RE: If this is all the help there is, I'm out

There's clearly a communications problem going on here.

The first post made by @livingpharaoh was actually in a different Opera sub-forum (Opera for Computers): https://forums.opera.com/post/164596 . In that post, he specifically stated he'd just installed Opera 58, was looking for "Themes" options, and got entangled while searching in Opera's website by a referral to "Tools" for the Themes option. He then asked if that website description was out of date. @Leo responded "yes, it is". Unfortunately, that accurate moderator reply didn't address the OPs' underlying concern of where might Themes be found in Opera 58 (actually, such as it exists, under Settings > Wallpapers and/or Appearance). However, the reply did answer the OP's specific question.

The OP then posted here in the "Forums" sub-forum with a sarcastic-toned complaint towards Opera's support, regarding what he deemed the insufficiency of the reply to his original post in the Opera-for-computers forum. Subsequently (and unfortunately), it seems everyone thereafter has been essentially talking past each other here.

Several observations occur to me:

1. The Opera websites indeed can too easily lead a user (especially one new to chromium-based Opera) down some confusing rabbit holes related to Olde Opera terminology and documentation which don't apply to New Opera. This is not the first instance of this in user posts I've seen.
2. Sometimes the most relevant, underlying nature of a problem post gets missed by a reply. I too am guilty of this at times, occasionally because of misleading language/wording/interpretation and other times by a particular mindset I may bring to my first reading of the problem post.
3. Sometimes, after a single problem post that doesn't get a (to them) 'suitable' reply, posters lose patience (and their tempers) and generate a 'snarky' post. What results thereafter is often a flame war that pulls in other attackers/defenders and alienates all involved.

I believe what's needed is patience on the part of each of us, original posters and responders alike, along with a willingness to calmly ask for and respond with more information and/or clarity when requested.

@rehmanjamshoro said in Spam advertisement:

OK sir who is responsible it. told me

This scam has been going on for several weeks. See: http://www.scam-detector.com/online-auctions-and-tech-scams/iphone-8-and-iphone-x-tester-scam

Scams like this can be difficult to trace beyond the original website you visit, since they are often the result of malicious ads running remotely on that website. Many sites don't sufficiently check out to whom they rent ad space on their sites, and sometimes ads on a site are sub-rented out to still other end advertisers by a middle man company. Such ads generate pop-ups independent of the site itself, and can be very difficult to trace back to the authors.

@coffeelover said in Can Opera be fully Trusted:

...
So... each of us has to make up our minds regarding the security of this Opera browser. ...

This. However, it applies to any browser; and it should be pondered continually and not just at browser adoption, if browser 'security' is a conscious factor in one's browser usage (though it's not, frankly, for many users). Part of the basic issue is that a browser user must necessarily entrust part of his personal data and his browsing preferences/habits to the care and competence of software designers and parent corporations which the user has never met nor really knows little about, regardless of the user's level of inquiry. Moreover, the kinds of 'insecurities' that may be knowingly ignored by one user may be considered 'catastrophic' by another, depending on how he defines "security". Truly, YMMV.

Obviously, you mentioned some past indications of questionable behavior on the part of subsidiaries of one partner in Opera's new parent ownership consortium. Whether or how those kinds of behavior might somehow ripple down or transfer into the actual design and 'security' of an Opera browser version is difficult to determine with any certainty. There is some measure of protection under Norwegian privacy laws, under which the Opera organization continues to operate. There is a greater measure of protection present in the inherent integrity and competency of Opera's software designers, since at the end of all factors, it's the designers who actually commit code to end product.

The real proof-of-the-pudding lies in the code itself. However, few modern browsers are fully open-source in every code fragment they contain... otherwise the makers risk giving away the store to competitors in how they solve technical problems and provide key features. So every browser containing closed-code presents a level of uncertainty regarding what is truly going on internally. It's part of the air which ordinary users must breathe in today's software world. In such cases, a security conscious user must remain ever alert for relevant fresh reports of insecurities within a given browser or its design operations.

Personally, I'm not unduly troubled by the revelations you list, since I believe those occurred historically in products created by entities distantly apart from the current Opera design group. In reality, the opacity of future corporate-owner influences on browser design within Opera is not much different from that characterizing Microsoft or Mozilla or most other browser makers - publicly or privately held. There are a few browser makers which seem more open in what they do (though it would be rude to discuss them in an Opera-sponsored forum), but there are no guarantees even then.

