Slashdot Mirror

← Back to Stories (view on slashdot.org)

Opera to Start Phoning Home?

Posted by ryuzaki0 on from the they-know-what's-good-for-you dept.

An anonymous reader writes "Near the end of a story about Opera's determination to stay in the game: 'Earlier this week, Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said Tuesday in a blog that the next edition, Opera 9.1, will include beefed up anti-phishing and anti-fraud features. Rather than simply indicate that a site is secure with a notation in the address bar, Opera 9.1 will also query Opera-owned servers for information on any site visited. Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"

197 comments

  1. Hmm Suits in the waiting? by ackthpt · · Score: 5, Insightful

    Those that Opera has identifies as fraudulent will be automatically blocked by the browser.'"

    Seems to recall this can lead Opera to trouble, like what happened with Spamhaus.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Hmm Suits in the waiting? by Raumkraut · · Score: 3, Funny

      From the artcle:
      Our servers get the trust information from a database supplied by GeoTrust

        HTTP/1.1 303 See Other

    2. Re:Hmm Suits in the waiting? by ackthpt · · Score: 3, Funny

      From the artcle: Our servers get the trust information from a database supplied by GeoTrust

      However, to get at GeoTrust, a party would likely have to sue Opera. IANAL, but Opera would, likely be viewed as complicit.

      Can you see the up-coming /. headline?

      c4n4d14n ph4m4c13 Files Defamation Claim Against Opera and GeoTrust

      --

      A feeling of having made the same mistake before: Deja Foobar
    3. Re:Hmm Suits in the waiting? by cshark · · Score: 4, Insightful

      I hate to ask an obvious question, but what if I didn't want this feature? I mean, aside from telling Opera everything I decide to do online, which gives me the heebeejeebees, I don't see the value that comes from giving up my browsing privacy entirely like this. Opera has been benign until now, however who is to say that the list of sites you visited wouldn't end up in the hands of certain entities whom you would rather not have them. Department of Homeland Security comes to mind. Blah bla Military Commissions act s950v, blah bla conspiracy, blah bla, etc.

      Besides, I sometimes enjoy visiting phishing sites and giving them mountains of fake information.
      It's fun, and something to do on weekends. It also means much more bunk data for the bad guys to sort through.
      My civic duty I always say.

      Don't you think a simple warning based on known patterns or wording is enough?

      --

      This signature has Super Cow Powers

    4. Re:Hmm Suits in the waiting? by frdmfghtr · · Score: 3, Insightful
      It's fun, and something to do on weekends.


      If this is your idea of "fun" on the weekends...you need to get out a little more :)

      (he says as he plans to spend the weekend studying for a midterm exam)
      --
      Government's idea of a balanced budget: take money from the right pocket to balance...oh who am I kidding?
    5. Re:Hmm Suits in the waiting? by KC7GR · · Score: 4, Insightful

      Not necessarily. The Spamhaus suit was utterly without merit, as no one is forced to use the Spamhaus database. Mail blocking occurs ONLY if (a), the SysAdmin(s) at the ISP or host in question choose to check incoming mail connections against the Spamhaus database; And (b), if Spamhaus has listed the IP address(es) being checked in said database.

      For the record: I've used Spamhaus to help protect our network for years. I've gotten NO false positives with their listings. Ever. That's more than I can say for the SPEWS list. I can't even count how many hours they've saved me over the years.

      Anyway, back on topic: The only way I can see this causing trouble for Opera is if they don't provide a way for the user to turn the feature off. With that said, I think such a feature should be OFF BY DEFAULT, and left to the user to enable if they wish. The potential for abuse of this system (someone at Opera getting a wild hare up their tail, and listing a site they don't agree with for blocking) is mind-boggling.

      Keep the peace(es).

      --

      Bruce Lane, KC7GR,

      Blue Feather Technologies

    6. Re:Hmm Suits in the waiting? by Anonymous Coward · · Score: 0

      I guess that depends. Does Opera have US presence? If no, tell the spammer and the court to go to hell.. Just like you'd do if you got sued in Armenia or something. This is what Spamhouse should have done from the beginning, and why you can't take the current mess in that case as some kind of evidence of the global reach of the american pervertedness.

    7. Re:Hmm Suits in the waiting? by Psykosys · · Score: 3, Insightful
      You could disable the feature.

      (and yes, it's rather stupid of them if they don't end up making this an option)

    8. Re:Hmm Suits in the waiting? by Forge · · Score: 1

      I disagree strongly with that idea.

      The users most in need of a feature like this are the ones who mare least tech savvy and also those new to the Internet. They will not know how or why to turn this feature on. (Think 12:00 flashing). Meanwhile those among us, who know our way around the net and can spot even the most subtle fraud can and will turn off this protection.

      --
      --= Isn't it surprising how badly I spell ?
    9. Re:Hmm Suits in the waiting? by bhtooefr · · Score: 1

      The people that need this feature are the ones that will be calling us to delete their OMGZSPYWAREZOHNOES!!111oneone1eleven! off of their PC, and then we install Opera and turn this on.

      Oh, and this is nothing new. They used to send every URL (except local URLs, intranet URLs, and https URLs) to Google...

    10. Re:Hmm Suits in the waiting? by Allador · · Score: 1

      "I hate to ask an obvious question, but what if I didn't want this feature?"

      Turn it off?

      If you RTFA, you'll see:

      "We've made it easy to turn on and off the fraud protection from the information dialog you get when clicking the icon."

    11. Re:Hmm Suits in the waiting? by Afty0r · · Score: 1
      I hate to ask an obvious question, but what if I didn't want this feature?
      Then you turn it off in preferences?
    12. Re:Hmm Suits in the waiting? by EMR · · Score: 1

      Depends..

      If they implemented it similar to the way IE7 has implemented the Phishing option which is it asks you the FIRST time you run the browser (and everytime you upgrade to the lastest beta/rc/seemingly official release). And IE7 also does a *phone home* scenario to log and monitor the phishing sites just as opera will be doing, and the netcraft toolbar, etc.. This is nothing *new* or different. Heck this same concept and idea will be integrated into firefox 2.0 with the option to *phone home* to google for phishing detection. And it's provided as an option when you first start the browser it'll ask "do you wish to do this, yes or no" and lists the pros and cons of each option.

    13. Re:Hmm Suits in the waiting? by cshark · · Score: 1

      I do. I have absolutely no life.

      --

      This signature has Super Cow Powers

    14. Re:Hmm Suits in the waiting? by cshark · · Score: 1

      Why yes! But short of an application level firewall, how do you know that it's working?

      --

      This signature has Super Cow Powers

  2. Great feature realy. by Kenja · · Score: 5, Insightful

    I relay like this idea, so long as it can be turned off. Based on my experiance with Opera so far I'd say that not only will it be able to be turned off, but that you can disable it on a server by server baises.

