RE: Opera’s Global Fight for Your Right to Choose Your Web Browser Comes to Brazil

Good luck guys.

@locutus Not really relevant. Firstly, this thread is about Opera specifically - and the specific concerns raised in that post I linked to.

Secondly, while I agree that Brave has its own share of (rather small IMHO) controversies, but AFAIK no-one's identified any suspicious connections being made to Brave's servers.

@burnout426 Thanks for your responses!
Didn't Opera recently buy back some/all of their shares from that Chinese consortium? Or am I getting this wrong?

NOTE: I'm pasting the full comment's text for better visibility. I did not write it myself.

"This video doesn't say anything that hasn't been said a million times before. Opera isn't a privacy-focused browser. I figure most people who are using it don't really care that much and enjoy its features.

Not sure why it focuses on the Geolocation stuff, of all things, to point out though. That's kind of whatever. The browser will be pinging Opera's own servers to check for updates periodically anyway, which will give them your IP which can then be narrowed down to a location.

I'd say a more concerning issue with Opera is the fact that everything you type in the address bar, and every site you visit, is sent to their servers. Sometimes in multiple ways. Every time you enter a keystroke into the address bar, it will attempt to send it to two places:

1. To your default search engine to provide search suggestions based on what you just typed (which can be disabled through settings by disabling "Improve search suggestions.") This is kinda whatever since you're probably going to send them the full query anyway and are already trusting them with your searches.

2. To weather.opera-api2.com/autocomplete to attempt to look for a corresponding location to display the weather for places in the suggestions area. This can only be disabled via opera://flags by setting the #address-bar-dropdown-cities option to Disabled. Having everything typed get sent to their servers essentially gives them the ability to profile your search queries. Are they using this data to profile you? Obviously we don't know for sure, but a small tooltip showing you the weather in the search suggestions of a potential location that you're typing certainly isn't worth every keystroke being sent to, and potentially stored on, their servers and tied to you.

Additionally every time you visit a website, when it is finished loading, Opera will make a call to its own servers to an API containing the domain name. Let's say I visit privacyguides.org in Opera, when it is finished loading Opera will make a call to: speeddials.opera.com/api/v1/thumbnails/www.privacyguides.org. This allows for a complete profiling by Opera of every site you visit with their browser. There is no way to disable this, even through flags. The only way around this is by nullrouting speeddials.opera.com, which will also break the news feed on the new tab page if you have it enabled. This service seemingly innocuously fetches thumbnail images for sites for the speeddial squares, but again the privacy cost here is very high for something so trivial that could be accomplished through other means like caching a site's favicon without phoning home, for example. And why does the browser need to acquire these images for every single site that you visit? Why not just a single time when you add a site intentionally to the speed dial section? It makes no sense. Again, we don't know for sure if they're using this data to profile you and store the sites you visit but it would be very trivial for them to do so.

Furthermore to that, when you visit a site in Opera the domain name will be sent to another location. Assuming we're visiting example.com, before loading the page Opera will make a POST request to sitecheck.opera.com/api/v2/check with a payload containing the example.com domain. This, again, allows for an entire collection of your browsing history on their servers. This can be disabled by turning off the "Protect me from malicious sites" option under "Privacy and Security". There are much better ways from a privacy perspective of performing a malicious site look-up, such as periodically downloading a complete list of problematic domains and performing a comparison entirely locally which is what Firefox does. The way this is implemented in Opera is sloppy, at best, and intentionally poor if you're being cynical since it allows for trivial collection of your entire browsing history.

These are the real big deal issues with Opera. Everyone using it with anything resembling default settings is essentially sending their entire browsing and search history to the Opera servers, which can be tied to you. And unless you've carefully disabled all the required options AND nullrouted speeddials.opera.com this basically applies to everyone using the browser.

There aren't many browsers brazen enough to outright collect data directly on every single domain you visit and every keystroke you enter into its address bar. Opera is one of the ones that does. These are the real, tangible issues with this software. People talk a lot about their connections to China, point out their shady dealings in other areas etc. but most people will just brush those off. People need to know, in no uncertain terms, that this browser is sending your entire browsing history to their servers. I'd like to say these issues are just bad design under the hood and not intentionally malicious, but that would be giving them the benefit of the doubt which they've really not earned as a company. Through cynical eyes, it seems they've tried to implement hardcore tracking of what their users type and visit and attempted to hide it behind "innocent" services that they can potentially excuse away as trivial functions if it were brought up.

If Opera were interested in privacy, they would remove these invasive functions and re-implement them in a more privacy-respecting way, which wouldn't be particularly difficult to do. The fact it would be relatively easy to avoid doing these things and the fact they've kept them how they are for many versions now brings out the cynic in me and tells me they probably want them just the way they are."

Well, you have not really addressed some very specific concerns raised elsewhere. A good summary can be found here: https://www.reddit.com/r/browsers/comments/14bisgq/comment/jog0c1x/

Hah. Trust your data to the nightmare that is Opera's privacy policies.

And still the adblocker is the worst of its kind, and still no support for AdGuard's HTTPS filtering (the only Android browser which doesn't allow this!).

Okay, brilliant, lots more crypto and all that. But when will Opera for Android finally block Google/Bing search ads and Twitter/LinkedIn promoted posts? Your built-in adblocker is unworthy of that name, and Opera is the only Chromium browser to disallow AdGuard's HTTPS filtering. I've reported this to your devs ad nauseam, but answer came there none!

Another browser, more fragmentation. Why?

It's 2022 and we still can't sync our extensions.

But if you want a browser that actually blocks Google Search ads, look elsewhere.

@shintoplasm01 @leocg On what basis do you edit users' posts?

Important note: Opera's built-in adblocker does not block Google search ads.

@shintoplasm01 @StefanOpera Even the latest Edge 96 for Android has upgraded its adblocker to block Google search ads. Only Opera lets them through.

You used to be a browser developer... Once upon a time...

@shintoplasm01 @StefanOpera : FYI, I've reported the adblocker issue under ANDEX-95662.

Still not happy with the following two long-standing issues in Opera Android:

1. Built-in adblocker consistently allowing Google Search ads. This entirely misses the point of having an adblocker...
2. Inability to change the default search engine to anything that's not on the built-in list. Especially egregious is the lack of Startpage in your default list.

@markjordan What do you mean? On Android, Brave's adblocker (when set to 'Aggressive') blocks Google search ads. AdGuard (the app) also blocks everything, but since Opera on Android doesn't allow AdGuard's HTTPS blocking I have to rely on its built-in adblocker, which does not block Google search ads.

@sgunhouse Does the mobile browser's adblocker also block Google Search ads for you? It certainly doesn't on mine.