Opera to Start Phoning Home? 197
An anonymous reader writes "Near the end of a story about Opera's determination to stay in the game: 'Earlier this week, Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said Tuesday in a blog that the next edition, Opera 9.1, will include beefed up anti-phishing and anti-fraud features. Rather than simply indicate that a site is secure with a notation in the address bar, Opera 9.1 will also query Opera-owned servers for information on any site visited. Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"
Hmm Suits in the waiting? (Score:5, Insightful)
Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"
Seems to recall this can lead Opera to trouble, like what happened with Spamhaus.
Great feature realy. (Score:5, Insightful)
There's a reason I was willing to pay for Opera when it was still a commercial product. Now if only they would make a Symbian native version, the Java version has a hard time in landscape mode on my Nokia N93.
secure...says opera? (Score:5, Insightful)
I'd like it better.... (Score:1, Insightful)
Re:Privacy concern (Score:3, Insightful)
If they did this then one of two things would happen.
1) Collisions where non-Phishing sites would be blocked as Phishing sites.
2) They would be able to figure out what the original site was anyway as they are the ones who created the hashes. Otherwise, they wouldn't be able to look for duplicate entries or not and the hashes wouldn't mean jack.
Everythings going to be in the clear. The only thing is to make sure that the feature is optional.
Re:I'm sure that... (Score:4, Insightful)
If I used a Mac, the speed of Safari is not something I would overlook though. I would find one of those mousegesture additions (cocoa gestures or some such?) though.
eh, to each his own.
Re:Someone please cry foul (Score:5, Insightful)
Re:Someone please cry foul (Score:5, Insightful)
I expect that it will depend on the terms and conditions in the end, and that they will say 'we will not log or use your data in a user-specific manner (not even AOL style 'user == number' obfuscation, hehe), however we may use it to compile statistics on accesses to phishing sites', which could prove quite useful in anti-phisher court trials.
It's no different to IE7 or the next version of Safari. The best way to check a website is authentic is to check the URL against a blacklist and then tell the user in big red text in a way they'd be retarded to ignore about the threat. I do think it would be better to download the blacklist to the client and resync it often however.
How do the Firefox add-ins, IE7 and Safari 3 handle anti-phishing?
Re:Privacy concern (Score:3, Insightful)
Re:secure...says opera? (Score:3, Insightful)
Re:I'd like it better.... (Score:5, Insightful)
Re:secure...says opera? (Score:3, Insightful)
Re:Someone please cry foul (Score:2, Insightful)
Re:I'm sure that... (Score:4, Insightful)
Yeah. I didn't start using it until:
1. It was free.
2. Firefox's developers pissed me off. This wasn't related to the memory leak bug, but that definitely contributed to me switching instead of just grinning and bearing it.
I blame #1 for me not discovering the greatness of Opera earlier.
Re:I'd like it better.... (Score:5, Insightful)
Joe Sixpack will not use Opera; he'll use IE. That's why we harp on MS for being so lax in security. They're targeting the lowest common denominator.
Re:Just matter of time (Score:5, Insightful)
Re:Hmm Suits in the waiting? (Score:5, Insightful)
Besides, I sometimes enjoy visiting phishing sites and giving them mountains of fake information.
It's fun, and something to do on weekends. It also means much more bunk data for the bad guys to sort through.
My civic duty I always say.
Don't you think a simple warning based on known patterns or wording is enough?
Re:Hmm Suits in the waiting? (Score:4, Insightful)
If this is your idea of "fun" on the weekends...you need to get out a little more
(he says as he plans to spend the weekend studying for a midterm exam)
Re:Hmm Suits in the waiting? (Score:5, Insightful)
For the record: I've used Spamhaus to help protect our network for years. I've gotten NO false positives with their listings. Ever. That's more than I can say for the SPEWS list. I can't even count how many hours they've saved me over the years.
Anyway, back on topic: The only way I can see this causing trouble for Opera is if they don't provide a way for the user to turn the feature off. With that said, I think such a feature should be OFF BY DEFAULT, and left to the user to enable if they wish. The potential for abuse of this system (someone at Opera getting a wild hare up their tail, and listing a site they don't agree with for blocking) is mind-boggling.
Keep the peace(es).
Re:secure...says opera? (Score:5, Insightful)
If the hash is simply of the path, it should be fairly trivial to create a rainbow table. Most sites that use some sort of ID like:
http://foo.com/articles.bar?id=5003242 [foo.com]
would be trivial given a pattern, which would easily give you detailed tracking for many sites. And the domain name itself can tell quite a bit...
Re:secure...says opera? (Score:2, Insightful)
Re:Hmm Suits in the waiting? (Score:3, Insightful)
(and yes, it's rather stupid of them if they don't end up making this an option)
It's NOT phoning home. (Score:4, Insightful)
Phoning home means sending personal, identifying information back to the author of a program, usually with nefarious intent. This is a feature that uses an Opera server in a non-identifying way to determine if the site you're going to is fraudulent. Huge difference.
And you can probably turn it off. Yet another thing that you cannot do with software that is "phoning home" in the traditional definition.
Come on, folks. There's privacy and there's paranoia. I know a lot of you haven't left home in a few weeks, but try to stay in touch with reality, okay? The foil hats do nothing...