Can't set custom search engine as default

A Former User @Guest

@jimunderscorep said in Can't set custom search engine as default:

What is RCE?

Remote Code Execution

@jimunderscorep said in Can't set custom search engine as default:

Instead of editing
/usr/lib/x86_64-linux-gnu/opera/resources/default_partner_content.json
and needing root permissions to do so, you can edit
~/.config/opera/default_partner_content.json
with user permissions only. However, opera won't start if you edit it.

oh hmm, THAT might lead to an insecurity, which would explain the reason for restricting it.
thanks for that.
could I possibly change the search paths to remove the ~/.config/ location??

EDIT:
poking around a bit in the files...

** DO NOT EDIT THIS FILE! It will not be used by Opera if edited.

this is actually pretty well thought out, but one thing I'd have to guess on...
the bit at the top of these files seems like it'd be a sort of comparator value like (eg) a CRC hash or such against the file data to test for modification (I'm sure there's more to it than just that).
(I'd thought of stuff like this myself for testing mods in the sources of my program, but ultimately decided against it for the sake of being too open)
^ a better way to manage this would be to store the key/comparator among a collection in an encrypted file with the master key stored either in the binary or derrived from user data such as the master password.

but at least this is better security than Discord offers, which is how stuff like Enhanced Discord even functions.

A Former User

Could I maybe just request an option to enable custom default search engines that's disabled by default and buried in the search engine settings??
Where if you enable it, you're displayed a warning above the option that states doing so is a security risk?

leave it up to the user to decide if they want to be insecure, but protect them by default, that way you can't be held liable, unlike Google.
providing options is always better.

I'm requesting because I myself in particular can deal with the repercussions
I'm smart enough to be notified of a change to particular watched files on my machine and can revert them back if necessary.
of course blocking/removing whatever changed it in the first place.

please provide an option for smart people.

A Former User @leocg

@leocg So why 'starpage.com' is missing in the list of default search engines'?

I'm trying to avoid US based search engines. 'Startpage.com' utilizes Google (officially) and anonymizes the user access (towards Google). They sit in the EU (Netherlands), where strong data protection laws are in place. They are in business since 1998 ("Ixquick"). So what are you waiting for? What is your problem with not adding them to the default list?

https://en.wikipedia.org/wiki/Startpage.com

They do their job damn right and the results are equal to Google.

I'm quite close to drop the use of Opera again, since I always forget to put the shorthand letter prefix for Startpage.com in the URL/search box and that ugly (another US based) DuckDuckGo pops up unexpectedly. Well, or whatever search engine Opera "allows me" to mark as default.

Security driven measurements against rogue default set search engines is a good idea, but please keep up with the available search engine options on the market!

Hopefully you don't have a personal beef with them, your users now have to pay for.

Or is it a Norway vs. Netherlands thing? Hopefully not.

Best Regards

Manuel

leocg

leocg Moderator Volunteer @Guest

@manuel2019 said in Can't set custom search engine as default:

So why 'starpage.com' is missing in the list of default search engines'?

Most probably because it doesn't have an agreement with Opera.

A Former User @leocg

@leocg said in Can't set custom search engine as default:

Most probably because it doesn't have an agreement with Opera.

O.o sounds like all the more reason to have the ability to set custom search engines as default

you can have both ability with security if you just restrict unprivileged users from modifying the config files.
That's easy enough to do on unix and posix, just remove specific configs from user-space (why provide them if you're just gonna block modification).
But that's not so easy to do on Windows since the user is usually admin.

A Former User @leocg

@leocg Well, quite a good point. Formal requirements are often below the radar to me. Since users can do that setup themselves (to a certain degree at least) it's a bit funny to learn, that such a formal agreement is needed, to just serve another option (!) the user can chose from.

Bureaucracy is killing good results sometimes.

leocg

leocg Moderator Volunteer @Guest

@Tcll What it has to do with my answer?

