well thought out, but one thing I'd have to guess on...
    the bit at the top of these files seems like it'd be a sort of comparator value like (eg) a CRC hash or such against the file data to test for modification (I'm sure there's more to it than just that).
    (I'd thought of stuff like this myself for testing mods in the sources of my program, but ultimately decided against it for the sake of being too open)
    ^ a better way to manage this would be to store the key/comparator among a collection in an encrypted file with the master key stored either in the binary or derrived from user data such as the master password.

    but at least this is better security than Discord offers, which is how stuff like Enhanced Discord even functions. πŸ˜›

  • Could I maybe just request an option to enable custom default search engines that's disabled by default and buried in the search engine settings??
    Where if you enable it, you're displayed a warning above the option that states doing so is a security risk?

    leave it up to the user to decide if they want to be insecure, but protect them by default, that way you can't be held liable, unlike Google.
    providing options is always better.

    I'm requesting because I myself in particular can deal with the repercussions
    I'm smart enough to be notified of a change to particular watched files on my machine and can revert them back if necessary.
    of course blocking/removing whatever changed it in the first place.

    please provide an option for smart people.

  • @leocg So why 'starpage.com' is missing in the list of default search engines'?

    I'm trying to avoid US based search engines. 'Startpage.com' utilizes Google (officially) and anonymizes the user access (towards Google). They sit in the EU (Netherlands), where strong data protection laws are in place. They are in business since 1998 ("Ixquick"). So what are you waiting for? What is your problem with not adding them to the default list?

    https://en.wikipedia.org/wiki/Startpage.com

    They do their job damn right and the results are equal to Google.

    I'm quite close to drop the use of Opera again, since I always forget to put the shorthand letter prefix for Startpage.com in the URL/search box and that ugly (another US based) DuckDuckGo pops up unexpectedly. Well, or whatever search engine Opera "allows me" to mark as default.

    Security driven measurements against rogue default set search engines is a good idea, but please keep up with the available search engine options on the market!

    Hopefully you don't have a personal beef with them, your users now have to pay for.

    Or is it a Norway vs. Netherlands thing? Hopefully not. πŸ˜‰

    Best Regards

    Manuel

  • @manuel2019 said in Can't set custom search engine as default:

    So why 'starpage.com' is missing in the list of default search engines'?

    Most probably because it doesn't have an agreement with Opera.

  • @leocg said in Can't set custom search engine as default:

    Most probably because it doesn't have an agreement with Opera.

    O.o sounds like all the more reason to have the ability to set custom search engines as default

    you can have both ability with security if you just restrict unprivileged users from modifying the config files.
    That's easy enough to do on unix and posix, just remove specific configs from user-space (why provide them if you're just gonna block modification).
    But that's not so easy to do on Windows since the user is usually admin.

  • @leocg Well, quite a good point. Formal requirements are often below the radar to me. Since users can do that setup themselves (to a certain degree at least) it's a bit funny to learn, that such a formal agreement is needed, to just serve another option (!) the user can chose from.

    Bureaucracy is killing good results sometimes.

  • @Tcll What it has to do with my answer?

  • @leocg said in Can't set custom search engine as default:

    @Tcll What it has to do with my answer?

    because you can't just say
    "oh there's a good search engine"
    boop
    "included"

    otherwise you'll have issues with them complaining about it.
    "HeY ThAt'S IlLeGaL!1!"
    "I'mMa SuE yOu!"
    (at least I'm pretty sure they can do that if your IP just up and uses their IP... I'm no expert though)

    but if the user is given option to include them in the custom settings, then it's perfectly valid.
    allowing them to set their own preferences as defaults (since they can do $ sudo mousepad or the like) really just gives everyone what they want.

    the only exception is Windows, which I still support my previous suggestion (allowing them to disable protection) on.

    for Linux and OSX/FreeBSD, I guess the option should be optional, but not needed since you can just remove the ~/.config/... search-path and strictly rely on /usr/lib/...

  • @leocg Maybe it's time to start an agreement with them. πŸ˜‰

    Opera is advertising their web-browser using quite some privacy buzzwords. Consequently 'Startpage.com' should be in the boat as well. All other search engine providers are US based and prone to unlawful access by whatever party, either it is other business entities or governmental overreach.

    But maybe Opera is already sitting too close to the US anyways, that train might be gone.

    International data transfers
    When we do collect personal data, such personal data may be transferred to partners in countries outside of the European Economic Area with a lower level of data protection than that provided for under European law. Whenever we do so, we require that our partners agree to the European Union’s model contracts for the transfer of personal data to third countries (also known as the β€œstandard contractual clauses”) to ensure adequate protection of your personal data.
    ... https://www.opera.com/de/privacy

    All players on the market are telling about their endless efforts (Uh, am I already seeing the sweat in their faces?) protecting your data. Unfortunately they are doing that by just relying on formal agreements. The best way to protect data is not collecting any in the first place. Constant pseudonymised (not anonymized, that's a huge difference) collected telemetry and measurements to make my experience with product XYZ better? F*** ***

    No web-browser product on earth is giving back that freedom. It's quite sad. I have to admit, that I was hoping using Opera makes a difference (by design). Well, I got fooled, again. πŸ˜‰

    Sorry for derailing the topic. Switching back to Chromium for now, since the accidental use of an unwanted search engine is quite a show stopper for me.

