RE: Recovering synced data

I'm not intending to rub salt into the wound, but this illustrates the ever-present dangers of relying on Sync as a substitute for genuine backups. There simply are too many accidental ways for messing up or deleting sync data, not to mention the possibility of the sync server losing the data in some server/portal crash or 'incident'. The safest backup approach has always been, and remains, to make occasional genuine data backups of critical personal-data browser files (like preferences, bookmarks, sessions, etc) - preferably onto external media. While such backups may at times not be exactly current, with a little effort they can be maintained reasonably close to a current state... and having them available, even if a bit out-of-date, can be a literal life saver when (not if) an "oops" or hardware crash occurs.

@thephototoday said in Can Opera be fully Trusted:>

...
Call it paranoia, conspiracy, an influence of Hollywood or whatever you want, but if even Opera itself is funny to present them on their website, it makes me less thankful to use a program paid for by the Chinese.

Nothing is free if Google traffics with my data thanks to Chrome at least I know. Opera does not know where the Chinese have told him he should generate profits.

If you're not actually living in China, then Chinese control/censorship/tracking of their own citizenry is not a technically-relevant issue for your use of a web-browser even if the browser were somehow covertly altered to support such native control schemes (and of which, there is absolutely no evidence yet in Opera). The only remaining risk of something dangerous covertly coded into a browser would be some form of spyware/malware designed to steal your personal data or to spread itself along and into the local network for malicious/covert purposes... and that would have relevance to China only if you were involved in critical/defense-related infrastructure professions. Again, there's absolutely no evidence yet that anything like that exists in Opera.

Certainly, in one's imagination, anything might be possible for a Chinese owner of Opera. But 'possible' by no means is the same as 'likely' or 'reasonable'. One's rationality must always outweigh their paranoia. Embedding malware/spyware into a browser like Opera would seriously risk being discovered by the numerous far-flung Opera developers in multiple lands, having access to its code; it would risk discovery by countless 3rd-party monitors of software products and malware/spyware exploits throughout the world. Once discovered, it would be in clear violation of governing Norwegian laws, and it would be a truly product-killing event that would utterly destroy Opera's reputation thereafter and damage the reputation of any Chinese enterprise exporting any software/firmware product. To most nation-state 3-letter actors (NSA, FSB, etc), such risks would far outweigh any likely reward.

@rakejake said in OperaVPN is not working:

The whole dilemma can be resolved if Opera can confirm this.

If you are able to visit https://www.comparitech.com/blog/vpn-privacy/internet-censorship-map/ , you can gain a view of the scope of censorship worldwide as of January 2020 (particularly if within that page, you set the "Show -- entries" to 100 in the nation-table part way down the site's page). Bangladesh ranks quite high for employing national censorship in that table (among the top 25 nations in the world), on a par with well-known censoring nations like Cuba, Egypt, Bahrain, and Saudi Arabia but behind China, North Korea, Iran and a scattering of others.

Frankly, there is very little that Opera (or anyone else) can do about national censorship... nations are sovereign and do what they want. Why a nation blocks one site but not another has all to do with their interpretation of what they wish to block from their citizens, the technical mechanisms used in blocking, and the persistence of the personnel in the blocking agencies. If Opera's websites are reachable by ordinary browsing from most other nations in the world but not from within Bangladesh (which is the case), it stands as proof that the Opera sites are being blocked (intentionally or otherwise) within Bangladesh. There is nothing Opera can do about that. That some other VPN services might be able to penetrate the censorship speaks more to the lack of thoroughness of their blocking mechanism by Bangladesh and the ability of those VPNs to jump ahead of the censors by frequently changing their IPs or using other technical means. Bypassing national blocking is a continual (and expensive) electronic war between blockers and VPN providers, and probably goes well beyond the limited purposes Opera has in supplying a VPN option in their browser.

I don't work for Opera, but I don't see how (in practicality) Opera can conclusively determine on its own which nations are locally blocking its websites (including its VPN) since it doesn't reside physically in many of those nations and because the dynamics of who is blocking what change literally daily among nations. Moreover, nations that do block are usually very evasive about which specific sites they block for what reasons.