    There's a reason I was willing to pay for Opera when it was still a commercial product. Now if only they would make a Symbian native version, the Java version has a hard time in landscape mode on my Nokia N93.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    1. Re:Great feature realy. by mallardtheduck · · Score: 1

      Im pretty sure the version on my N70 is native, could be wrong though...
      Version 8.60
      Build: 1657
      Platform Symbian/S60

    2. Re:Great feature realy. by Kenja · · Score: 1

      The dont have a native version yet for Sumbian series 60 v3 yet, just s60 v2. There's some major changes in that minor revision number.

      --

      "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
    3. Re:Great feature realy. by Ksevio · · Score: 5, Interesting

      Another thing mentioned in the blog posting is this: --- The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine. We prefer to send information between the browser and ourselves in plain text, so our users can inspect the data we send "home". --- So it's not like they're sending everything back to opera without telling you what it is.

    4. Re:Great feature realy. by Anonymous Coward · · Score: 0

      According to Opera's mobile product page there is a 30-day trial version available for download.

    5. Re:Great feature realy. by Anonymous Coward · · Score: 1, Funny

      "Now if only they would make a Symbian native version..."

      Why does a sex toy need a web browser? It doesnt even have a screen.

    6. Re:Great feature realy. by nissu · · Score: 1
      The dont have a native version yet for Sumbian series 60 v3 yet, just s60 v2.

      Yes they do, most if not all Nokia's Symbian S60 3rd edition devices are supported: Opera Mobile download page

    7. Re:Great feature realy. by Anonymous Coward · · Score: 0

      No, but it has a scream.

  3. Big brother much? by Anonymous Coward · · Score: 0

    Doesn't this mean that Opera.com will have a log of everywebsite visited by every Opera browser?

    Presumably, one subpeonable, or whatever that word is.

    1. Re:Big brother much? by Zunni · · Score: 1

      Uhhh.. no, it would check where you are clicking against a known list of bad sites. It doesn't state or imply that Opera would record anything in logging. It's a simple real-time check...

    2. Re:Big brother much? by Anonymous Coward · · Score: 0

      Disclaimer: I hold no party affiliation. I do not desire one party over another. I am an admirer only of the ideals this country was founded on. Many people ..close to me ...as well as in my family have served and/or are currently serving this country.

      Everything you do on the web is already monitored and recorded by your ISP. The calls you make and browsing you do via mobile phone, tracked. The GPS system in your car, the ATM, E-ZPass, credit card purchases, financial transactions, TiVO, grocery store discount cards, metro-cards, etc..

      You are being tracked. The things you do are monitored. Your relationships explored. There is a behavioral and psychological profile of you, who you know, the connections between you and others.

      The data that private companies and the government has collected about you will not be made available to you upon request for your review and/or correction.

      "Big Brother" is not some far-off possibility. It is HERE NOW.

      This is not just me wearing my "tin-foil hat", it is simply the truth. I suggest you read the book "No Place to Hide" by Robert O'Harrow.

      To those who say "You have nothing to worry about if you have nothing to hide", I say this: I have nothing to worry about, as long as the entities with that data don't make a mistake. And we all know that the government makes mistakes early and often, as do private companies (especially when it is only financial return is the goal).

      These are scary times. With all of the data about individuals available through both public and private entities, with the legislation that has run its way through Congress "post 9/11", with torture legislation, military tribunals, suspension of Habeas Corpus (the wellspring from which all other rights arise) and a President who can declare anyone he wants to (citizen or non-citizen) an "unlawful enemy combatant", have them confined without charges, "tried" by a tribunal he sets up, which may or may not allow the defendant to view evidence against them; the ideals, the very foundation of this country - have been erased.

      WAKE UP AMERICA! WAKE UP!

    3. Re:Big brother much? by Anonymous Coward · · Score: 0

      dick cheney? is that you?

  4. secure...says opera? by otacon · · Score: 5, Insightful

    Well the fact that opera will check EVERY site someone goes to against their own server might work in theory...but does anyone really want all their web use data to be tracked by a server?

    --
    In a world of acronyms, the words are the real victims.
    1. Re:secure...says opera? by Anonymous Coward · · Score: 0

      So it couldn't be a local definitions list? Oh, ok.

    2. Re:secure...says opera? by nine-times · · Score: 1

      I guess it makes some difference whether they are, in fact, tracking web-use data. If Opera chooses, they could respond to requests without logging user information or IP addresses.

    3. Re:secure...says opera? by otacon · · Score: 3, Interesting

      Well, anyone could easily say the traffic isn't being logged and the server is just processing requests, which could easily be true. But how easy would it be to log that data and no one be the wiser?

      --
      In a world of acronyms, the words are the real victims.
    4. Re:secure...says opera? by Anonymous Coward · · Score: 2, Informative

      As easy as Opera operating from Norway, which is a country with extremely strict privacy laws? Also, as easy as Opera not being known to abuse user data in the first place, and already having Opera Mini, which means that ALL sites you visit have to go through Opera's servers, and Opera Mini probably has more users than the PC browser anyway?

    5. Re:secure...says opera? by techno-vampire · · Score: 2, Interesting

      It shouldn't be hard to find out the server's IP address and the format of the request. Once you have that, DDOS and every single person using Opera is hosed. Not exactly a smooth move, Mr. Exlax!

      --
      Good, inexpensive web hosting
    6. Re:secure...says opera? by otacon · · Score: 1

      I'm not claiming that Opera would abuse user data, I'm only stating that it shouldn't be for them to decide, it should be left up to the user, not the company. the user shoudln't have wonder if some company is logging or selling their traffic stats.

      --
      In a world of acronyms, the words are the real victims.
    7. Re:secure...says opera? by CastrTroy · · Score: 2, Interesting

      Also, unless the requests are sent encrypted I imagine that somebody sitting outside opera's server, could intercept the requests and use them for whatever they wanted.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    8. Re:secure...says opera? by bubkus_jones · · Score: 3, Insightful

      Even if Opera was automatically logging every site you go to, you still have a say in the matter. You can either choose to use Opera, and put up with their possibly knowing every website you visit, and potentially locking you out of a site that someone may find questionable, OR you can choose not to use Opera, and use something that respects your privacy.

    9. Re:secure...says opera? by sammydee · · Score: 5, Informative
      RTFA:

      "When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless."

      It only sends a hash of the web address. It would be difficult to extrapolate the whole address from a hash.

      --
      This is how the loudness war is killing music.
    10. Re:secure...says opera? by Anonymous Coward · · Score: 0

      Which is why you can either choose to trust Opera and Norway's strict privacy laws, or you can easily disable the feature. Opera has Opera Mini anyway, which actually DOES get every single URL reported, since it has to go through their servers to do anything in the first place, so it's not like Opera doesn't have enough stuff to abuse already, if they were so inclined.

