Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

[Privacy bug] The creating a bookmark in a private tab with VPN causes connection non through VPN

  • It can be easy detected by DNS leaking. (You need only DNSQuerySniffer)
    ....

    The additional:
    The private tab is with enabled "VPN".
    The non-private tab (window) is without enabled "VPN".

    So, the problem is obvious – сreating of a bookmark happens in common window even you add it in an incognito tab.

  • You know that search engines circumvent the VPN by default in Opera?

    Ridiculous default of course, that goes for much more in Opera.
    [The most serious thing is that Opera starts by default as a scheduled task to check for updates.
    In practice, this means that every time Windows Opera starts up, it always checks automatically for updates.
    How you dare to call yourself a privacy browser remains a mystery to me.
    By the way, Brave and I think Chrome (you can find it anywhere in Windows where you don't want it anyway) as well.
    Actually it's a pity Opera doesn't have these things in order, in itself it's a pretty nice browser.]

  • You know that search engines circumvent the VPN by default in Opera?

    I don't think that is a problem.

    • It can be easily found in the options (It's not a hidden option).
    • It can be disabled (It's the important part).
    • It has benefits - you get a relevant search result (for based on your IP location) and no captcha.

    The most serious thing is that Opera starts by default as a scheduled task to check for updates

    I also want an option to easily disable auto-updates, for example, future Manifest V3 can break a lot of extensions that get you better privacy (not only ads blockers).

  • Bump.

    Or Opera team think that it is an appropriate behavior?

  • Can you double-check that this is still the case now since the bookmarks manager now loads in the private window again when you open it from the private window?

  • I opened a private tab, enable "VPN", opened a site. Connection is through "VPN". There is no log in DNSQuerySniffer about the connection to the site.

    Bookmark the site:
    Screenshot.png
    The image for the bookmark are loaded non through "VPN".
    As a result the part of the connection – DNS resolve – is showed in DNSQuerySniffer log.

  • Okay. Thanks for the update. I'll test and test in Opera Developer too. Don't know if it's expected behavior or not yet though.

    In Opera Developer, I'll see if opera://flags/#opera-doh makes a difference. Since the query goes over HTTPS, maybe it'll go through the VPN then. Maybe it won't though still if it's an issue with private window/normal window context where the VPN isn't on in the normal window.

    I assume everything works fine if VPN is on by default and then you open a private window?

  • @burnout426
    This happens then "VPN" enabled only in a private tab. Obviously, because the process of creating of a bookmark is going in common window that is wrong.

    DNS over HTTPS is not a decision. Absolutely.

    DNS resolve is just a part of connection to the site, the next step is HTTP/HTTPS connection that also in this case does not go through "VPN". In this case IP of the site and a content (in case HTTP) are visible for ISP.

  • DNS over HTTPS is not a decision. Absolutely.

    Here is it.

    site conenction.png
    HTTP (TCP) connection is visible too. It is unacceptable for any good VPN.

    (I have used Wireshark.)

  • A bit more presentable screenshot (domain of images for the previews is the same as domain of the site):
    v2 site.png
    This site is on HTTP so I (and ISP) can see the all content, not only IPs.

  • Thanks for all the details. Opera has confirmed your findings and they are investigating. I'll post if there are any updates.

  • Partial fix in https://blogs.opera.com/desktop/changelog-for-65/#b3459.0, but there's a little more to do, so sit tight.

Log in to reply