Opera to Start Phoning Home?

An anonymous reader writes "Near the end of a story about Opera's determination to stay in the game: 'Earlier this week, Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said Tuesday in a blog that the next edition, Opera 9.1, will include beefed up anti-phishing and anti-fraud features. Rather than simply indicate that a site is secure with a notation in the address bar, Opera 9.1 will also query Opera-owned servers for information on any site visited. Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"

Hmm Suits in the waiting?

[ackthpt]

Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"

Seems to recall this can lead Opera to trouble, like what happened with Spamhaus.

Great feature realy.

[Kenja]

I relay like this idea, so long as it can be turned off. Based on my experiance with Opera so far I'd say that not only will it be able to be turned off, but that you can disable it on a server by server baises.

There's a reason I was willing to pay for Opera when it was still a commercial product. Now if only they would make a Symbian native version, the Java version has a hard time in landscape mode on my Nokia N93.

secure...says opera?

[otacon]

Well the fact that opera will check EVERY site someone goes to against their own server might work in theory...but does anyone really want all their web use data to be tracked by a server?

I'd like it better....

[krell]

I'd like it even better if they shipped with it turned off, and you could turn it on if you wanted it.

Re:Privacy concern

[Ironsides]

Tell me what they send to their server is actually a hash of the URL with a huge salt.

If they did this then one of two things would happen.
1) Collisions where non-Phishing sites would be blocked as Phishing sites.
2) They would be able to figure out what the original site was anyway as they are the ones who created the hashes. Otherwise, they wouldn't be able to look for duplicate entries or not and the hashes wouldn't mean jack.

Everythings going to be in the clear. The only thing is to make sure that the feature is optional.

Re:I'm sure that...

[elcid73]

It's the native mouse gestures,MDI tabs (I can tile them with a mouse gesture!) and excellent caching of history (I'll tell you when to reload the page dammit.. I *want* the old data) that got me.

If I used a Mac, the speed of Safari is not something I would overlook though. I would find one of those mousegesture additions (cocoa gestures or some such?) though.

eh, to each his own.

Re:Someone please cry foul

[hkmwbz]

Your ISP can track everything you do. That must mean that they are abusing their position. Why get Opera to track your surfing when your ISP could do so much more efficiently?

Re:Someone please cry foul

[bestinshow]

That's if they log the requests - given that they're a Norwegian company, they have some pretty tough privacy laws to content with.

I expect that it will depend on the terms and conditions in the end, and that they will say 'we will not log or use your data in a user-specific manner (not even AOL style 'user == number' obfuscation, hehe), however we may use it to compile statistics on accesses to phishing sites', which could prove quite useful in anti-phisher court trials.

It's no different to IE7 or the next version of Safari. The best way to check a website is authentic is to check the URL against a blacklist and then tell the user in big red text in a way they'd be retarded to ignore about the threat. I do think it would be better to download the blacklist to the client and resync it often however.

How do the Firefox add-ins, IE7 and Safari 3 handle anti-phishing?

Re:Privacy concern

[Arthur B.]

1) very unlikely with a good hash or combined hashes 2) no they wouldn't, they'd try to hash every phishing site with every salt to see if it matches your hash... sure they could see if you watch specific sites, but it certainly mitigates the amount of information they can get about you, they can't know exactly all the sites you look at. If their entry are user submitted, the user submission can be done in clear text, no problem.

Re:secure...says opera?

[bubkus_jones]

Even if Opera was automatically logging every site you go to, you still have a say in the matter. You can either choose to use Opera, and put up with their possibly knowing every website you visit, and potentially locking you out of a site that someone may find questionable, OR you can choose not to use Opera, and use something that respects your privacy.

Re:I'd like it better....

[Shemmie]

Isn't this against everything we say when it comes to Microsoft? We're meant to be protecting Joe Six-Pack. Various features should ship with the default to 'on', so that those in the know are free to turn it off, but it still protects those who it would most likely benefit?

Re:secure...says opera?

[hkmwbz]

Or you can disable the feature. Or you can choose to not trust anyone, and simply disconnect your PC completely because you can't trust anyone (which includes your ISP).

Re:Someone please cry foul

[The Masked Marauder]

Why the hell would a Norwegian company hand anything over to the US DOJ? America can't really tell the rest of the world what to do you know, Bush just wants you to think that!