    11. Re:secure...says opera? by Espinas217 · · Score: 0, Redundant
      From the blog
      When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.
      See, their not tracking every page, just a domain and a hash. Besides you can turn it off whenever you want.
      --
      La vida no es una pastafrola. :wq
    12. Re:secure...says opera? by hkmwbz · · Score: 3, Insightful

      Or you can disable the feature. Or you can choose to not trust anyone, and simply disconnect your PC completely because you can't trust anyone (which includes your ISP).

      --
      Clever signature text goes here.
    13. Re:secure...says opera? by timeOday · · Score: 4, Interesting

      It might be better if Opera simply maintained an client-side blacklist of fradulent sites/domains, which was updated in the background while the browser is running. That way they wouldn't have to track your browsing at all. If these fraudlent sites are verified by hand by people at Opera, there could only number in the tens of thousands.

    14. Re:secure...says opera? by elcid73 · · Score: 2, Interesting

      They are verified by GeoTrust.

      I agree with your statement though. It would be nice to just update the list concurrently on the client.

    15. Re:secure...says opera? by nine-times · · Score: 2, Interesting

      That's why I think it should be optional as well.

    16. Re:secure...says opera? by Anonymous Coward · · Score: 1, Funny

      > Well the fact that opera will check EVERY site someone goes to against their own server might work in theory...but does anyone really want all their web use data to be tracked by a server?

      When I go to DogOnMidgetAction.com or PapaSmurfSnuff.com, I want to be sure I'm getting the real site and not some phish.

    17. Re:secure...says opera? by perler · · Score: 1

      problem is, that this would be the first file a spyware would alter/delete. see %sysvol%\%system32%\drivers\etc\hosts PAT

      --
      SEO Test: TIGI und SEBASTIAN - Online Shop - V
    18. Re:secure...says opera? by Kjella · · Score: 4, Insightful

      It only sends a hash of the web address. It would be difficult to extrapolate the whole address from a hash.

      If the hash is simply of the path, it should be fairly trivial to create a rainbow table. Most sites that use some sort of ID like:
      http://foo.com/articles.bar?id=5003242
      would be trivial given a pattern, which would easily give you detailed tracking for many sites. And the domain name itself can tell quite a bit...

      --
      Live today, because you never know what tomorrow brings
    19. Re:secure...says opera? by risk+one · · Score: 2, Insightful

      Hosed? Surely the service would fail gracefully, inform the user of the problem and Opera users would simply have to browse as they do now, without having their traffic checked. Doesn't really qualify as 'hosed' to me, or any decent reason to go through all the trouble of ddossing a service that is used to serving data every time an Opera user loads a page. It would take more than a simple bot net to get that down.

    20. Re:secure...says opera? by Anonymous Coward · · Score: 0

      No actually it would be the best way IMO, all opera would have to so is sign the list with pgp or something similar and another app couldn't alter it without it being noticed by the browser. If the file didn't exist or got deleted then it could just d/l the signed file from an opera server.

    21. Re:secure...says opera? by Alchemar · · Score: 1

      They have to extrapolate it. How else do they know it is valid. The only way for this to work is to have table of hash values for know phishing sites. It is nothing to include a second table for all the sites you want tracked.

    22. Re:secure...says opera? by Schraegstrichpunkt · · Score: 1

      On the other hand, it's trivial to search for particular URLs. Getting a list of users who have visited a specific site in the last 30 days wouldn't exactly be hard.

      --
      http://outcampaign.org/
    23. Re:secure...says opera? by flyingfsck · · Score: 0, Redundant

      Well, obviously THEY know what the hash mean.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    24. Re:secure...says opera? by flyingfsck · · Score: 1

      Well, there are only about ten people who use Opera, so their servers won't get overloaded... ;)

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    25. Re:secure...says opera? by Anonymous Coward · · Score: 0

      That's why the phishing sites database needs to be an automatically updated local database. That's what Firefox 2 does. Anything else is a spyware, period.

    26. Re:secure...says opera? by Rudolf · · Score: 1

      It only sends a hash of the web address. It would be difficult to extrapolate the whole address from a hash.

      If it's only a hash, and not the full address, then won't there be collisions? Could this lead to falsely blocking harmless sites?

      For example, what if the hash for yro.slashdot.com collides with www.pay_pal_lookalike.com?

    27. Re:secure...says opera? by Allador · · Score: 1

      From TFA:

      "Speed will not be affected, everything is done asynchronously and the content load is really minimal."

      If you read on through the comments, you'll see that the anti-phishing stuff is done asynchronously. So if the Opera servers dont respond, then the page just loads normally. It's asynchronous and non-blocking to loading the main page.

    28. Re:secure...says opera? by Phroggy · · Score: 1

      So all the spammer has to do is set up wildcard DNS so *.phishing.example.com all points to the same place, then send e-mails with unique URLs:

      http://001.phishing.example.com/clickme.php
      http://002.phishing.example.com/clickme.php
      http://003.phishing.example.com/clickme.php

      Or, without using DNS at all, just use unique paths:

      http://172.16.255.42/001/clickme.php
      http://172.16.255.42/002/clickme.php
      http://172.16.255.42/003/clickme.php

      As an added bonus, if the spammer keeps a database of which unique URLs were sent to which e-mail addresses, then if they receive a hit at a particular URL (even if you submit bogus information, or don't submit anything at all), they can check off the corresponding e-mail address as "verified".

      I really can't see URL hashes working out too well, once everyone starts using them (all four major browsers will soon support anti-phishing, as do a plethora of toolbars for IE6; I'll assume they all work the same way until I hear otherwise). Spammers will adapt - some of them probably already have. If you send the full URL, then you've got a chance, because the server can do pattern matching on it, but of course then you've got (even worse) privacy issues.

      Downloading a list (which may include wildcards) instead of sending URLs sounds like a good idea, especially if you can use something like rsync to only download the modifications instead of re-downloading the list all the time. The problem here is speed: if you only update your list once every 24 hours, then if a new round of spam is sent out at 9am and gets caught by the anti-phishing team at noon, even if you don't check your mail until 5pm you still won't get any warning if your definitions don't update until midnight. Of course, there's still that 9am to noon window either way...

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    29. Re:secure...says opera? by hkmwbz · · Score: 1

      As they can with ANY connection which is not secure. What is your point?

      --
      Clever signature text goes here.
  5. I'm sure that... by justinbach · · Score: 5, Funny

    the Opera users among us will have some interesting things to say about this. Both of them!

    --
    I left my wallet in El Sigundo!
    1. Re:I'm sure that... by Anonymous Coward · · Score: 0

      Kenja likes it. So do I. Guess it's a good thing then.

    2. Re:I'm sure that... by elcid73 · · Score: 1, Interesting

      I've found that since Opera went free, and people keep talking about this "Firefox memory leak" thing, the voices in support of Opera on Slashdot have grown considerably.

    3. Re:I'm sure that... by justinbach · · Score: 2, Funny

      Yeah, I know. I actually use Opera too, and I didn't mean any harm by...wait a minute. I DON'T use Opera. I've had it installed for quite a while, but I'd only use it if Safari, Firefox, and Camino all bit the bullet.
      I'd definitely hit it up before IE, though!

