Search Engine Default

stealth789

stealth789 last edited by

@stealth789 I think you are right. Some members here are fearful of encountering trolls and in the heat of a premature self-defense are bashing people like you who don't deserve it.

I didn't feel it like bashing. Just I didn't get proper reasons why this option is restricted. And feel no will to find a way to change it.

Your point about the search engines using secure connection (HTTPS) is kinda out of the context of the original issue (the lack of ability to set custom search engine as default, a different thing altogether), but it's a valid different security issue nevertheless...

It was used in concept and as result of conversation. Someone tells me statement that I can't change my default search engine, due to security reasons. So sure, as this option to me is essential, and also issue to be free to choose what I like, I started to analyze it. And when one of first things I see is that even links don't use HTTPS. Then I started to think what this security means, and really doubt it. As even simple security settings are not met.

The Opera devs already acknowledged both issues discussed here, but I imagine something is preventing them from fixing the URLs to use HTTPS, etc.

Sure, but as I said, it's not main problem. It's just example.

Why Opera can't add StartPage, Ixquick,... to default search engines, when it's safe, probably much safer than engines they provide, and many are asking for it? When it's not big deal to expand one configuration file?
The default search engines preloaded in browsers like Opera and Firefox are sponsored. All these options (Google, Bing, Amazon, etc - except Wikipedia I guess) pay these browser vendors so they're included. I suspect it wouldn't be fair or interesting to those companies if Opera added their competition for free...
These contracts, plus the built-in Speed Dial entries partnerships, are the main revenue streams of the desktop browser and they're what makes the browser free for us.

Also adding engines by Opera was result of conversation. It was stated, that due to security, it's not allowed to used to change engine. Or even that it's to expensive. So it's logical to ask to add it by Opera (safe), or even create rules for them. It's just argument how this could be made, when there are arguments, that it's about security.

Sure I know about this model of partners. Even file name "default_partner_content" can tell you something ;). And sure Opera is free to set any engine here. But still it's not changing fact, that if I want from my reasons to change it, I simply can. Even Firefox that's getting huge money can change this. Money are factor, but cannot by used in this case as reason to build walls.

About the lack of ability to set custom search engines as default:
"The option was removed after we got targeted by malicious third-party "applications". It will return when we can protect against alterations by other apps and not the users themselves." - Daniel Aleksandersen, Opera employee.

If statement is "We will add it", and security is only reason, sure it's acceptable, and we need to wait. But from my point it's kind of we need to option. Not some kind of low priority issue, to be able to excuse forever by security only.

Also when I see this location problems, and see how hard it's for simple user to use correct engine. It's just madness for this kind of essential option.

stealth789

stealth789 last edited by

@rafaelluik
It's not at all bashing people for a different view. I find that characterization extremely offensive. At this point, after that comment, my feeling is, let people say what they want about Opera 22. I don't give a damn.

Basically I can say whatever I want. Here or somewhere else, so what's the point? You can simply disprove my arguments or statement.

Those of us who responded to this thread -- and you could have earlier, but didn't -- tried very hard to engage the poster in an honest discussion. But at some point, when it drones on and on forever, it becomes destructive. When you described at the end of the post the issue malicious third party applications made adding additional default engines a problem, that's exactly what we said. And in a manner that was courteous. And we tried to be clear. The poster was getting lost on "personal freedom and liberty.". The issues he raised -- while they were not coherent in my view -- took time to deal with. I mean, who has the patience and time to follow all the dismissals by the poster of answers provided, and all of the convolutions of what was presented?

You said also many other related reasons to why, and some of them just looks like not reasons, or not good one. And sure I want be able to select engine I want freely.
And some of arguments has flaws, or was not correct, so it's not point to finish. Sure there should be maybe someone else included in conversation.

At some point -- in my humble opinion -- this thread should have been closed by the moderator as being repetitive and going nowhere. Instead, you suggest, people are bashing the poor poster. I mean, you can play both sides of the fence only so far. And this is a bit too much!