Re:I'm sure that...

[VGPowerlord]

I've found that since Opera went free, and people keep talking about this "Firefox memory leak" thing, the voices in support of Opera on Slashdot have grown considerably.

Yeah. I didn't start using it until:
1. It was free.
2. Firefox's developers pissed me off. This wasn't related to the memory leak bug, but that definitely contributed to me switching instead of just grinning and bearing it.

I blame #1 for me not discovering the greatness of Opera earlier.

Re:I'd like it better....

[foamrotreturns]

One problem with your argument:
Joe Sixpack will not use Opera; he'll use IE. That's why we harp on MS for being so lax in security. They're targeting the lowest common denominator.

Re:Just matter of time

[animaal]

Which government? Norway isn't (yet) subject to the U.S. government.

Re:Hmm Suits in the waiting?

[cshark]

I hate to ask an obvious question, but what if I didn't want this feature? I mean, aside from telling Opera everything I decide to do online, which gives me the heebeejeebees, I don't see the value that comes from giving up my browsing privacy entirely like this. Opera has been benign until now, however who is to say that the list of sites you visited wouldn't end up in the hands of certain entities whom you would rather not have them. Department of Homeland Security comes to mind. Blah bla Military Commissions act s950v, blah bla conspiracy, blah bla, etc.

Besides, I sometimes enjoy visiting phishing sites and giving them mountains of fake information.
It's fun, and something to do on weekends. It also means much more bunk data for the bad guys to sort through.
My civic duty I always say.

Don't you think a simple warning based on known patterns or wording is enough?

Re:Hmm Suits in the waiting?

[frdmfghtr]

It's fun, and something to do on weekends.

If this is your idea of "fun" on the weekends...you need to get out a little more :)

(he says as he plans to spend the weekend studying for a midterm exam)

Re:Hmm Suits in the waiting?

[KC7GR]

Not necessarily. The Spamhaus suit was utterly without merit, as no one is forced to use the Spamhaus database. Mail blocking occurs ONLY if (a), the SysAdmin(s) at the ISP or host in question choose to check incoming mail connections against the Spamhaus database; And (b), if Spamhaus has listed the IP address(es) being checked in said database.

For the record: I've used Spamhaus to help protect our network for years. I've gotten NO false positives with their listings. Ever. That's more than I can say for the SPEWS list. I can't even count how many hours they've saved me over the years.

Anyway, back on topic: The only way I can see this causing trouble for Opera is if they don't provide a way for the user to turn the feature off. With that said, I think such a feature should be OFF BY DEFAULT, and left to the user to enable if they wish. The potential for abuse of this system (someone at Opera getting a wild hare up their tail, and listing a site they don't agree with for blocking) is mind-boggling.

Keep the peace(es).

Re:secure...says opera?

[Kjella]

It only sends a hash of the web address. It would be difficult to extrapolate the whole address from a hash.

If the hash is simply of the path, it should be fairly trivial to create a rainbow table. Most sites that use some sort of ID like:
http://foo.com/articles.bar?id=5003242 [foo.com]
would be trivial given a pattern, which would easily give you detailed tracking for many sites. And the domain name itself can tell quite a bit...

Re:secure...says opera?

[risk one]

Hosed? Surely the service would fail gracefully, inform the user of the problem and Opera users would simply have to browse as they do now, without having their traffic checked. Doesn't really qualify as 'hosed' to me, or any decent reason to go through all the trouble of ddossing a service that is used to serving data every time an Opera user loads a page. It would take more than a simple bot net to get that down.

Re:Hmm Suits in the waiting?

[Psykosys]

You could disable the feature.

(and yes, it's rather stupid of them if they don't end up making this an option)

It's NOT phoning home.

[ahknight]

It's not phoning home. There's been a lot of idiocy about that statement lately and the phrase is starting to suffer the fate of the apostrophe: people are just using it whenever they think it might apply.

Phoning home means sending personal, identifying information back to the author of a program, usually with nefarious intent. This is a feature that uses an Opera server in a non-identifying way to determine if the site you're going to is fraudulent. Huge difference.

And you can probably turn it off. Yet another thing that you cannot do with software that is "phoning home" in the traditional definition.

Come on, folks. There's privacy and there's paranoia. I know a lot of you haven't left home in a few weeks, but try to stay in touch with reality, okay? The foil hats do nothing...