Transparency politic needed regarding the built-in VPN service related internal vulnerabilities.
Official on-line available information lacks of transparency regarding the free, unlimited, and with no subscription built-in VPN service related possible internal vulnerabilities. Would Opera be kind enough to inform transparently and in a clearly form its on-line documentation regarding the present topic?
As mentioned on Opera's web site, this service in Opera browser is provided by SurfEasy Inc., an Opera company based in Canada. By offering such a legitimate service aimed to enhance privacy and even for free of charge, it rises concerns regarding the essentially privacy, about leakages which indeed do occur behind VPN services (paid or not).
Currently a growing range of techniques like fingerprinting detection attempts through Canvas elements, like Canvas font access, audio (via the AudioContext API), via the WebGL API), via the Battery API), device enumeration (via the WebRTC API), gamepad enumeration (via the Gamepad API), WebVR enumeration (via the WebVR API), or through calculating Client’s element rectangles. decrease instantaneously the very effectiveness of VPN services.
However, protection against those attempts requires unfortunately for now a third-party add-on, that may not be trust-worth. The fact that only one add-on of that nature is currently present for download in the add-on collection available in Opera, may not be a surprise for the few who were aware of the challenging situation in protecting even with VPN.
Does Opera use for tunneling and data encapsulation the PPTP protocol, which is fundamentally insecure due to using short length encryption keys and password hashes that can be cracked by a skilled individual or the L2TP/IPSec protocol, which has already been tampered successfully by the NSA. In case Opera uses a more secure protocol, may the traffic remain vulnerable because of the use of insecure ciphers?
Does the VPN service require use of Perfect Forward Secrecy ciphers, so VPN network traffic can not be saved, and subsequently decrypted later if the encryption keys or algorithms have been compromised?
At last, while VPN services usually do protect web traffic, many do not or loosely, protect DNS lookups, meaning that user’s browsing history can still be reconstructed from DNS lookups. How does Opera protect DNS lookups from DNS leakage if it even does?