A Former User @leocg

@leocg said in Can't set custom search engine as default:

@Tcll What it has to do with my answer?

because you can't just say
"oh there's a good search engine"
boop
"included"

otherwise you'll have issues with them complaining about it.
"HeY ThAt'S IlLeGaL!1!"
"I'mMa SuE yOu!"
(at least I'm pretty sure they can do that if your IP just up and uses their IP... I'm no expert though)

but if the user is given option to include them in the custom settings, then it's perfectly valid.
allowing them to set their own preferences as defaults (since they can do $ sudo mousepad or the like) really just gives everyone what they want.

the only exception is Windows, which I still support my previous suggestion (allowing them to disable protection) on.

for Linux and OSX/FreeBSD, I guess the option should be optional, but not needed since you can just remove the ~/.config/... search-path and strictly rely on /usr/lib/...

A Former User @leocg

@leocg Maybe it's time to start an agreement with them.

Opera is advertising their web-browser using quite some privacy buzzwords. Consequently 'Startpage.com' should be in the boat as well. All other search engine providers are US based and prone to unlawful access by whatever party, either it is other business entities or governmental overreach.

But maybe Opera is already sitting too close to the US anyways, that train might be gone.

International data transfers
When we do collect personal data, such personal data may be transferred to partners in countries outside of the European Economic Area with a lower level of data protection than that provided for under European law. Whenever we do so, we require that our partners agree to the European Union’s model contracts for the transfer of personal data to third countries (also known as the “standard contractual clauses”) to ensure adequate protection of your personal data. ... https://www.opera.com/de/privacy

All players on the market are telling about their endless efforts (Uh, am I already seeing the sweat in their faces?) protecting your data. Unfortunately they are doing that by just relying on formal agreements. The best way to protect data is not collecting any in the first place. Constant pseudonymised (not anonymized, that's a huge difference) collected telemetry and measurements to make my experience with product XYZ better? F*** ***

No web-browser product on earth is giving back that freedom. It's quite sad. I have to admit, that I was hoping using Opera makes a difference (by design). Well, I got fooled, again.

Sorry for derailing the topic. Switching back to Chromium for now, since the accidental use of an unwanted search engine is quite a show stopper for me.

A Former User @Guest

@manuel2019 go a little easier on us please, I know my country sucks and is full of bad practice, but we still have some good guys over here

also, I trust Opera isn't using my data inappropriately unlike Google and them
(I use a number of machines and have my data synced across them)

but to add to your bit, there's a ton of companies like Apple and Facebook who say "oh we protect your data" and then turn around and sell it for advertising, lying straight to your face.
heck Nimses is a social platform that advertises selling your data for cryptocurrency

A Former User @Guest

@Tcll It's not about you people, not entirely.

It's more about the thinking, that only the US can host valuable internet services. 'Slack' has started in Canada and I liked it, just because of that. Then they moved to San Francisco. That's an example how US focused everything is. And all that despite the Snowden-Revelations, the actual ruling US government, the "America First" attitude along the "we rule the world" mindset.

And we, the casual (international) users, are supporting 'them' by using 'their' tools with no chance to escape, except the final option to reject those technologies as a whole. It's frustrating.

Why they go to the US? Because there's no protection (of the users). It's the country, where people get fucked every day and they think it's normal. Just take the phone call scam schemes as an example. Here in Germany this phenomenon is practically non-existent. Why? Because we have regulations in place ... against the interests of commercial entities. Is that good or bad? It depends who you ask ofc.

If you want to know, where the possibilities rich big data processing goes in the future, check China today. The people are already happy (well, or unhappy) about their social scores Tencent (their Google/Amazon) calculates for them. Sorry, you hadn't enough 'likes' today, you can't take the train... try again tomorrow.

Congratulations!

Am I somewhat pessimistic? Yes, I think so.

A Former User @Guest

@manuel2019 well said, and fully agreed, even I'm tired of the ignorant, social-media addicted society we live in today, even my own brother disappoints me... u.u

And yes while the EU has data regulation laws, it's a double-edged blade unfortunately...
just look at the bias youtube is going through these days.
Why can't we just have a world with sane people without all this corporate greed and corruption.

here's something that might be a bit of a shocker
I'm kept low and poor by the government, I can't get a job due to technicalities with my SSI or I get cut off entirely...
I just hate money and capitalism (good capitalism always turns bad) and can't wait till we have a society that's self-sustaining without money and control.
maybe then we'll start seeing stuff that actually respects people

anyways I think this has gone off topic long enough

all I'm asking for here is for Opera to allow methods for setting custom search engines as default across all platforms.
(malware threat aside, users SHOULD be given the option)

A Former User @Guest

@Tcll Most other browsers allow it and i would like to have it but i can see the point from a security standpoint but if all the other browsers are not doing it and opera is not a big target for malware writers???