@leocg said in Why Use Opera?:

... So different situations, different needs.

This!!!

For many years I used Olde Opera precisely because it fit nearly all my browsing needs, just as my needs had evolved around the many features of that browser. When Opera elected to follow the Blink pathway, I was a rather ardent Opera defender for a time in Opera's old forums amidst the truly massive outcry against that change. My key point then was for users to be patient and give Opera's developers time to integrate various key features (whose losses were being loudly decried) into the new browser. As time went by, some of the key 'dropped' features needed for my work flow were indeed restored to the evolving design (bookmarking, in particular). But others were not, and even the bookmarks feature itself lacked certain sub-features that were very significant to me (eg: the ability to set bookmarks bar titles to text only, since I need 50-70 bookmarks on a given single-line toolbar and abbreviate their titles severely). During that time, I often found myself increasingly agreeing with @ayespy's postings in the old Opera forums trying to persuade the developers and posters of the need for what we viewed as better control, features, and customization capability in New Opera, but to diminishing avail. Opera's focus had shifted.

What was actually occurring was both a change in the way the Opera browser was targeted and a change in (or more accurately, my recognition of) the importance of various detail requirements of my work flow using browsers. Opera was now developing a browser for 'the marketplace', whereas I had evolved solid work patterns dependent on my having detailed control/customization of browser settings, functions, and features. Thus, for a long time, I persisted in using Olde Opera (12.18) for much of my work-related browsing and both New Opera and Firefox for my casual browsing. Fortunately, as Olde Opera became unacceptably obsolete in terms of website compatibility, Vivaldi came upon the scene. It allowed me the detailed customization and features in areas that my work flow had come to demand. It's design mantra was that it was "a browser for our friends", meaning those users who require detail browser functionality and control. Hence, it's a browser that is actually a configurable tool.

Today, I have different needs than most of the users now targeted by Opera. So I use Vivaldi for my primary browsing and New Opera for some casual browsing. And I experiment a bit with Otter. They're all good browsers given the roles they're intended to play... but they're each aimed at different user needs and priorities. Frankly, I'm glad they all exist. And they're free...

@acidinmyfridge said in IS VPN with problem now?:

... i'm using Vivaldi too. ... Wondering if they're gonna implement VPN as well. ...

If they do, it will be a good while from now. They have their hands full just developing the features they've been promising, plus they don't have the server farm/portals to support a VPN (or the cash flow to rent it).

To some users, any record of the names or content of visited sites left in the browser may prove an "embarassment" when/if other users share the system. In a few locales, certain leftover names or content records in a browser may have fatal potential. Not knowing the poster's reasons for wanting the browser records completely cleaned upon demand, it's hard to be critical. I do share the opinion that a browser function or settings label should accurately reflect reality, and an option to 'clean browser history' should indeed clear all the forms of browing records since each of them constitutes part of its true browsing history. Only clearing some of the data under such a label forms a misleading impression of security; this is even more true if there are not co-located alternate controls for records-removal that might act to reinforce a user understanding of the incompleteness of the original function.

@coffeelover said in Can Opera be fully Trusted:

... Today I see that China has been using tiny microchips to gain access to US companies. This is yet another reason why I personally do not trust software or hardware that comes from China. Read about it by going to the link below. ... For those like me who no longer trust Opera, the evidence seems enough. For others like Blackbird who believe the evidence is not compelling, there is little point in continuing the discussion. It really boils down to what one is willing to place his/her trust in and for me... ...

https://www.theblaze.com/news/2018/10/04/china-used-tiny-microchips-to-gain-access-to-us-companies-banks-government-contractors-report

Writing as someone who has spent much of his career dealing with highly classified materials, I feel there's a vast difference between an adversarial government covertly placing spy-chips into a market-leading company's industrial/commercial/military server hardware by bribing/coercing factory personnel within that adversarial nation in hopes of penetrating corporate/government networks so as to acquire strategic information versus that same adversary somehow getting some lines of snooping code covertly inserted into a second-tier Internet web browser that's designed by code experts outside the adversarial country and aimed at individual non-commercial users. Of course anything is always possible, but 'possible' doesn't make it likely - and it certainly doesn't necessarily make it even worthwhile. Covertness always carries the risks of unexpected disclosure, whose costs and fallout can be considerable when measured against probable reward for the effort. Consequently, the potential payoff must always be worth the risks incurred - and, frankly, the market exposure of Opera into truly strategic arenas doesn't really qualify as worth it.