To some users, any record of the names or content of visited sites left in the browser may prove an "embarassment" when/if other users share the system. In a few locales, certain leftover names or content records in a browser may have fatal potential. Not knowing the poster's reasons for wanting the browser records completely cleaned upon demand, it's hard to be critical. I do share the opinion that a browser function or settings label should accurately reflect reality, and an option to 'clean browser history' should indeed clear all the forms of browing records since each of them constitutes part of its true browsing history. Only clearing some of the data under such a label forms a misleading impression of security; this is even more true if there are not co-located alternate controls for records-removal that might act to reinforce a user understanding of the incompleteness of the original function.

@coffeelover said in Can Opera be fully Trusted:

... I "think" (not sure so it's a total guess on my part) that most people believe coding can be more easily hidden in software than hardware so they're more willing to trust their devices than the programs they load onto them. Does it make sense? Probably not but my gut feeling is that this is how most people think.

You're right that it's how most people think (at least most people who even think about security - the vast bulk of users rarely even consider it in any depth). But since most "hardware" contains "firmware" (which is code embedded into PROMS or flash memory), there is far less difference than many folks might imagine. Discovery of backdoor code (intentionally malicious or simply heedlessly left over from factory testing access) has popped up in the news continually in everything from chips to full-blown PC boards for years.

Having worked in the digital and national security realms for 40+ years, I find no more security against spyware/malware in general code-capable parts/devices than I do in downloadable software programs, unless those parts/devices have been procured and tested against a published DoD/military QPL (qualified parts list). In reality, assuming one practices "safe hex", the key issues have more to do with who you are (your profession) and what you have to lose (in terms of secrets) than what an adversary may or may not do. In other words, if you have secrets that make you a worthwhile target or link you to a prime critical/infrastructure target, then you have reason to be super-cautious about national-origin of equipment or software. Otherwise, not nearly so much...

There's clearly a communications problem going on here.

The first post made by @livingpharaoh was actually in a different Opera sub-forum (Opera for Computers): https://forums.opera.com/post/164596 . In that post, he specifically stated he'd just installed Opera 58, was looking for "Themes" options, and got entangled while searching in Opera's website by a referral to "Tools" for the Themes option. He then asked if that website description was out of date. @Leo responded "yes, it is". Unfortunately, that accurate moderator reply didn't address the OPs' underlying concern of where might Themes be found in Opera 58 (actually, such as it exists, under Settings > Wallpapers and/or Appearance). However, the reply did answer the OP's specific question.

The OP then posted here in the "Forums" sub-forum with a sarcastic-toned complaint towards Opera's support, regarding what he deemed the insufficiency of the reply to his original post in the Opera-for-computers forum. Subsequently (and unfortunately), it seems everyone thereafter has been essentially talking past each other here.

Several observations occur to me:

1. The Opera websites indeed can too easily lead a user (especially one new to chromium-based Opera) down some confusing rabbit holes related to Olde Opera terminology and documentation which don't apply to New Opera. This is not the first instance of this in user posts I've seen.
2. Sometimes the most relevant, underlying nature of a problem post gets missed by a reply. I too am guilty of this at times, occasionally because of misleading language/wording/interpretation and other times by a particular mindset I may bring to my first reading of the problem post.
3. Sometimes, after a single problem post that doesn't get a (to them) 'suitable' reply, posters lose patience (and their tempers) and generate a 'snarky' post. What results thereafter is often a flame war that pulls in other attackers/defenders and alienates all involved.

I believe what's needed is patience on the part of each of us, original posters and responders alike, along with a willingness to calmly ask for and respond with more information and/or clarity when requested.

@browzer1 said in How to change your browser ID within Opera:

@rif ... Does this not change the Opera "statistics" on web browsing? Is it a good thing or a bad thing?

Yes, it does affect the usage stats. If a user can access a site by changing the browser ID, it's a good thing for him in gaining access to the site... but it's not a good thing for Opera's market share stats. The ideal would be for websites to respect and operate properly with Opera's genuine user-agent string or respond to user complaints if they don't. But all too often, that's not how the online world seems to operate...

