Opera to Start Phoning Home?

An anonymous reader writes "Near the end of a story about Opera's determination to stay in the game: 'Earlier this week, Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said Tuesday in a blog that the next edition, Opera 9.1, will include beefed up anti-phishing and anti-fraud features. Rather than simply indicate that a site is secure with a notation in the address bar, Opera 9.1 will also query Opera-owned servers for information on any site visited. Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"

That's fine if it's configurable and secure?

[djh101010]

As long as I can turn it off, or turn it off for certain types of sites, that's fine. I'm not sure what this does for me that, say, Netcraft Toolbar doesn't. Is the data stream encrypted back to Opera? Can others intercept that and use it as a spam-target tool somehow? All questions I'd want answered before I'd use it.

Re:I'm sure that...

[elcid73]

I've found that since Opera went free, and people keep talking about this "Firefox memory leak" thing, the voices in support of Opera on Slashdot have grown considerably.

Re:secure...says opera?

[otacon]

Well, anyone could easily say the traffic isn't being logged and the server is just processing requests, which could easily be true. But how easy would it be to log that data and no one be the wiser?

Re:secure...says opera?

[techno-vampire]

It shouldn't be hard to find out the server's IP address and the format of the request. Once you have that, DDOS and every single person using Opera is hosed. Not exactly a smooth move, Mr. Exlax!

This forces a huge amount of trust in them...

[Pvt_Waldo]

First, we must trust they will not leak the data of "who surfs what".

Second, we must trust they will not get hacked and this information stolen.

Third, we must trust them to be the judge of "good and bad".

Fourth, we must trust they won't get hacked and their list either modified by adding or removing site.

Don't fall into the trap of "Oh it's Opera, of course we trust them". Let me put it this way. If Microsoft announced this, what would your reaction be?

Re:Great feature realy.

[Ksevio]

Another thing mentioned in the blog posting is this: --- The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine. We prefer to send information between the browser and ourselves in plain text, so our users can inspect the data we send "home". --- So it's not like they're sending everything back to opera without telling you what it is.

Re:secure...says opera?

[CastrTroy]

Also, unless the requests are sent encrypted I imagine that somebody sitting outside opera's server, could intercept the requests and use them for whatever they wanted.

Re:secure...says opera?

[timeOday]

It might be better if Opera simply maintained an client-side blacklist of fradulent sites/domains, which was updated in the background while the browser is running. That way they wouldn't have to track your browsing at all. If these fraudlent sites are verified by hand by people at Opera, there could only number in the tens of thousands.

Re:secure...says opera?

[elcid73]

They are verified by GeoTrust.

I agree with your statement though. It would be nice to just update the list concurrently on the client.

Re:secure...says opera?

[nine-times]

That's why I think it should be optional as well.

Re:dont they all do this now?

[elcid73]

Yeah. I made note of that in one of the other responses I had in here. I don't really see why this is a headline at all.

If you have a slider with Safety/security on one side, and Privacy on the other, all three browsers let you adjust where that slider falls.

Browsers have to balance timeliness of updates against the fast moving phishing schemes with letting the users feel maintain a sense of security. It's strange though, like others have mentioned, Opera Mini seems to get away with this just fine as well as your local ISP.

I wish we could just say "nothing to see here, move along..." for this article. Or at least properly word the headline to something like:

"Opera to default to real-time phishing filter" or something along those lines.

I'm using it now

[elcid73]

I'm using the weekly build. So far, nobody has knocked on my door.

Works great- slashdot is trusted by geotrust evidently.

There's a checkbox to "enable fraud protection." When this button is disabled you can still manually check the site via the same interface, but the check isn't automatic.