      --
      I left my wallet in El Sigundo!
    4. Re:I'm sure that... by elcid73 · · Score: 4, Insightful

      It's the native mouse gestures,MDI tabs (I can tile them with a mouse gesture!) and excellent caching of history (I'll tell you when to reload the page dammit.. I *want* the old data) that got me.

      If I used a Mac, the speed of Safari is not something I would overlook though. I would find one of those mousegesture additions (cocoa gestures or some such?) though.

      eh, to each his own.

    5. Re:I'm sure that... by VGPowerlord · · Score: 3, Insightful
      I've found that since Opera went free, and people keep talking about this "Firefox memory leak" thing, the voices in support of Opera on Slashdot have grown considerably.

      Yeah. I didn't start using it until:
      1. It was free.
      2. Firefox's developers pissed me off. This wasn't related to the memory leak bug, but that definitely contributed to me switching instead of just grinning and bearing it.

      I blame #1 for me not discovering the greatness of Opera earlier.
      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
    6. Re:I'm sure that... by Anonymous Coward · · Score: 0

      Opera is far faster than Safari, at least on my Mac (which is admittedly quite old - I'm still using a G3).

    7. Re:I'm sure that... by 8472 · · Score: 1

      As (the second) Opera user, I agree. How many times have you submitted a form with one of the other browsers on the market (*cough* IE) and the submission failed, only to be told upon hitting the back button that the page has timed out?

      As long as Opera provides a facility for disabling this new feature (although it does sound quite handy) then i can't see why anyone would have reason to complain. I find it hard to believe that they have implemented this feature to be "evil" and track your every move. I think it's more likely that they are responding to the competition. At the end of the day they're trying to do us all a favour.... oh yeah and make some money :-)

  6. That's fine if it's configurable and secure? by djh101010 · · Score: 3, Interesting

    As long as I can turn it off, or turn it off for certain types of sites, that's fine. I'm not sure what this does for me that, say, Netcraft Toolbar doesn't. Is the data stream encrypted back to Opera? Can others intercept that and use it as a spam-target tool somehow? All questions I'd want answered before I'd use it.

    1. Re:That's fine if it's configurable and secure? by TheoMurpse · · Score: 4, Funny
      I'm not sure what this does for me that, say, Netcraft Toolbar doesn't.
      Opera confirms: Netcraft is dead.
  7. Unnecessary Spin by Anonymous Coward · · Score: 0, Troll

    Wow, talk about a difference in spin between the headline and the description.

  8. I'd like it better.... by krell · · Score: 1, Insightful

    I'd like it even better if they shipped with it turned off, and you could turn it on if you wanted it.

    --
    Where were you when the voynix came?
    1. Re:I'd like it better.... by Shemmie · · Score: 5, Insightful

      Isn't this against everything we say when it comes to Microsoft? We're meant to be protecting Joe Six-Pack. Various features should ship with the default to 'on', so that those in the know are free to turn it off, but it still protects those who it would most likely benefit?

    2. Re:I'd like it better.... by foamrotreturns · · Score: 5, Insightful

      One problem with your argument:
      Joe Sixpack will not use Opera; he'll use IE. That's why we harp on MS for being so lax in security. They're targeting the lowest common denominator.

    3. Re:I'd like it better.... by krell · · Score: 1

      "Isn't this against everything we say when it comes to Microsoft?"

      I recall "us" bashing Microsoft for having spyware enabled. This "phoning home" is a form of spyware.

      --
      Where were you when the voynix came?
    4. Re:I'd like it better.... by krell · · Score: 1

      Shemmie was equating "having spyware feature in browser turned on" with "increased security".

      --
      Where were you when the voynix came?
    5. Re:I'd like it better.... by Jamil+Karim · · Score: 1

      I don't get it. Why does Joe Sixpack need protection?

    6. Re:I'd like it better.... by Shemmie · · Score: 1

      I was equating having an anti-phishing filter that checks against an up-to-date phishing database turned on as default == more secure Joe SixPack. If you feel your privacy is being invaded - turn it off. But if it prevents one Joe Sixpack from typing his credit card number into a phishing site, it's surely proven its worth?

    7. Re:I'd like it better.... by krell · · Score: 1

      Such spyware should not be turned on in the first place unless it asks. Browsers have no business connecting to anything other than material you directly link to, material that is linked to specifically in the pages you go to, and the DNS itself....unless you choose to make special exceptions.

      The problem is easily solved with Opera asking (during the installation) if you want this feature turned on. The default choice would be "no."

      --
      Where were you when the voynix came?
  9. Optional, please? by sumday · · Score: 1

    As a devout Opera user, I'm fine with this as long as it's possible to turn the feature off.

    --
    sudo killall humans
    1. Re:Optional, please? by CastrTroy · · Score: 1

      Would you be fine with it if MS had the same feature in IE, had it enabled by default, but allowed it to be turned off? Never mind most users wouldn't know about it, but they could turn it off. It's not like MS would ever use this kind of data for Evil purposes, or surrender the data to the DOJ on request. Shouldn't something like this only be explicitly opt-in, and only if the user goes searching for it? I wouldn't even bother building a system like this. Too many problems that can happen with it. Why not have users download a list every so often? They wouldn't have to send out every request to some third party, and they could still ensure that they are being safe. Would be a lot easier on the server too if every url visited from every user didn't have to get checked.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    2. Re:Optional, please? by elcid73 · · Score: 2, Informative

      "Why not have users download a list every so often?" ...because "every so often" is "not often enough" when it comes to phishing.

      (according to Opera)

    3. Re:Optional, please? by sumday · · Score: 1

      For starters, yes, i would be fine with it if MS had the same feature enabled by default in IE. But it all depends on how the data is handled. I think you're assuming all the data will be logged somewhere. The URL, IP addess, time stamp etc would surely prove to be useful information for someone like the DOJ, but it wouldn't exactly be useful for preventing users from visiting black-listed sites. Having the user download their own list every so often would be fine with me too. But there's already software that can do this, such as Privoxy. At the end of the day, I think it's a bit of a pointless endavour and i'd prefer if Opera didn't have it. But i'm not going to complain if i can turn it off.

      --
      sudo killall humans
    4. Re:Optional, please? by CastrTroy · · Score: 1

      How often does opera update it's servers? Is it often enough? Is it immediately after the site is put up, even before anybody knows about it? How about every time you want to visit a URL, it gets a list of everything that's been added since you last clicked, probably a short or empty list most times, and uses that. That way, you don't have to update every so often, because it updates before you go to any site, and you don't have to worry about them finding out which sites your visiting.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    5. Re:Optional, please? by CastrTroy · · Score: 1

      The point is, is that maybe not you, but many other people would be crying foul if MS was doing this, because there's simply no way of knowing what they are doing with the data. Because it's opera, we assume that they aren'd doing anything, or we just hope they are, or we assume that their users are smarter than average and will know to turn it off if they don't want it. However, I think that if MS put in the same feature, we'd be saying that it was a breach of privacy, because most people are too uninformed to bother turning it off.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    6. Re:Optional, please? by elcid73 · · Score: 1

      Interesting points.