But, as I think we agree, it all comes down to personal opinions and preferences. For me and the equipment upon which I use browsers, Opera is currently OK in a security sense. For equipment that really matters in a real-world security sense, I personally believe there should be complete isolation from the public Internet - a genuine airgap, if you will. Hence, the only practical browser risks for ordinary users is from non-nation-state hackers and vandals.

@rakejake said in OperaVPN is not working:

The whole dilemma can be resolved if Opera can confirm this.

If you are able to visit https://www.comparitech.com/blog/vpn-privacy/internet-censorship-map/ , you can gain a view of the scope of censorship worldwide as of January 2020 (particularly if within that page, you set the "Show -- entries" to 100 in the nation-table part way down the site's page). Bangladesh ranks quite high for employing national censorship in that table (among the top 25 nations in the world), on a par with well-known censoring nations like Cuba, Egypt, Bahrain, and Saudi Arabia but behind China, North Korea, Iran and a scattering of others.

Frankly, there is very little that Opera (or anyone else) can do about national censorship... nations are sovereign and do what they want. Why a nation blocks one site but not another has all to do with their interpretation of what they wish to block from their citizens, the technical mechanisms used in blocking, and the persistence of the personnel in the blocking agencies. If Opera's websites are reachable by ordinary browsing from most other nations in the world but not from within Bangladesh (which is the case), it stands as proof that the Opera sites are being blocked (intentionally or otherwise) within Bangladesh. There is nothing Opera can do about that. That some other VPN services might be able to penetrate the censorship speaks more to the lack of thoroughness of their blocking mechanism by Bangladesh and the ability of those VPNs to jump ahead of the censors by frequently changing their IPs or using other technical means. Bypassing national blocking is a continual (and expensive) electronic war between blockers and VPN providers, and probably goes well beyond the limited purposes Opera has in supplying a VPN option in their browser.

I don't work for Opera, but I don't see how (in practicality) Opera can conclusively determine on its own which nations are locally blocking its websites (including its VPN) since it doesn't reside physically in many of those nations and because the dynamics of who is blocking what change literally daily among nations. Moreover, nations that do block are usually very evasive about which specific sites they block for what reasons.

If a corporate System Engineer blocks processes from executable programs on the company-owned computer or network because of 'security problems', you may want to rethink trying to bypass his efforts. If his action reflects corporate IT security policy or efforts, bypassing or otherwise interfering with such blocking could be termed as a "career-ending move" in most organizations.

@yanta said in Microsoft switches to Chromium:

This quasi-monoculture might threaten security and diversity.

The whole culture/system is cost-driven. Websites (of which there are now enormous numbers) operate by writing website code which interfaces with web browsers and their underlying rendering engines. Since there are different ways of doing the same things, there may be different forms of browser code that render the same website code into a screen display, but show it somewhat differently - which causes what's seen on-screen by the user to be different from what was intended by the site-code writer. Likewise, for certain other forms of embedded functionality (embedded video, pop-up buttons, page swapping, etc).

Consequently, to ensure their site-code looks and operates the same on different browser/engine designs, the site would have to test each browser design for compliance... continually retesting, since both website code and browser/engine code are changed constantly. That costs money, so many sites simply test against a few browsers and publicly declare the other ones "unsupported". The few browsers tested are simply the ones with most market share, hence the smaller market-share browsers are frequently ignored or rejected. Some sites go so far as to put in a few lines of site code that actively test (or "sniff") for the brand of visiting browser and actively block it from access. Their reasoning seems to be that it's cheaper to simply reject a small-marketshare browser than deal with the cost of support complaints over potential compatibility problems. Other websites don't even publish a list of supported browsers, but instead simply code for the big one or two browsers and ignore everything else.

Frankly, this channelization looks to only worsen in the current "free" universe of browsers and websites. Cost recovery is very difficult when the end product is being 'given away' and other income sources (ads, favored placements, paid-product tie-ins, etc) must underwrite the income. Diversity is indeed being threatened, as it always is in a monoculture - and that means innovation is being quenched. Insofar as innovation is being threatened, that implies security innovation is also being reduced, at least in the grand scheme of things.