I don't think so. But as I stated, this was not about bashing. At least I didn't see it this way. Just some of the arguments in current situation was looking rather like excuse than real reason why.

stealth789

stealth789 last edited by admin

Oh, come Rafaelluik, I did not misread your post, and you can do better than you just did feigning innocence. You said to the original poster: "I think you are right," they were just being defensive, "fearful of encountering trolls," "bashing people like you who don't deserve it." Now there's no ambiguity there. Suddenly, we're the ones "bashing people." That was -- for me -- a really offensive reading of that thread. Quite frankly, I can't believe you read it at all, other than maybe a quick look at the end, when, I know for sure, we were all fed up. At one point, here was Blackbird71's summary of what was taking place with original poster, and the endless arguing of his:
"On the contrary, I've come to the conclusion you simply want to argue. To reprise: you made a complaint about the way Opera has dealt with default search engines, and made a suggestion here and elsewhere about what they should do to improve things. I responded with an explanation of what Opera has said regarding why they did what they did, indicated that indeed there is a security issue regarding browser hijacking, along with making some further comments about possible design complexities, workloads, prioritization, etc. that may have a bearing on implementing your suggestion. You then have dragged in all sorts of security-related things you don't agree with Opera about, and ultimately argued that any counter-discussion here supports Opera's infringing on your "freedom". The sum of it is that you've found something in Opera you don't like, made a suggestion, and now want to argue endlessly by invoking all manner of irrelevant things that only serve to keep your argument alive. Enough. I'm out of here... have a nice evening."

This is also method, how to "end" debate without answering.

I kept saying to myself where was a moderator? as the two threads (the poster opened threads in two parts of the Opera forum simultaneously) dragged on and on and on (because Blackbird71's summary came after a period of rapid-fire, convoluted seemingly endless argumentation by the poster -- where suddenly having to type one letter in front of search query (to deal with a concern about search engine hijacking) was equated to an issue of taking away someone's "liberty" and/or "forced control . . ." You know, people have given the lives to defend real issues of "liberty" and "forced control." And a piece of the context is that the moderators had already just closed a post on the exact same topic a week before that had run for almost a month and 1/2. So I wondered, how can they let these new repeat threads go on endlessly. In that regard, the same issue -- wanting more default search engines -- was closed by the moderators on June 10. https://forums.opera.com/topic/2352/i-want-to-add-my-own-default-sarch-engines/39

I didn't opened two threads (but I'm not sure to whom you refer as poster, as I'm not original poster of this thread). Bud sure in time there was problem to use only one, as debate was going in two places. And also you write in both of them ;).
Rapid fire? Sure maybe you're just used to posters, that won't doubt your reasoning. Your flawed argumentation was also endless, and without correct answers.
And liberty is other issue than writing one letter. Sorry but you're messing this two things to one, which is not correct, and misleading.

Now the thread that was closed had taken a lot of time to deal with, and suddenly, a week or so after it was closed, the phoenix rises from the ashes (and in two parallel threads), one has to repeat the same discussion again, with the argumentation by the poster, in one thread, then willy nilly in the other, essentially endless, raising issues, which even you acknowledged were: "kinda out of the context of the original issue (the lack of ability to set custom search engine as default, a different thing altogether)..." Well, "something kinda of out of context . . . a different thing altogether" can be discussed in a place other than a discussion of a the need for Opera to permit more default search engines. Raising one security issue, doesn't mean the whole can of worms of security issues can or should be opened up for discussion, and is fair game. Because there's no end to that.

