Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

Opera to Start Phoning Home? 197

Posted by Zonk
from the they-know-what's-good-for-you dept.
An anonymous reader writes "Near the end of a story about Opera's determination to stay in the game: 'Earlier this week, Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said Tuesday in a blog that the next edition, Opera 9.1, will include beefed up anti-phishing and anti-fraud features. Rather than simply indicate that a site is secure with a notation in the address bar, Opera 9.1 will also query Opera-owned servers for information on any site visited. Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"
This discussion has been archived. No new comments can be posted.

Opera to Start Phoning Home?

Comments Filter:
  • Re:Privacy concern (Score:4, Informative)

    by Anonymous Coward on Friday October 20, 2006 @01:09PM (#16518991)
    Tell me what they send to their server is actually a hash of the URL with a huge salt.
    From the linked blog [opera.com]:

    When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.

    Presumably, it's because of the following:

    The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine. We prefer to send information between the browser and ourselves in plain text, so our users can inspect the data we send "home".
  • by Deathlizard (115856) on Friday October 20, 2006 @01:10PM (#16519003) Homepage Journal
    I know IE7 phones home, and fireefox 2 does too for anti-phishing. They both can also be disabled by the user.

    I don't see how this is any different than what MS or mozilla is doing. As long as it can be disabled by the user it should be ok.
  • by elcid73 (599126) on Friday October 20, 2006 @01:14PM (#16519079) Homepage
    They use white or blacklists. Meaning it phone's home just to get a big list of all at once.

    Opera checks each as you go.

    Pro: it's updated as fast as GeoTrust is.. you don't have to wait for your nightly download (or whatever frequency) so you get the most reponsive phishing filter.

    Con: The reason this is a headline at all. ..Still, it will be able to be turned off and it's largely not all that different from MS or FF.
  • by Anonymous Coward on Friday October 20, 2006 @01:19PM (#16519139)
    As easy as Opera operating from Norway, which is a country with extremely strict privacy laws? Also, as easy as Opera not being known to abuse user data in the first place, and already having Opera Mini, which means that ALL sites you visit have to go through Opera's servers, and Opera Mini probably has more users than the PC browser anyway?
  • by AKAImBatman (238306) * <akaimbatman@gma i l . c om> on Friday October 20, 2006 @01:23PM (#16519233) Homepage Journal
    Geez, everyone is phoning home these days. Who's next, E.T.?!?
  • by Vexorian (959249) on Friday October 20, 2006 @01:25PM (#16519253)
    1 How does the Phishing Protection feature work in Firefox 2?
    Phishing Protection is turned on by default in Firefox 2, and works by checking the sites that you browse to against a list of known phishing sites. This list is automatically downloaded and regularly updated within Firefox 2 when the Phishing Protection feature is enabled. Since phishing attacks can occur very quickly, there's also an option to check the sites you browse to against an online service such as Google for more up-to-date protection. This enhanced capability can be turned on via the Security preferences pane.
    http://www.mozilla.org/projects/bonecho/anti-phish ing/ [mozilla.org]
  • by scoobrs (779206) on Friday October 20, 2006 @01:31PM (#16519363)
    Does anyone bother reading before commenting anymore? The feature will be able to be switched off at will, even on a site-by-site basis, and they will toss out source IPs at Opera if you choose to use it. The main reason they do it this way instead of downloading lists like mozilla and IE is that lists can be obsolete and phishers can be onto promoting their next scam by the time the lists are updated on clients. Besides, Opera is in Norway and outside Department of Justice jurisdiction for spying requests. If you don't like it or are sophisticated enough that you don't need it, turn it off.
  • by sammydee (930754) <seivadmas+slashdotNO@SPAMgmail.com> on Friday October 20, 2006 @01:35PM (#16519423) Homepage
    RTFA:

    "When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless."

    It only sends a hash of the web address. It would be difficult to extrapolate the whole address from a hash.

  • Re:Optional, please? (Score:2, Informative)

    by elcid73 (599126) on Friday October 20, 2006 @01:49PM (#16519635) Homepage
    "Why not have users download a list every so often?" ...because "every so often" is "not often enough" when it comes to phishing.

    (according to Opera)
  • Re:Mmnn features (Score:2, Informative)

    by hkmwbz (531650) on Friday October 20, 2006 @01:57PM (#16519769) Journal
    Your ISP is as much of a "random company" as Opera Software is. Opera Software is located in Norway, which apparently has extremely strict privacy laws. You also need to consider a company's track record. Opera Software also has the mobile browser Opera Mini which always goes through Opera's servers which do the rendering for the Mini client, and no one has cried foul so far.
  • Indeed I do. (Score:4, Informative)

    by Poromenos1 (830658) on Friday October 20, 2006 @02:10PM (#16519975) Homepage
    The request Opera sends is a hash of the URL instead of the URL itself.

    Would the second Opera user like to comment?
  • by Kelson (129150) * on Friday October 20, 2006 @02:13PM (#16520033) Homepage Journal
    Actually, IE7 can check each site as you go [microsoft.com], and Firefox 2 has two modes: one that checks against the blacklist, and one that checks each site as you go (look in Tools/Preferences/Security).

    So yes, each browser will have a mode which will send nearly every URL you visit to a third party for checking against phishing sites.

Money will say more in one moment than the most eloquent lover can in years.

Working...