@krasith said in The forum uses Google Captcha?:

@daxorp I totally agree with you.

...
Get Google Captcha off this Opera site, it provides no security whatsoever,

Though I'm not an Opera employee and certainly not a fan of Google, on the contrary, Captcha generally does what it's intended for those employing it on their websites - which is to block bots from auto-creating logins and thus it helps to greatly thin the herd of spammers accessing the forum. Anyone who has lived through much of the history of Opera's forums over the years will recall the nearly uncontrollable waves of spam posts that would break out from time to time and swamp the forums. That said, there are at least 8-10 alternative anti-bot mechanisms available that offer similar protection, though knowing their effectiveness compared with Captcha in a forum application like this is above my pay grade.

@Wookiee said in Web page intractable but not displaying:

It's blank. I cannot do anything with anything about anything to anything in opera or opera GX. It is a blank white screen ... Is that clear enough for these forums?

Uhmm... what OS are you using, what Opera version, what antivirus brand (if any), what graphics card/chip are you using, what (if any) other browser-brand results occur for similar websites, and have you tried with a clean Opera profile folder/directory? The objective is for those here to get enough of your setup and scenario details to try to recommend a best approach toward a 'fix'. Right now, just describing the problem only as a blank white screen leaves helpers here with a "blank screen" regarding problem details.

@operanana If you downloaded your Opera version from a genuine Opera website, neither it nor its installer will contain a virus - Opera runs a tight ship with their servers. In that case, it's a 'false positive' detection on the part of the antivirus you're using (these are continually being updated and their detection schemes being altered by their makers). Since some recent update to the AV is causing the issue, the AV maker (in this case, Malwarebytes) is who you need to inform and apply pressure regarding their recent AV update.

@hion said in Threat Found in Opera Cache?:

@blackbird71 hmm. I've ran a full scan and everything seems fine. I still find it extremely odd that this happened.

I agree it seems odd, but on the other hand, if you visited an infected site or one carrying an infected ad server, I can see how Defender may have trapped the exploit as the browser was loading it into a cache folder and so it may have blocked any manual or other form of access to that file and folder until you took remedial action thru Defender... that is what an AV program is supposed to do.

With a clean full scan under your belt, the implication would be that the nasty was successfully trapped before it could do or install anything else. Whether it could have unilaterally done damage from a cache folder even if not blocked, I don't really know... but in any case, it seems as if you're good to go now.

@hion There's some insight regarding the threat identified by Defender over at: https://stackoverflow.com/questions/43637629/backdoorphp-webshell-malware . In that case, the comments indicate a hacked site was involved. It may be possible that a hacked ad-server linked by a legitimate site could also cause running such malicious scripting, but I'm not sure about the technicalities.

There is a Microsoft writeup about the virus here: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor%3APHP%2FWebShell.A&threatid=2147651339&enterprise=0

Both prudence and Microsoft suggest running a full system scan just in case something leaked through.

@hion said in Threat Found in Opera Cache?:

... Why didnt the file that was infected (f_0022005) not found when I went to go search for it (Note: this is before I took any action to remove it).

Under Windows Security > Virus & threat protection > Current threats > Protection history, is there a listing for the incident? I'm not sure how enduring that history's memory is, so it may have already scrolled off, but perhaps not... in which case you might find some additional info. When Defender blocks some 'severe' threats, it immediately prevents them from proceeding further within the computer once it has 'trapped' them and causes their action to be suspended until you give direction. In this case, it may be possible that it also blocked or suspended manual access to the f_0022005 cache folder so that Explorer, etc. couldn't pull it up and allow infection via that route. Once you clicked in Defender to remove the threat, it would have permanently removed the folder.

Just a thought... when one uses Google Search directly (without VPN), the IP presented to Google's server is the one your ISP has assigned to you and is very unique with respect to the universe of IPs out there. When you use Opera's VPN to contact Google Search, the IP presented to Google's server is the one assigned to Opera's VPN server... and if a large number of other Opera users make use of Opera's VPN for Google Search, the Google server will see that Opera IP presented over and over (each time associated with a different user by the VPN, but that would be invisible to Google's server). If, as is most likely, Google's server has a protection algorithm to prevent bots and web crawlers from repeatedly accessing their search function, they will track incoming IPs and discover that the one from Opera's VPN causes many hits - and as a result, will probably assume it's a bot and toss the picture pop-up back at you to prove otherwise.

