Opera to Start Phoning Home?

An anonymous reader writes "Near the end of a story about Opera's determination to stay in the game: 'Earlier this week, Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said Tuesday in a blog that the next edition, Opera 9.1, will include beefed up anti-phishing and anti-fraud features. Rather than simply indicate that a site is secure with a notation in the address bar, Opera 9.1 will also query Opera-owned servers for information on any site visited. Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"

Re:Privacy concern

[Anonymous Coward]

Tell me what they send to their server is actually a hash of the URL with a huge salt.

From the linked blog [opera.com]:

When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.

Presumably, it's because of the following:

The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine. We prefer to send information between the browser and ourselves in plain text, so our users can inspect the data we send "home".

dont they all do this now?

[Deathlizard]

I know IE7 phones home, and fireefox 2 does too for anti-phishing. They both can also be disabled by the user.

I don't see how this is any different than what MS or mozilla is doing. As long as it can be disabled by the user it should be ok.

Re:dont they all do this now?

[elcid73]

They use white or blacklists. Meaning it phone's home just to get a big list of all at once.

Opera checks each as you go.

Pro: it's updated as fast as GeoTrust is.. you don't have to wait for your nightly download (or whatever frequency) so you get the most reponsive phishing filter.

Con: The reason this is a headline at all. ..Still, it will be able to be turned off and it's largely not all that different from MS or FF.

Re:secure...says opera?

[Anonymous Coward]

As easy as Opera operating from Norway, which is a country with extremely strict privacy laws? Also, as easy as Opera not being known to abuse user data in the first place, and already having Opera Mini, which means that ALL sites you visit have to go through Opera's servers, and Opera Mini probably has more users than the PC browser anyway?

Re:dont they all do this now?

[AKAImBatman]

Geez, everyone is phoning home these days. Who's next, E.T.?!?

Re:dont they all do this now?

[Vexorian]

1 How does the Phishing Protection feature work in Firefox 2?
Phishing Protection is turned on by default in Firefox 2, and works by checking the sites that you browse to against a list of known phishing sites. This list is automatically downloaded and regularly updated within Firefox 2 when the Phishing Protection feature is enabled. Since phishing attacks can occur very quickly, there's also an option to check the sites you browse to against an online service such as Google for more up-to-date protection. This enhanced capability can be turned on via the Security preferences pane.

http://www.mozilla.org/projects/bonecho/anti-phish ing/ [mozilla.org]

Does anyone read anymore?

[scoobrs]

Does anyone bother reading before commenting anymore? The feature will be able to be switched off at will, even on a site-by-site basis, and they will toss out source IPs at Opera if you choose to use it. The main reason they do it this way instead of downloading lists like mozilla and IE is that lists can be obsolete and phishers can be onto promoting their next scam by the time the lists are updated on clients. Besides, Opera is in Norway and outside Department of Justice jurisdiction for spying requests. If you don't like it or are sophisticated enough that you don't need it, turn it off.

Re:secure...says opera?

[sammydee]

RTFA:

"When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless."

It only sends a hash of the web address. It would be difficult to extrapolate the whole address from a hash.

Re:Optional, please?

[elcid73]

"Why not have users download a list every so often?" ...because "every so often" is "not often enough" when it comes to phishing.

(according to Opera)

Re:Mmnn features

[hkmwbz]

Your ISP is as much of a "random company" as Opera Software is. Opera Software is located in Norway, which apparently has extremely strict privacy laws. You also need to consider a company's track record. Opera Software also has the mobile browser Opera Mini which always goes through Opera's servers which do the rendering for the Mini client, and no one has cried foul so far.

Indeed I do.

[Poromenos1]

The request Opera sends is a hash of the URL instead of the URL itself.

Would the second Opera user like to comment?

Re:dont they all do this now?

[Kelson]

Actually, IE7 can check each site as you go [microsoft.com], and Firefox 2 has two modes: one that checks against the blacklist, and one that checks each site as you go (look in Tools/Preferences/Security).

So yes, each browser will have a mode which will send nearly every URL you visit to a third party for checking against phishing sites.