      To answer your first one, again, GeoTrust is source. Opera isn't directly accumulating the blacklist. Geotrust is.

  10. why wouldn't i trust him by Anonymous Coward · · Score: 5, Funny

    Well, with a name like Borg, I can't think of a reason why I wouldn't trust what he has to say...

    1. Re:why wouldn't i trust him by Anonymous Coward · · Score: 2, Funny

      Good job #1845829 - you shouldn't be thinking for yourself anyway. Now get your ass back on this goddamned flying box so we can assimilate our next target.

    2. Re:why wouldn't i trust him by gt_mattex · · Score: 1

      You mean what it has to say.

      --
      "No doubt one may quote history to support any cause, as the devil quotes scripture." - Learned Hand
  11. Privacy concern by Arthur+B. · · Score: 1

    Tell me what they send to their server is actually a hash of the URL with a huge salt.

    --
    \u262D = \u5350
    1. Re:Privacy concern by Ironsides · · Score: 2, Insightful

      Tell me what they send to their server is actually a hash of the URL with a huge salt.

      If they did this then one of two things would happen.
      1) Collisions where non-Phishing sites would be blocked as Phishing sites.
      2) They would be able to figure out what the original site was anyway as they are the ones who created the hashes. Otherwise, they wouldn't be able to look for duplicate entries or not and the hashes wouldn't mean jack.

      Everythings going to be in the clear. The only thing is to make sure that the feature is optional.

      --
      Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
    2. Re:Privacy concern by Anonymous Coward · · Score: 4, Informative
      Tell me what they send to their server is actually a hash of the URL with a huge salt.
      From the linked blog:

      When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.

      Presumably, it's because of the following:

      The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine. We prefer to send information between the browser and ourselves in plain text, so our users can inspect the data we send "home".
    3. Re:Privacy concern by Arthur+B. · · Score: 2, Insightful

      1) very unlikely with a good hash or combined hashes 2) no they wouldn't, they'd try to hash every phishing site with every salt to see if it matches your hash... sure they could see if you watch specific sites, but it certainly mitigates the amount of information they can get about you, they can't know exactly all the sites you look at. If their entry are user submitted, the user submission can be done in clear text, no problem.

      --
      \u262D = \u5350
    4. Re:Privacy concern by Anonymous Coward · · Score: 0

      it's not. they add a dash of pepper as well.

    5. Re:Privacy concern by illegalcortex · · Score: 1

      I was actually thinking along the same lines. Unfortunately, it appears they send a hash value of the URL along with a non-hashed domain name. I think I would feel a bit more comfortable if the domain name was hashed, too. It's not foolproof, as if you were fishing around and wanting to know which users visisted "www.eff.org", you just have to generate the hash and look for it in the database. But it makes it a little harder to pull all the logs, filter for an IP and just snoop around in the listings of domain names.

    6. Re:Privacy concern by Clavis_Apocalypticae · · Score: 1

      I'm not so sure sending hash over the internets is a good idea. When she was four, my daughter put a peanutbutter sandwich in the VCR and it was a friggin' nightmare trying to clean it out.

  12. Mmnn features by Trashhalo · · Score: 1

    This seems like one of those features that looked great on paper but will result in lots of bitching and moaning. I use opera but seriously if every site I visit starts getting sent to them I will have to switch back to firefox.

    --
    Dooom
    1. Re:Mmnn features by hkmwbz · · Score: 1

      Or simply disable the feature. But you may want to get off the internet completely, seeing as your ISP can get more data on you than Opera ever could.

      --
      Clever signature text goes here.
    2. Re:Mmnn features by Trashhalo · · Score: 1

      Yes because if my ISP can gather data on me then I shouldn't care if any other random company tracks my usage.

      --
      Dooom
    3. Re:Mmnn features by hkmwbz · · Score: 2, Informative

      Your ISP is as much of a "random company" as Opera Software is. Opera Software is located in Norway, which apparently has extremely strict privacy laws. You also need to consider a company's track record. Opera Software also has the mobile browser Opera Mini which always goes through Opera's servers which do the rendering for the Mini client, and no one has cried foul so far.

      --
      Clever signature text goes here.
  13. dont they all do this now? by Deathlizard · · Score: 5, Informative

    I know IE7 phones home, and fireefox 2 does too for anti-phishing. They both can also be disabled by the user.

    I don't see how this is any different than what MS or mozilla is doing. As long as it can be disabled by the user it should be ok.

    --
    In Soviet Russia, Trojan exploits YOU!
    1. Re:dont they all do this now? by elcid73 · · Score: 3, Informative

      They use white or blacklists. Meaning it phone's home just to get a big list of all at once.

      Opera checks each as you go.

      Pro: it's updated as fast as GeoTrust is.. you don't have to wait for your nightly download (or whatever frequency) so you get the most reponsive phishing filter.

      Con: The reason this is a headline at all. ..Still, it will be able to be turned off and it's largely not all that different from MS or FF.

    2. Re:dont they all do this now? by AKAImBatman · · Score: 2, Informative

      Geez, everyone is phoning home these days. Who's next, E.T.?!?

      --
      Javascript + Nintendo DSi = DSiCade
    3. Re:dont they all do this now? by Vexorian · · Score: 4, Informative
      1 How does the Phishing Protection feature work in Firefox 2?
      Phishing Protection is turned on by default in Firefox 2, and works by checking the sites that you browse to against a list of known phishing sites. This list is automatically downloaded and regularly updated within Firefox 2 when the Phishing Protection feature is enabled. Since phishing attacks can occur very quickly, there's also an option to check the sites you browse to against an online service such as Google for more up-to-date protection. This enhanced capability can be turned on via the Security preferences pane.
      http://www.mozilla.org/projects/bonecho/anti-phish ing/
      --

      Copyright infringement is "piracy" in the same way DRM is "consumer rape"
    4. Re:dont they all do this now? by elcid73 · · Score: 1

      exactly. Opera is just opting for something along the lines of what your links mentions about google trust:

      What information is sent to Mozilla when Phishing Protection is enabled?

      When using Phishing Protection in default mode, no information is sent to Mozilla or anti-phishing partners. Rather, sites are checked against a local list that is downloaded and updated on a regular basis. When sites are checked against remote services such as Google, the Web site address is sent over a secure SSL connection.

    5. Re:dont they all do this now? by Kelson · · Score: 2, Informative

      Actually, IE7 can check each site as you go, and Firefox 2 has two modes: one that checks against the blacklist, and one that checks each site as you go (look in Tools/Preferences/Security).

      So yes, each browser will have a mode which will send nearly every URL you visit to a third party for checking against phishing sites.