  • @manuel2019 go a little easier on us please, I know my country sucks and is full of bad practice, but we still have some good guys over here πŸ™‚

    also, I trust Opera isn't using my data inappropriately unlike Google and them
    (I use a number of machines and have my data synced across them)

    but to add to your bit, there's a ton of companies like Apple and Facebook who say "oh we protect your data" and then turn around and sell it for advertising, lying straight to your face.
    heck Nimses is a social platform that advertises selling your data for cryptocurrency 😣

  • @Tcll It's not about you people, not entirely. πŸ˜‰

    It's more about the thinking, that only the US can host valuable internet services. 'Slack' has started in Canada and I liked it, just because of that. Then they moved to San Francisco. That's an example how US focused everything is. And all that despite the Snowden-Revelations, the actual ruling US government, the "America First" attitude along the "we rule the world" mindset.

    And we, the casual (international) users, are supporting 'them' by using 'their' tools with no chance to escape, except the final option to reject those technologies as a whole. It's frustrating.

    Why they go to the US? Because there's no protection (of the users). It's the country, where people get fucked every day and they think it's normal. Just take the phone call scam schemes as an example. Here in Germany this phenomenon is practically non-existent. Why? Because we have regulations in place ... against the interests of commercial entities. Is that good or bad? It depends who you ask ofc.

    If you want to know, where the possibilities rich big data processing goes in the future, check China today. The people are already happy (well, or unhappy) about their social scores Tencent (their Google/Amazon) calculates for them. Sorry, you hadn't enough 'likes' today, you can't take the train... try again tomorrow.

    Congratulations!

    Am I somewhat pessimistic? Yes, I think so. πŸ˜‰

  • @manuel2019 well said, and fully agreed, even I'm tired of the ignorant, social-media addicted society we live in today, even my own brother disappoints me... u.u

    And yes while the EU has data regulation laws, it's a double-edged blade unfortunately...
    just look at the bias youtube is going through these days.
    Why can't we just have a world with sane people without all this corporate greed and corruption.

    here's something that might be a bit of a shocker
    I'm kept low and poor by the government, I can't get a job due to technicalities with my SSI or I get cut off entirely...
    I just hate money and capitalism (good capitalism always turns bad) and can't wait till we have a society that's self-sustaining without money and control.
    maybe then we'll start seeing stuff that actually respects people

    anyways I think this has gone off topic long enough

    all I'm asking for here is for Opera to allow methods for setting custom search engines as default across all platforms.
    (malware threat aside, users SHOULD be given the option)

  • @Tcll Most other browsers allow it and i would like to have it but i can see the point from a security standpoint but if all the other browsers are not doing it and opera is not a big target for malware writers???

  • @omendata actually it rather is, especially for the fact it's based on chromium
    so just hit chromium and you'll hit Opera
    (since Electron is the new ActiveX, this shouldn't be surprising)

    however, this point of target (the thread topic) I highly doubt is any sort of concern, especially on Linux
    compared to something like RATting a user with Opera on any OS

  • @Tcll No idea what you are saying can you maybe use English?

    It is not off topic its exactly what the topic is about.
    All other browsers allow using custom search default as does Chrome so no opera is not chrome!

  • @omendata the first section was in response to your:

    opera is not a big target for malware writers???

    that's where I had to redirect myself πŸ˜‰

    All other browsers allow using custom search default as does Chrome so no opera is not chrome!

    just because 1 small feature of Chromium is not allowed in Opera doesn't mean Opera is not Chromium

    Opera is the ONLY secure version of Chromium, because as you can tell, the devs put in the extra effort to disable things that would otherwise be insecure in other browsers

    on the topic of this thread however
    Opera could simply encrypt the settings file with a non-exposed key and allow users to set custom search engines as default.
    (Opera could simply decrypt the settings and re-encrypt them when updated)
    doesn't take a genius to figure that out πŸ˜‰

    ... what, suggesting a basic security feature doesn't make me a genius.

    what does make me a genius however is knowing not to use a backdoored encryption standard.
    thanks to my stupid government backdooring secure encryption standards, we have to be aware of this now and find new actually secure standards
    (it's a binary outcome, knowledgeable hackers can either enter that backdoor, or there's no backdoor for them to enter)

  • His argument is that malware targeting Chromium (which is the most common browser today) will mostly target Opera as well. If Opera didn't prevent external software from changing the search engine then any adware that would change your search in Chromium would also change it in Opera

  • What the.. I'm using DuckDuckGo as default and Opera is passing my search queries as GET requests in the address bar. This is not privacy! So I install my usual DuckDuckGo POST chrome extension but turns out it doesn't work in Opera (Though it will install). So I investigate why.

    I go to my search settings and wow! Awesome! Opera has added custom search engine feature with POST request! Except you can't set custom search engine as default so guess what? I will never get to actually use it! What to do? Well, DuckDuckGo POST sets keyword as duckduckgo.com_. I could set that but no use if I can't set as default.

    This is epic fail Opera. You pass my search queries by GET request straight to my ISP. No search privacy in this browser.

  • @xendi

    Stay on topic. Don't hijack other people's threads.

    https://forums.opera.com/rules

Log in to reply