Maybe you missed one thing. You think that you can "answer" this correctly by closing threads. No you can't. Don't you ever think that there are still need proper answers/things to be done? I mean things that people ask, and to their point. Because as you can see, answers that people are getting now, are not answering. I don't mean answers by you specifically.

stealth789

stealth789 last edited by

...
The default search engines preloaded in browsers like Opera and Firefox are sponsored. All these options (Google, Bing, Amazon, etc - except Wikipedia I guess) pay these browser vendors so they're included. I suspect it wouldn't be fair or interesting to those companies if Opera added their competition for free...These contracts, plus the built-in Speed Dial entries partnerships, are the main revenue streams of the desktop browser and they're what makes the browser free for us.
About the lack of ability to set custom search engines as default:
"The option was removed after we got targeted by malicious third-party "applications". It will return when we can protect against alterations by other apps and not the users themselves." - Daniel Aleksandersen, Opera employee.

I think this is where the "ouchy" point of the issue really rests. When a security change is implemented that reduces user control and it coincides with an income-center for a company, there will be suspicion raised about whether the reason was truly "security". Over time, and in the minds of some users, that suspicion will eventually rise to almost paranoia levels. I take Opera at its word on this, which is that the default search engine limitation was introduced as a security measure; not everyone will.

Still simplifying and misleading to one aspect of many you just chose. There shouldn't be debate about this issue in first place. It should be enabled. So rather to accept this fact you'll throw rocks to any other bad users, paranoid users, ... whatever. And you know, when security is issue to restrict, there's need to show that Opera want to make things right. Not excusing it all the way with one sided look, and blame everyone else, but you. Sure close thread. This will solve it?!

stealth789

stealth789 last edited by admin

a piece of the context is that the moderators had already just closed a post on the exact same topic a week before that had run for almost a month and 1/2. So I wondered, how can they let these new repeat threads go on endlessly. In that regard, the same issue -- wanting more default search engines -- was closed by the moderators on June 10. https://forums.opera.com/topic/2352/i-want-to-add-my-own-default-sarch-engines/39
Now the thread that was closed had taken a lot of time to deal with, and suddenly, a week or so after it was closed, the phoenix rises from the ashes
The "lack of HTTPS" argument wasn't discussed back then, stealth789 posted it but no one replied directly to it.
These "custom as default search engine" threads will simply keep reviving from the ashes until Opera Software gets their act together. It's something people want to have control and it's their right IMO (the workarounds are acceptable only to some extent). And Opera can give them the option! I already suggested for example (DNA-20050) that they encrypt the custom search engine storage and options file with user OS (like they do for passwords already) or with a master password. Other solutions could be found, the devs just have to be given permission (by their management) and time to work on it.

The debate is not about how, just about allowing it. And no one will convince me there's no any way to make it happen. It's about if you want to. Not how to.

stealth789

stealth789 last edited by admin

I use the extension HTTPS everywhere.
https://addons.opera.com/en/extensions/details/https-everywhere/
I believe Stealth said he does also. It seems like that's a reasonable workaround addition.
Now we have a suggestion thread for adding more default search engines.
https://forums.opera.com/topic/3431/option-to-edit-default-search-engines/39
I think it's confusing to add that HTTPs issue to that thread (as the https issue is totally buried in the discussion -- either here or there, I'm confused where it came up), but, perhaps, we ought to work to having a separate suggestion thread identifying https as an issue in connection with search engines, and identifying what exactly the user wants from Opera. Https and search engines could be in the title of the proposed new thread (or something like that), if we think it's a useful addition. I'm still not clear on it yet. Is it that the extension https everywhere isn't sufficient? If so, how not? Let's add to the discussion here, identify why the extension "Https Everywhere" isn't enough (if it isn't), and what it is that would be helpful from Opera.
And then maybe someone could create a new suggestion thread highlighting that https issue in connection with default search engines. The https issue, perhaps, shouldn't be buried in the suggestion thread that's currently active, if it's that important. And this is a good place for us to focus on whether it is, and why it is. I mean I see Https Everywhere (as an extension), and "Disconnect Search" and I'm thinking what more is needed from Opera. Isn't there good functionality in protecting ourselves via extension?