    6. Re:dont they all do this now? by elcid73 · · Score: 2, Interesting

      Yeah. I made note of that in one of the other responses I had in here. I don't really see why this is a headline at all.

      If you have a slider with Safety/security on one side, and Privacy on the other, all three browsers let you adjust where that slider falls.

      Browsers have to balance timeliness of updates against the fast moving phishing schemes with letting the users feel maintain a sense of security. It's strange though, like others have mentioned, Opera Mini seems to get away with this just fine as well as your local ISP.

      I wish we could just say "nothing to see here, move along..." for this article. Or at least properly word the headline to something like:

      "Opera to default to real-time phishing filter" or something along those lines.

  14. Johan Borg???? by gstoddart · · Score: 2, Funny

    Johan Borg??? Oh, the irony. The diversity of your websites will be added to our own. Resistance is futile.

    What an unfortunate surname to be working in the tech field. :-P

    --
    Lost at C:>. Found at C.
    1. Re:Johan Borg???? by Anonymous Coward · · Score: 0

      Yeah, but his seventh daughter by his ninth wife is really hot.

    2. Re:Johan Borg???? by MyNameIsEarl · · Score: 1

      Johan Borg, it's a great John Houseman name.

  15. Re:User Reviews by Anonymous Coward · · Score: 0

    Heh. Not bad.

  16. Just matter of time by Hermenegildo+Nunez · · Score: 1

    It will be just matter of time for government demanding take a look to these logs files in the name of Freedom.

    1. Re:Just matter of time by hkmwbz · · Score: 1

      Like it'll be just a matter of time before the government demands to take a look at your ISP's logs.

      --
      Clever signature text goes here.
    2. Re:Just matter of time by animaal · · Score: 4, Insightful

      Which government? Norway isn't (yet) subject to the U.S. government.

    3. Re:Just matter of time by A+Holstenson · · Score: 1

      And they are not even part of the EU.

    4. Re:Just matter of time by Anonymous Coward · · Score: 0

      But they do have oil!

    5. Re:Just matter of time by GrievousMistake · · Score: 1

      We have øil, though, sø I'm sure we will be liberated from our evil socialist prime minister any day now, especially once they find out that we harbour weapons of mass disgustion such as 'gammalost' and 'lutefisk'.

      --
      In a fair world, refrigerators would make electricity.
    6. Re:Just matter of time by hkmwbz · · Score: 1

      What logs? Who says that they are logging anything?

      --
      Clever signature text goes here.
  17. isn't it obvious? by blindd0t · · Score: 1

    I would think it would obviously benefit all authors of browser software to collaborate on a single set of servers for querying for phising sites. Of course, there's probably caveats I haven't thought of, but hey, I just figured it'd be in everybody's best interest, competitor or not.

  18. Bye bye, Opera. by Anonymous Coward · · Score: 0

    Sounds like the fat lady has sung to me.
    Why would I want to through my privacy away like that?

    1. Re:Bye bye, Opera. by Anonymous Coward · · Score: 0

      Sounds like a fat nerd who can't spell to me.
      Why would I want to learn how to spell properly anyway?

  19. This forces a huge amount of trust in them... by Pvt_Waldo · · Score: 2, Interesting

    First, we must trust they will not leak the data of "who surfs what".

    Second, we must trust they will not get hacked and this information stolen.

    Third, we must trust them to be the judge of "good and bad".

    Fourth, we must trust they won't get hacked and their list either modified by adding or removing site.

    Don't fall into the trap of "Oh it's Opera, of course we trust them". Let me put it this way. If Microsoft announced this, what would your reaction be?

    1. Re:This forces a huge amount of trust in them... by elcid73 · · Score: 1

      They use GeoTrust.... which is a third party, your points are still valid.

      But you also have to look at some of those with FF's phishing filter too right? You're getting a blacklist from (presumably) a mozilla server- so don't you have to trust their judgement of good/bad?

    2. Re:This forces a huge amount of trust in them... by hkmwbz · · Score: 1
      First, we must trust they will not leak the data of "who surfs what".
      You are assuming that Opera Software, a Norwegian company in a country with strict privacy laws, even stores any data.
      Second, we must trust they will not get hacked and this information stolen.
      See above.
      Third, we must trust them to be the judge of "good and bad".
      Good: Anything. Bad: Phishing site. I fail to see what's so difficult here.
      Fourth, we must trust they won't get hacked and their list either modified by adding or removing site.
      That goes for all these anti-phishing solutions.
      Don't fall into the trap of "Oh it's Opera, of course we trust them". Let me put it this way. If Microsoft announced this, what would your reaction be?
      So a company's track record doesn't matter? The fact that Opera already has Opera Mini, where all traffic goes through Opera's servers and everything's just fine and dandy?
      --
      Clever signature text goes here.
    3. Re:This forces a huge amount of trust in them... by Kelson · · Score: 1
      Let me put it this way. If Microsoft announced this, what would your reaction be?

      I trust you are aware that Microsoft announced similar antiphishing features over a year ago, and just released them in IE7? And that Firefox 2 will also ship with similar functionality next week?

      You don't have to imagine the reaction... just look back in the archives and read it.

    4. Re:This forces a huge amount of trust in them... by Allador · · Score: 1

      This in no way forces us to have any trust in them whatsoever.

      If you dont trust them, turn it off.

      If you do trust them, leave it on.

      If you find the balance of phishing-protection vs. information disclosure not to your liking, turn it on/off to your desire.

      Note that Firefox also offers this as a real-time feature (optional, not on by default).

      Also, if you RTFA, Borg talks very explicitly about this balance. He's very clear in that they're putting this in and turning it on by default for the non-technical users, like your mom and dad. For folks like that, who arent in the habit of surfing shemale-on-horse pr0n, this may be a good balance. For those of you who do want to keep the shemale-on-horse goodies to yourself, turn it off.

  20. Why not go the anti-phishing route of Firefox2? by Anonymous Coward · · Score: 0

    Firefox 2 currently has a similar feature but its just a list of sites.
    http://www.mozilla.org/projects/bonecho/anti-phish ing/
    Much like what spywareblaster and spybot uses to "immunize" your system.
    I can't see why Opera doesn't go that route.

    Having Opera check Opera's site for every website will kill their server, no doubt. And seeing as Opera is now free, without any banner advertising (free since version 8.5), I can't see them recouping that cost very well.

    If it does check every site I visit (without any way to turn it off), I -will- stop using Opera.

    1. Re:Why not go the anti-phishing route of Firefox2? by elcid73 · · Score: 1

      They've opted for a more "real-time" updating as phishing sites can move very quickly.

      FF2 also allows you to use google in the same way as Opera.

      That said, I think Opera should allow us to keep real-time checking turned on as they'd like, but also allow us to "downgrade" our coverage to a blacklist that we can download (just new additions!) daily.

  21. Opera experience... by Anonymous Coward · · Score: 0

    I'm not sure if this will get modded down (lord knows it won't go up), but I'd like to extend my very sincere "Thanks!!!" to all the people working for Opera.
    I've been using Opera now for a LOT of years... I'm not sure... 6? 7? 8?
    Whatever...
    Best. Browser. Ever.