@leocg said in Why Use Opera?:

... So different situations, different needs.

This!!!

For many years I used Olde Opera precisely because it fit nearly all my browsing needs, just as my needs had evolved around the many features of that browser. When Opera elected to follow the Blink pathway, I was a rather ardent Opera defender for a time in Opera's old forums amidst the truly massive outcry against that change. My key point then was for users to be patient and give Opera's developers time to integrate various key features (whose losses were being loudly decried) into the new browser. As time went by, some of the key 'dropped' features needed for my work flow were indeed restored to the evolving design (bookmarking, in particular). But others were not, and even the bookmarks feature itself lacked certain sub-features that were very significant to me (eg: the ability to set bookmarks bar titles to text only, since I need 50-70 bookmarks on a given single-line toolbar and abbreviate their titles severely). During that time, I often found myself increasingly agreeing with @ayespy's postings in the old Opera forums trying to persuade the developers and posters of the need for what we viewed as better control, features, and customization capability in New Opera, but to diminishing avail. Opera's focus had shifted.

What was actually occurring was both a change in the way the Opera browser was targeted and a change in (or more accurately, my recognition of) the importance of various detail requirements of my work flow using browsers. Opera was now developing a browser for 'the marketplace', whereas I had evolved solid work patterns dependent on my having detailed control/customization of browser settings, functions, and features. Thus, for a long time, I persisted in using Olde Opera (12.18) for much of my work-related browsing and both New Opera and Firefox for my casual browsing. Fortunately, as Olde Opera became unacceptably obsolete in terms of website compatibility, Vivaldi came upon the scene. It allowed me the detailed customization and features in areas that my work flow had come to demand. It's design mantra was that it was "a browser for our friends", meaning those users who require detail browser functionality and control. Hence, it's a browser that is actually a configurable tool.

Today, I have different needs than most of the users now targeted by Opera. So I use Vivaldi for my primary browsing and New Opera for some casual browsing. And I experiment a bit with Otter. They're all good browsers given the roles they're intended to play... but they're each aimed at different user needs and priorities. Frankly, I'm glad they all exist. And they're free...

@leocg said in Opera-Werbeblocker:

@archimede What would be that?

Opera-Werbeblocker is Opera's adblocker.

@jeremycards In a typical Win 10 system, you can find it at folder: C:\windows\system32\drivers\etc. Note that the file has no extension term, but is simply "hosts". You can open it and edit it in Notepad... just make sure to again save it without a file extension. Suggestion: before you edit it, save a copy of the original as hosts.bak, just in case something gets messed up... if it does get messed up, you can then always get back to the original.

@nephtys59 Log4j2 is a logging package for Java that responds to "calls" made to its library (but which, in the case of the vulnerability, can be made to introduce all manner of unauthorized commands into the host system). Hence, the primary log4j2 vulnerability (CVE-2021-44228, CVE-2021-45046) rests with systems running Java applications or that interface in certain ways with systems running such Java applications. As a result, the ultimate solution to this primarily rests with operators of such systems updating their log4j2 libraries to log4j2.16 or later (an initial log4j2.15 "fix" was found to still have some weaknesses). Given that in the real world, Java applications can exist in myriad places and be deeply embedded into all manner of systems and servers, it's likely that the vulnerability may unfortunately remain with us for a long time to come.

The question you raised is to what extent a web browser can be impacted by the log4j2 issue. If the browser itself doesn't contain Java calls (not to be confused with the unrelated JavaScript language) or coding modules, then the browser isn't directly affected by the vulnerability. If the browser does contain Java linkages, then it can in theory be affected by the vulnerability even if a vulnerable log4j2 package resides on a server with which the browser is communicating. Whether Opera (or any other browser) contains any Java linkages is for its developers to state.

That said, even without Java linkages existing in a browser, any server (including web site servers or whatever they themselves may link to) that contains a vulnerable log4j2 package version is susceptible to being hacked in almost any conceivable manner. That, in turn, means the potential for website hacking (even for otherwise "safe" or reputable sites) goes up greatly in the Internet world... and that presents increased risks for all web browsing regardless of the browser. Keeping a browser up to its latest version is a primary defense against a hacked website causing grief to the user's system by exploitation of a browser flaw. But there is little defense against a hacked website itself abusing a user's data if it involves the user logging in and/or supplying personal/financial information to the 'trusted' site. That's where a lot of the current concern about this issue really rests.