@rakejake said in OperaVPN is not working:

The whole dilemma can be resolved if Opera can confirm this.

If you are able to visit https://www.comparitech.com/blog/vpn-privacy/internet-censorship-map/ , you can gain a view of the scope of censorship worldwide as of January 2020 (particularly if within that page, you set the "Show -- entries" to 100 in the nation-table part way down the site's page). Bangladesh ranks quite high for employing national censorship in that table (among the top 25 nations in the world), on a par with well-known censoring nations like Cuba, Egypt, Bahrain, and Saudi Arabia but behind China, North Korea, Iran and a scattering of others.

Frankly, there is very little that Opera (or anyone else) can do about national censorship... nations are sovereign and do what they want. Why a nation blocks one site but not another has all to do with their interpretation of what they wish to block from their citizens, the technical mechanisms used in blocking, and the persistence of the personnel in the blocking agencies. If Opera's websites are reachable by ordinary browsing from most other nations in the world but not from within Bangladesh (which is the case), it stands as proof that the Opera sites are being blocked (intentionally or otherwise) within Bangladesh. There is nothing Opera can do about that. That some other VPN services might be able to penetrate the censorship speaks more to the lack of thoroughness of their blocking mechanism by Bangladesh and the ability of those VPNs to jump ahead of the censors by frequently changing their IPs or using other technical means. Bypassing national blocking is a continual (and expensive) electronic war between blockers and VPN providers, and probably goes well beyond the limited purposes Opera has in supplying a VPN option in their browser.

I don't work for Opera, but I don't see how (in practicality) Opera can conclusively determine on its own which nations are locally blocking its websites (including its VPN) since it doesn't reside physically in many of those nations and because the dynamics of who is blocking what change literally daily among nations. Moreover, nations that do block are usually very evasive about which specific sites they block for what reasons.

@hellstra said in OperaVPN is not working:

... I'm from Bangladesh and I cannot open any link having opera.com without using a vpn. In fact, I even had to use a vpn to be able to download the browser. ... Thank you local censorship, yay!

Depending on the political atmosphere in a given country, it may be worthwhile for a user to inquire with their government/local-ISP whether their blocking of opera.com URLs is intentional (and if so, why?); it may simply be an unintentional result of their blocking a chunk of "problematic" IPs. On the other hand, in some strict authoritarian nations, such inquiries may themselves be neither safe nor wise for a user to pursue - YMMV, and only an affected local user(s) can make that determination of whether/how-far to locally investigate.

At the end of the day, all centralized censorship makes everyone a loser in one way or another - but national censorship is one of the unfortunate realities of life in the current real world.

@rakejake said in OperaVPN is not working:

... Other vpn services are working just fine. Only Opera's is facing problem. If blocking was the problem wouldn't other vpn services face problems too?

When a user accesses a VPN, they are directed over the Internet to a specific IP address for that VPN to make their VPN server connection. Depending on the VPN, there may be more than one available connection IP. In any case, a given VPN can readily be blocked if the censoring authority simply blocks user Internet access to known/identified VPN access IPs. Those access IPs can be determined by a curious censor on an ongoing basis by simply installing the particular VPN software (or VPN-equipped browser) and testing for the IPs which are accessed when connecting to that VPN. Hence, "free" VPNs may be more often blocked than "paid" VPNs simply for budgetary reasons.

Another thing to keep in mind is that censors may choose to block entire chunks of IP addresses if they decide too many sites within that range of IPs are individually "problematic" in their opinion. (It may even be less work for them to block a whole range of IPs rather than block many individual IPs within that range). In any event, such IP range-blocking can also wipe out access to "innocent" site IPs lying within the affected range. Moreover, simple human error in black-listing an IP can contribute to incorrectly blocking an 'innocent' IP.

The ability, competency, and accuracy of a blocking authority can vary widely with location and over time. However, if multiple users in a given region (particularly within a national border) are having problems accessing a particular IP - especially a VPN - it normally is related to either some kind of access-blocking within that nation or some form of technical deficiency occurring in that national Internet backbone or ISP network that cannot support the type of connection being sought. Since there are multiple "players" involved in the electronic chain that relays Internet data packets to/from their final destination, blocking by any one of those players will prevent successful user access.