    Between their support, the great piece of code they provide, the Widgets, F4 and its tools, the mouse gestures (GENIOUS!), etc... Opera is, IMHO, the best browser available.

    Yes, yes... FireFox is all the rage... Yes, yes... I know that FireFox saves people from drowning in the coasts of California and that little Fox on fire thinks about the Children... I know.

    But people... Opera. Kick-ass. :)

    Regarding the servers "phone home"... fine by me.
    Opera is a company/group-of-people that I've come to trust. Not once have they let me down.
    Thanks!!!

    Best to you,

    -Opera User

    ((Posted Anon... Although I know my name... and I ain't no coward... I don't want to Karma-whore))

  22. Re:Someone please cry foul by hkmwbz · · Score: 5, Insightful

    Your ISP can track everything you do. That must mean that they are abusing their position. Why get Opera to track your surfing when your ISP could do so much more efficiently?

    --
    Clever signature text goes here.
  23. Re:Someone please cry foul by bestinshow · · Score: 5, Insightful

    That's if they log the requests - given that they're a Norwegian company, they have some pretty tough privacy laws to content with.

    I expect that it will depend on the terms and conditions in the end, and that they will say 'we will not log or use your data in a user-specific manner (not even AOL style 'user == number' obfuscation, hehe), however we may use it to compile statistics on accesses to phishing sites', which could prove quite useful in anti-phisher court trials.

    It's no different to IE7 or the next version of Safari. The best way to check a website is authentic is to check the URL against a blacklist and then tell the user in big red text in a way they'd be retarded to ignore about the threat. I do think it would be better to download the blacklist to the client and resync it often however.

    How do the Firefox add-ins, IE7 and Safari 3 handle anti-phishing?

  24. Does anyone read anymore? by scoobrs · · Score: 5, Informative

    Does anyone bother reading before commenting anymore? The feature will be able to be switched off at will, even on a site-by-site basis, and they will toss out source IPs at Opera if you choose to use it. The main reason they do it this way instead of downloading lists like mozilla and IE is that lists can be obsolete and phishers can be onto promoting their next scam by the time the lists are updated on clients. Besides, Opera is in Norway and outside Department of Justice jurisdiction for spying requests. If you don't like it or are sophisticated enough that you don't need it, turn it off.

    --
    -Those who would give up essential liberty to purchase temporary safety deserve neither. -Ben Franklin
    1. Re:Does anyone read anymore? by Nimey · · Score: 1
      Does anyone bother reading before commenting anymore?


      You must be new here.
      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    2. Re:Does anyone read anymore? by Anonymous Coward · · Score: 0

      I didn't read TFA, nor did I read your post. Nyah! :P

      (Reading is overrated, and is not fundamental)

  25. Opera users easily phished? by RayMarron · · Score: 1

    Sounds neat, so long as it defaults to off. I doubt the Opera user demographic is particularly succeptible to phishing, though it would be useful if you're installing it for grandma.

    --
    ON DELETE CASCADE
  26. next OS X Safari looks like it will by Anonymous Coward · · Score: 0

    http://www.tuaw.com/2006/10/19/screenshots-from-th e-latest-leopard-build/

    It looks like the next release of Apple's Safari browser will "phone home" to Google for its anti-phishing measures.

  27. What a coincidence by zenithcoolest · · Score: 1

    Just at the time IE7 is out and is stil fighting with vulnerabilities, Opera is thinking of revamping itself

  28. IOW by evronm · · Score: 1
    Opera announced an addition that will keep it in step with its rivals. Johan Borg, a developer working on the browser, said
    I think he was misquoted. What he really said was "Firefox and IE are irrelevant."
    --
    Follow the adventures of the new wandering jews
  29. Re:Someone please cry foul by The+Masked+Marauder · · Score: 2, Insightful

    Why the hell would a Norwegian company hand anything over to the US DOJ? America can't really tell the rest of the world what to do you know, Bush just wants you to think that!

  30. Borg? by Akardam · · Score: 1

    Sounds Swedish...

  31. DS by joschm0 · · Score: 0

    I don't what else it does, I just want Opera for the DS. It's been out in Japan for awhile but I heard any more news about it in months.

    --
    01/20/09
  32. Phone Home? by e2ka · · Score: 1

    well I'll be damned if I use this software on a computer with a network connection then!

    1. Re:Phone Home? by Anonymous Coward · · Score: 0

      wow, nice pointless comment there. too bad you never actually read the article.

  33. Indeed I do. by Poromenos1 · · Score: 3, Informative

    The request Opera sends is a hash of the URL instead of the URL itself.

    Would the second Opera user like to comment?

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
    1. Re:Indeed I do. by AmberBlackCat · · Score: 0, Flamebait

      Yes. Since Opera's doing it, Firefox is probably going to be doing it a year or two from now and all of these same people are going to argue that it's a good thing. Then seven years from now, Internet Explorer will do it and everybody will criticize them for taking so long to do this. Also, I think it will be possible to turn this feature off too, and if it isn't then I can set the firewall to block connections to Opera's server.

    2. Re:Indeed I do. by flyingfsck · · Score: 1

      A hash, hmmm. That just means that YOU don't know what it means, but Opera still knows. They have the database that the hashes map to.

      --
      Excuse me, but please get off my Pennisetum Clandestinum, eh!
    3. Re:Indeed I do. by Poromenos1 · · Score: 1

      Well, obviously. If they didn't know, how would they check?

      --
      Send email from the afterlife! Write your e-will at Dead Man's Switch.
  34. It's not encrypted. by Poromenos1 · · Score: 1

    The data is not encrypted. They wanted you to be able to see what your PC is sending. Plus I doubt they'll be useful to anyone else.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  35. Okay... by Poromenos1 · · Score: 1

    From Opera's RSS feed:

    When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.

    So yeah.

    --
    Send email from the afterlife! Write your e-will at Dead Man's Switch.
  36. Hmmm... by corychristison · · Score: 1

    As a web developer and maintainer of a few online shops, I feel somewhat threatened by these "phishing lists" that are cropping up.

    What if, some how, my site[s] were to make it onto the a/all major phishing list[s]? I know it may be unlikely, but it could happen... do the users report these lists? If so, this will be abused a lot!

    Is there a way to opt out? If so, is it plainful or painless?

    ... No. I didn't RTFA.

  37. Blacklisting -vs- taking them down by MobyDisk · · Score: 1

    If there is a store in my neighborhood that is known to pickpocket customers, the police come and arrest the pickpocketers. They don't hand-out a blacklist of those stores.

    It is unfortunate that the same thing can't happen to the web. I would rather the sites be taken down than blacklisted. Too bad Blue Security is gone...