Much depends on how the Google end-of-support decision evolves in the chromium code itself. There are always different ways of doing things, and if code exists in chromium that specifically supports certain Win7/8.1 unique peculiarities, one can expect such code will rather quickly be removed in order to clean up the remaining code. That can have major impact on downstream browsers using chromium code (like Opera and others). Likewise, if vulnerabilities continue being discovered in chromium code, remedies may be introduced that don't take unique needs of Win7/8.1 into account and all such updates will thereafter not be suitable for those OS's.

Whether a downstream browser that depends on chromium code (like Opera) will add its own work-arounds to support using future chromium code for Win7/8.1 depends greatly on the complexity of such tasks, but it's very unlikely that much energy/resources will be expended in such ways... the Win7/8.1 'market' has simply become too small to justify much effort.

At the end of the day, this is the trajectory for how an out-of-support OS finally "dies" - it's support by application software becomes too costly to bother with, and so the number of available application programs that are being updated withers away over time.

@sporty78 said in 'Get The Latest Security Update:

As an addendum, if' an Opera Developer reads my thread, there are 'many' users who continue to use Win 7 because it serves their needs.

As a result, browser-related updates should continue to be offered.

Essentially, I am not going to 'upgrade' to Win 10 just so that I can continue to use a browser. In fact, 'other' browsers still work like a dream with Win 7.

The reality is that Opera (like many browsers today) is based on the Chromium Consortium's code core. The Consortium developers decided (and announced last year) that chromium code support for Windows 7 would end in 2023. They would no longer test their code for Windows 7 and would remove Win7-specific code whenever encountered when otherwise modifying their code. That has now happened.

As a result, browsers based on chromium code either had to also end their Windows 7 support or else spend a lot of their own resources continually patching and extensively testing each new revision of the chromium code (issued every week or two) with workarounds to attempt to continue providing Windows 7 support. This latter approach, Opera (and various other chromium-based browsers) have elected not to do, largely for economic reasons.

If you're willing to run the risks of or feel economically forced into using a no-longer-supported OS, then one of the consequences is facing the decreasing availability of the various apps that offer compatibility with that obsolete OS. Pleasant or not, it's just the way things work in the modern world of computers.

I keep imagining that in some future epoch, archaeologists digging back into our then-ancient ruins will be baffled about the meanings of all our 'modern' hieroglyphics, on everything from traffic signs to data embedded into flash memories. I sometimes wonder if we're reverting back to an age of picture-writing.

@leocg From https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/ (the website that first discussed the issue):

... First, a user fills out a login form on the page and asks the browser to save the login. The tracking script is not present on the login page [1]. Then, the user visits another page on the same website which includes the third-party tracking script. The tracking script inserts an invisible login form, which is automatically filled in by the browser’s login manager. The third-party script retrieves the user’s email address by reading the populated form and sends the email hashes to third-party servers.
...
We found two scripts using this technique to extract email addresses from login managers on the websites which embed them. These addresses are then hashed and sent to one or more third-party servers. These scripts were present on 1110 of the Alexa top 1 million sites.
...
Login form autofilling in general doesn’t require user interaction; all of the major browsers will autofill the username (often an email address) immediately, regardless of the visibility of the form. Chrome doesn’t autofill the password field until the user clicks or touches anywhere on the page. Other browsers we tested [2] don’t require user interaction to autofill password fields. Thus, third-party javascript can retrieve the saved credentials by creating a form with the username and password fields, which will then be autofilled by the login manager.

Consequently, what currently occurs with this is that the auto-fill mechanism is being invoked by 3rd-party scripting on the visited domain to read the username from the autofilled data for that same domain, hash it, and send the hash as a highly-accurate tracking ID to the 3rd-party server. The 3rd-party script has been allowed by the site in the first place, but many sites poorly vet the quality of parties they contract with - particularly data marketing services.