Yes I also use HTTPS everywhere. But as you mentioned this is just what came up after some observation of security related issues here.

But I think you can't state to user to use extension (not from Opera) as the way to secure themself rather then be secured by Opera itself. Also when opera is stating that is restricting option due to security, and then you tell them they need to find other ways in extensions. Because this would only indicate that Opera don't want to be responsible, or don't want to allow, or is not able to make it. So choose.

A Former User

A Former User last edited by

The debate is not about how, just about allowing it. And no one will convince me there's no any way to make it happen. It's about if you want to. Not how to.

Even Firefox that's getting huge money can change this. Money are factor, but cannot by used in this case as reason to build walls.
Money is not being used as a factor, I was explaining to you why they can't include each and every engine that exists as choices, I was not explaining why they won't allow you to choose to set a custom search engine as default.

And yes you can set a custom search engine as default in Firefox, but since Mozilla didn't implement any security then the option can be abused by third-parties. Ask, Babylon and much worse malware can hijack this config easily. So yes the discussion in the context of security is about how to implement it, not a raw discussion on allowing/forbidding without considering the consequences.

blackbird71

blackbird71 last edited by

...
It's about freedom, when even this default list cannot be expanded. Because then there's no argument about security. And then there are totaly different reasons for this. And it has nothing to do with security. It's just excuse to use forced list.
...
It's just deceiving. Correct question is, why then they didn't add StartPage. Ixquick,... to default serach engines, when it's safe, better much safer than engines they provide, and many are asking for it? It's lot of work? It's safer?

@stealth: One last time, I'll venture in here. There are many areas and details related to security in a browser, as we all know. Some of them are more difficult or costly to deal with than others, some involve limitations in external security protocols, some are dependent on proper implementation/behavior by websites, and so on.

In January 2013, with version 12.15, Opera altered its browser behavior to prevent anyone or any thing from readily altering its list of default search engines, stating that this was done in response to browser-hijacking security threats against its browser that it deemed signficant. That default engine behavior was continued in all of the Blink Opera versions thereafter, thus far. One either accepts Opera's statements at face value of why they "locked" the default list or one must accuse them of lying or deception. My own knowledge of security issues leads me to believe their explanation is legitimate, and I've attempted in my posts to explain that.

Neither you nor I have the accurate details of the economics, shortcomings, reliability, prioritization or relative merits of how Opera might or might not implement this or that method of restoring user customization of the default search engine list. Opera does. For me, it is sufficient that Opera has said they have not rejected the idea of user customization in principle, but that a reliable, appropriate solution has not yet come to be, in their judgment. Apparently, you do not accept that statement. OK, we agree that there's a disagreement, but what is the point of further discussing that? As with their statements about why the default list was 'locked', they have already expressed their viewpoints. They will deal with the default list issue further if and when they deem it appropriate; in the meantime, that particular security threat is blocked in their estimation, and the present negative user consequences are simply user 'inconvenience' since alternative search engines not on the default list can still easily be used, if a user so desires. The original problem that existed involved a potential hijacking of the search engine that maliciously locked it to an ersatz default engine that the user could not readily remove or restore from, even by restarting the browser.

All the other issues raised here (other security details, relative risks of various search engines, tradeoffs/merits of various ways of adjusting defaults, user "freedom", who gets paid for what via list placements, etc, etc) have no bearing on the default search-engine list problem and Opera's explanations, plain and simple. They are extraneous. Opera has done what it has for the reasons it's given; Opera will do what (if anything) further it needs to when it's ready; in the meantime, the browser is what it is. Either one accepts Opera's explanations or one must call them liars.

stealth789

stealth789 last edited by

The debate is not about how, just about allowing it. And no one will convince me there's no any way to make it happen. It's about if you want to. Not how to.

Even Firefox that's getting huge money can change this. Money are factor, but cannot by used in this case as reason to build walls.
Money is not being used as a factor, I was explaining to you why they can't include each and every engine that exists as choices, I was not explaining why they won't allow you to choose to set a custom search engine as default.