A Former User @Guest

@omendata actually it rather is, especially for the fact it's based on chromium
so just hit chromium and you'll hit Opera
(since Electron is the new ActiveX, this shouldn't be surprising)

however, this point of target (the thread topic) I highly doubt is any sort of concern, especially on Linux
compared to something like RATting a user with Opera on any OS

A Former User @Guest

@Tcll No idea what you are saying can you maybe use English?

It is not off topic its exactly what the topic is about.
All other browsers allow using custom search default as does Chrome so no opera is not chrome!

A Former User @Guest

@omendata the first section was in response to your:

opera is not a big target for malware writers???

that's where I had to redirect myself

All other browsers allow using custom search default as does Chrome so no opera is not chrome!

just because 1 small feature of Chromium is not allowed in Opera doesn't mean Opera is not Chromium

Opera is the ONLY secure version of Chromium, because as you can tell, the devs put in the extra effort to disable things that would otherwise be insecure in other browsers

on the topic of this thread however
Opera could simply encrypt the settings file with a non-exposed key and allow users to set custom search engines as default.
(Opera could simply decrypt the settings and re-encrypt them when updated)
doesn't take a genius to figure that out

... what, suggesting a basic security feature doesn't make me a genius.

what does make me a genius however is knowing not to use a backdoored encryption standard.
thanks to my stupid government backdooring secure encryption standards, we have to be aware of this now and find new actually secure standards
(it's a binary outcome, knowledgeable hackers can either enter that backdoor, or there's no backdoor for them to enter)

sgunhouse

sgunhouse Moderator Volunteer

His argument is that malware targeting Chromium (which is the most common browser today) will mostly target Opera as well. If Opera didn't prevent external software from changing the search engine then any adware that would change your search in Chromium would also change it in Opera

A Former User

What the.. I'm using DuckDuckGo as default and Opera is passing my search queries as GET requests in the address bar. This is not privacy! So I install my usual DuckDuckGo POST chrome extension but turns out it doesn't work in Opera (Though it will install). So I investigate why.

I go to my search settings and wow! Awesome! Opera has added custom search engine feature with POST request! Except you can't set custom search engine as default so guess what? I will never get to actually use it! What to do? Well, DuckDuckGo POST sets keyword as duckduckgo.com_. I could set that but no use if I can't set as default.

This is epic fail Opera. You pass my search queries by GET request straight to my ISP. No search privacy in this browser.

leocg

leocg Moderator Volunteer @Guest

@xendi

Stay on topic. Don't hijack other people's threads.

https://forums.opera.com/rules

A Former User @leocg

@leocg Opera really should reconsider this. At least let people enable it in opera://flags/ if security is the issue. This is really annoying because there are multiple problems with locking the default engines.

I can't even edit/remove the keyword. For example I can't use "y something" to make a youtube search because y is locked to yahoo.
I can't disable default search engines. So if I search for example "y u no meme", again, it will take me to yahoo.
I can't set the URL. Even though I use duckduckgo as default, it's still a problem because I can't set URL parameters like ?kae=d to use dark theme in incognito mode (making the feature useless).
And, like others said, they can't use startpage or other engines. What if I want to use Google, but the japanese version or whatever? Where's my freedom? I though I had the right to make my own choices...?

All of this would be solved if they would just let users freely choose their defaults, like every other browser does. Sure, if Opera has a deal with those companies to list them as default, that's fine, but don't make it IMPOSSIBLE to change it.

It doesn't matter if it's cumbersome and non-intuitive, and if I have to use admin/root, edit some obscure file, change the registry, konami cheat code or whatever, at least let people have SOME WAY to do it.

Enabling a flag would be a good solution, since the page already warns you that changes might compromise your security anyways.