In theory, your employer could have installed one of a number of key-logging or snooping kinds of software as part of the "work software" on the device, and there's little reason these could not 'phone home' periodically with regard to what you do on the computer. Moreover, the Surface version of Windows contains an 'event viewer' log which can reveal when the system boots and shuts down, as well as error messages from apps software on the system; while it doesn't report home, later analysis of it can reveal how long you used the system and when.

Much depends on the nature of your employer, the specific terms of your employment, the explicit conditions of usage of company-owned equipment, and local privacy laws about employer snooping. You probably know better than anyone else about the likelihood of your employer monitoring in some way regarding usage. But as always, if in any serious doubt, caution would suggest "don't do it".

As a matter of security, I would treat with high suspicion anything which a user did not install directly that redirects their web searches. There simply is too much chance for abuse via manipulation/malware/privacy-invasion by the routine redirection of searches through 3rd-parties, especially virtually-unknown ones like this. If this is by design on Opera's part (which is implied by its presence in the default_partner_content.json file of multiple users), Opera ought to provide users with a clear explanation of what is going on and why. If it's not by design, an explanation of how it's getting into that .json file should be provided by Opera.

@leocg said in Security breach on Chromiums!:

@blackbird71 For sure site B being able to see such info for site A don't seem nice.

What I didn't get well is if the third part scripts are getting the info directly from the password managers or if they are getting it from the main sites.

Apparently, from the way the web standards work with site logins, a login box can be created/accessed from within the associated web domain at any time by site scripting running on the same domain. On the original login page, the normal site login box is called up by site scripting and displayed for the user to enter their data. On other site pages within that domain, however, site scripting can also call up a login box, so the 3rd-party tracking script inserts an invisible login box instead on such pages. Ordinarily, the appearance of the login box causes web browsers to autofill a login box with the correct username and an obfuscated password for that same domain. On the original, normal login page, the user sees that data appear in the boxes. On the invisible login box, the user is unaware of the data that is autofilled to the now-invisible login box, so the resulting username is read, hashed, and uploaded by the tracker script whenever the page is then clicked - hence the user is completely unaware of the tracking operation.

I'm unclear on just how much of the login data is readable by the scripting (the password is visually obfuscated on the browser's display, but it's unclear to me whether the tracker scripting can access it). Apparently, the username data at least is hashed and sent up to the tracking-script server for use as a reliable user-tracking ID in the case where the same username commonly appears across multiple websites, as it often does when required to be an eMail address. In that case, a comprehensive record of such site activity across sites and within sites can be linked using the created user ID.

Though I don't personally have headaches, I do have friends who suffer from them chronically at times (particularly migraines), and many of them find relief from drinking a cup or two of coffee. Apparently the caffeine triggers some kind of chemical release in the brain to help headaches, as well as constricting blood vessels to help migraine sufferers sometimes get relief (especially when combined with aspirin).

What I have found personally, however, it that black coffee makes an effective cleaning agent for hand removing certain kinds of films and residues off metal objects. It's particularly effective at getting that yellowish varnish-like nicotine/smoking residue off old office equipment like filing cabinets and steel desks. And, no, I don't smoke... but I have used coffee to clean up a lot of equipment coming out of offices where heavy smoking occurred for years.

@boroyb88 said in Changes in vpn.:

... Do you specifically make people a slave to technology? First you give a quick Vpn, and then reduce its speed by 90%

In this life, things change. In the business world, things change. When the VPN feature was added to Opera, the company had a corporate relationship with the VPN provider (SurfEasy, which operated a fair number of VPN servers worldwide). Then 'business-type' things happened, and Opera sold the VPN company to Symantec - which ended the corporate relationship with SurfEasy. Opera is attempting to put in place and tune their own network of VPN servers to be linked by their browser, and that network is not (yet) as extensive or traffic-capable as the SurfEasy one... perhaps it never will be quite the same, but that's yet to be seen. But nobody at Opera set out to make anyone a "slave" to anything; things sometimes happen in different sectors of a company (corporate management and browser development) for different reasons, and that sometimes causes unsought impacts.