Sure I got this. And also as I stated this suggestion was showed as an alternative, to some of reasons why not.

And yes you can set a custom search engine as default in Firefox, but since Mozilla didn't implement any security then the option can be abused by third-parties. Ask, Babylon and much worse malware can hijack this config easily. So yes the discussion in the context of security is about how to implement it, not a raw discussion on allowing/forbidding without considering the consequences.

Sure if it's about how, then it's kind of OK. But also there's need to understand, that Browser is not security software, to protect machine's file system. For this there's antivirus, hips, ...

Because Opera is now protecting one file with default engines against local changes, like it's biggest problem. But at same time not protecting file Web Data. Basically user can change password or any private data securely, but can't default search engine? What's the difference? Also in Chromium default engines are just in this file with custom one. Opera decided to move it away, to separate place. So then what should I think? That Opera cares more about default search engines, than user private data? So sure it's really questionable what kind of security Opera means. Or what they want to be secure.

Deleted User

Deleted User last edited by

The discussion is gone nowhere, we are just repeating everything again. Let's wait for the new versions. Linux's users had waited a year to Have Opera for Linux. So we can wait as well.

stealth789

stealth789 last edited by

...
It's about freedom, when even this default list cannot be expanded. Because then there's no argument about security. And then there are totaly different reasons for this. And it has nothing to do with security. It's just excuse to use forced list.
...
It's just deceiving. Correct question is, why then they didn't add StartPage. Ixquick,... to default serach engines, when it's safe, better much safer than engines they provide, and many are asking for it? It's lot of work? It's safer?

@stealth: One last time, I'll venture in here. There are many areas and details related to security in a browser, as we all know. Some of them are more difficult or costly to deal with than others, some involve limitations in external security protocols, some are dependent on proper implementation/behavior by websites, and so on.
In January 2013, with version 12.15, Opera altered its browser behavior to prevent anyone or any thing from readily altering its list of default search engines, stating that this was done in response to browser-hijacking security threats against its browser that it deemed signficant. That default engine behavior was continued in all of the Blink Opera versions thereafter, thus far. One either accepts Opera's statements at face value of why they "locked" the default list or one must accuse them of lying or deception. My own knowledge of security issues leads me to believe their explanation is legitimate, and I've attempted in my posts to explain that.

To be accurate, I tested x86 releases of Opera Presto. Basically there's no problem at all to change default search engine. It's located in one ini file "search.ini": 12.14 b1738, 12.15 b1748, 12.16 b1860, 12.17 b1863. All no problem at all. Blink Opera only changed location and format to json. Simply means Presto is "secure" but Blink has problems.

Neither you nor I have the accurate details of the economics, shortcomings, reliability, prioritization or relative merits of how Opera might or might not implement this or that method of restoring user customization of the default search engine list. Opera does. For me, it is sufficient that Opera has said they have not rejected the idea of user customization in principle, but that a reliable, appropriate solution has not yet come to be, in their judgment. Apparently, you do not accept that statement. OK, we agree that there's a disagreement, but what is the point of further discussing that? As with their statements about why the default list was 'locked', they have already expressed their viewpoints. They will deal with the default list issue further if and when they deem it appropriate; in the meantime, that particular security threat is blocked in their estimation, and the present negative user consequences are simply user 'inconvenience' since alternative search engines not on the default list can still easily be used, if a user so desires. The original problem that existed involved a potential hijacking of the search engine that maliciously locked it to an ersatz default engine that the user could not readily remove or restore from, even by restarting the browser.
All the other issues raised here (other security details, relative risks of various search engines, tradeoffs/merits of various ways of adjusting defaults, user "freedom", who gets paid for what via list placements, etc, etc) have no bearing on the default search-engine list problem and Opera's explanations, plain and simple. They are extraneous. Opera has done what it has for the reasons it's given; Opera will do what (if anything) further it needs to when it's ready; in the meantime, the browser is what it is. Either one accepts Opera's explanations or one must call them liars.

Sure but from technical point of view security restriction how it's in current conditions doesn't make much sense. There's no logical explanation for this. And after year and half, they didn't changed anything.

stealth789

stealth789 last edited by

The discussion is gone nowhere, we are just repeating everything again. Let's wait for the new versions. Linux's users had waited a year to Have Opera for Linux. So we can wait as well.

There's no problem with waiting if you know, that change will come. But question is for how long it is. But let's hope it will come to this.

But from this point rather security related arguments are going nowhere, and has many flaws. Or sometimes there's lack of logic in decisions made. But sure maybe desperate times called for desperate measures.

blackbird71

blackbird71 last edited by

...
To be accurate, I tested x86 releases of Opera Presto. Basically there's no problem at all to change default search engine. It's located in one ini file "search.ini": 12.14 b1738, 12.15 b1748, 12.16 b1860, 12.17 b1863. All no problem at all. Blink Opera only changed location and format to json. Simply means Presto is "secure" but Blink has problems.
...

I haven't played around with manually altering search.ini files, nor do I know that such alterations will "stick" after Opera is restarted. But when I refer to "readily" changed, I mean simply that the ability to do it is not incorporated within the browser itself via settings or tweaks, since Opera 12.15 came on the scene. I do know that such kinds of manual file alterations often don't survive a version upgrade. I also know that the MyOpera forum was replete with threads complaining about the user's inability to alter the default search engine beyond those in Opera's list, and I was intimately involved in many of those threads because my StartPage was one of those affected... and in none of those threads was anything discovered that would persist in an Opera installation across restarts and/or version upgrades. At the end, the best one could do was to swap the locations of the default Opera search box and a second custom-focused search box that one had manually added to a toolbar, and use the custom box in lieu of the default box. For that, and several other reasons, I'm still at Opera 12.14, rather than having moved on with the Opera versions.

My point, in any case, is that manually altering files does not mean there's an easy, secure means of doing the same thing from within the browser via settings, etc. that can also be kept free from malware's tamperings.

stealth789

stealth789 last edited by

@blackbird71: In mentioned 12.x versions it's allowed to alter default search engine standard way via Manage Search Engines \ Add \ Set Use as default search engine. I mean standard user's way. So maybe only in specific builds of 12.x is was restricted. I only checked final builds of files from http://ftp.opera.com/pub/opera/win/.

Also I was used to backup "search.ini" file in many OS re-installs without problems. But sure there can be some problems related to new upgrades now.

And about secure way by user, as I mentioned in other thread, I don't see difference from managing password. When it can work (and I hope work safe), the same way data can be encrypted and saved to SQLite file, just like password_value is in Login Data file.

A Former User

A Former User last edited by

To be accurate, I tested x86 releases of Opera Presto. Basically there's no problem at all to change default search engine. It's located in one ini file "search.ini": 12.14 b1738, 12.15 b1748, 12.16 b1860, 12.17 b1863. All no problem at all. Blink Opera only changed location and format to json. Simply means Presto is "secure" but Blink has problems.

Add startpage.com as search engine in Opera 12.15 and up, set it as default, exit and reopen the browser. It won't keep your setting.

search.ini could be easily edited by third-parties up to 12.14, in 12.15+ only the engines included in the built-in lists for Opera's various partner locations could be set as default.

stealth789

stealth789 last edited by

Oh, I see now. Just a little bit crazy. I'm sure how users should be crazy about it. At least they could disable check box, to don't deceive users. As it looks there are again hashes in file "files.sig", suggesting some 2048 bit function. So also encrypted by Opera.
Still no making sense to me use this madness. Should store it the same way as passwords. Period.

Deleted User

Deleted User last edited by

This thread should be closed. It is no use anymore and it is duplicated