  38. Thats great mr Borg by BigDuke6_swe · · Score: 1

    But what about favicons then? As long as I can remember my bookmarks have picked up the wrong favicon in the repository. It's not a critical problem but really annoying and it shouldn't be too hard to correct, right?

    --
    Zere vere zwei peanuts valking down der Straße, and von vas assaulted...peanut
    1. Re:Thats great mr Borg by Nex · · Score: 0

      I second that.

      It's the most annoying thing about Opera for me. Every few weeks I kill my profile/images dir to start the favicon building anew. It's time-consuming but important, since I keep a busy personal bar up top and otheer than the dirs inhabiting that space, I keep a couple of dozen favicons there for turbo-quick navigating to my favorite sites. So I need to go to each of those sites one by one after nuking the dir to retrive their favicons.

      There's Got to be a better way, especially since it's been like this over many not just builds, but versions. Nex

      (If the worst thing I have to say about Opera is its favicon system, that's actually a pretty huge compliment)

  39. I'm using it now by elcid73 · · Score: 2, Interesting

    I'm using the weekly build. So far, nobody has knocked on my door.

    Works great- slashdot is trusted by geotrust evidently.

    There's a checkbox to "enable fraud protection." When this button is disabled you can still manually check the site via the same interface, but the check isn't automatic.

  40. Download it from by giriz · · Score: 1

    [mac] http://snapshot.opera.com/mac/o910w_3539.dmg [unix] http://snapshot.opera.com/unix/Weekly-466/ [win] http://snapshot.opera.com/windows/o910w_8629m.exe

    --
    I don't want a signature.
  41. How Much Will It Cost? by Anonymous Coward · · Score: 0

    How much will it cost Opera in terms of bandwidth? Some network equipment manufacturers offer a similar service for their firewalls but you always have to pay monthly fees once the few months of trial are over. Having users of your software constantly transferring data with you can't be cheap.

  42. Open Trust Webs by Doc+Ruby · · Score: 1

    Why does Opera have to own the servers? Why can't it include several defaults, like its own servers, for "trust ratings", factoring in webserver certificate status (exists, expired, corrupt, etc)? And let users choose which "trust servers" they want to use to validate trust. Even better would be another layer which reviews trust servers for trustworthiness, to which users can subscribe to decide how much to trust which webservers.

    If Opera also integrated structured personal info into trust levels, completing the circle for users, it would become much more popular among people who want convenient trust. We all finally need to be able to look at a page requesting personal info, and know who says which info is safe to deliver, by just agreeing to send "disposable email address", or "existing email address", or "name, email and phone#", or "postal address info", or "creditcard validation info", as requested, packaged, and vouched by trusted parties.

    If Opera owns the infrastructure, eventually conflicts of interest and scales of operation will take it down, leaving people relying on it with none. Instead, a Firefox plugin, that manages all that personal info and trust by pointing to remote servers with intelligible user interface terms, will win the day.

    --

    --
    make install -not war

  43. I smell BS by GodfatherofSoul · · Score: 1

    Why doesn't Opera just push out a current list of badly behaving links, rather than having users ping their site each time? Seems like browser-local cache is better in every regard except for the staleness problem. Unless you have ulterior motives...

    --
    I swear to God...I swear to God! That is NOT how you treat your human!
    1. Re: I smell BS by Rits · · Score: 1

      "except the staleness problem"

      Well, that's exactly the problem indeed. In Firefox, the advanced users (least likely to need the protection) will be able to find the switch to 'live' phone home checking with Google. With gives a big warning about Google storing this data... Google has proven to put up a fight before handing over such data to the US government. But still... why do they need to store such data?

      Opera will simply not keep the user data on their servers. Nothing to go for then for the autorities. So, there could only be a problem if Opera was lying. And they would be out-of-business real soon if they get caught, so that's unlikely IMHO. Maybe Opera should hire some auditors to certify their systems for this feature.

      --
      If you don't like having choices made for you, you should start making your own. - Neal Stephenson
    2. Re: I smell BS by Anonymous Coward · · Score: 0

      How big a problem is staleness? How many phishing sites could possibly pop up in a single day? It's not like it would even be that hard to download the fresh file before loading a sketchy site, since you could tell it, "Only give me the updates since last night, when I last checked." That would take not much longer than pinging Opera itself, since the amount of changes is practically guaranteed to be under 1k. This whole business just seems like a bad idea to me.

  44. OMFG by lick+mi+ballz · · Score: 0, Troll

    opera sux
    firefox rulez
    LiNuX is teh shiznit
    Micro$oft is teh evil

  45. Coule be a bad move by Anonymous Coward · · Score: 0

    Hopefully they will give users away to override blocks in the event of false positives, otherwise it could become more a means of censorship that protection, like SmartFilter, a company that has blocks sites for political reasons. The point is final say should be the user's.

    1. Re:Coule be a bad move by Anonymous Coward · · Score: 0

      RTFA. You just click "visit site anyway", and that's it.

  46. Opera already makes a call to its servers by Anonymous Coward · · Score: 0

    Opera already makes a call to its servers - to check for updated software. But this, much like almost everything else in Opera, can be disabled

  47. Borg by andersh · · Score: 1

    Borg means castle in Norwegian, so hes all about security and keeping threats outside the walls ;)

  48. Norwegian by Anonymous Coward · · Score: 0

    He is Norwegian/A.

  49. A Security Minded Person by andersh · · Score: 1

    Borg is a really good surname if you consider it means "castle" in his native Norway. He is obviously all about secure walls and keeping enemies out ;)

  50. Blacklist vs. Check-every-time by Lagged2Death · · Score: 1
    It might be better if Opera simply maintained an client-side blacklist of fradulent sites/domains, which was updated in the background while the browser is running. That way they wouldn't have to track your browsing at all.

    As several others have pointed out, Opera will be taking some pains to avoid doing anything that would even make it possible for them to track users. Not to go all Opera-fan-boy on you, but Opera has been relatively privacy-concious for longer than the other browser organizations. If you can formulate a serious privacy threat scenario, I bet they'd like to hear about it.

    Checking only visited sites does two things: it provides the opportunity, at least, to respond very quickly to new phishing schemes, and it saves bandwidth, which is pretty much always a good thing. It's easy for many of us to become complacent about having broadband, but many people still use dialup. In fact, Opera Desktop includes some features that can make it an especially attractive choice for dial-up users; I wouldn't be surprised if Opera's market share is actually higher among the dial-up crowd.

  51. Eye for an eye... by LubosD · · Score: 1
    Those that Opera has identifies as fraudulent will be automatically blocked by the browser.
    If they dare to do this, all packets directing to Opera servers will be automatically blocked by my iptables rules :-) Eye for an eye and tooth for a tooth.
  52. Re:A respectful request to MOD PARENT UP. by symbolic · · Score: 1

    This stuff is not trivial.

  53. This is for people who need protection against by Chuck+Chunder · · Score: 1
    phishing. Do you seriously think these are the sort of people capable of making competent, informed decisions about "trust servers"?
    Even better would be another layer
    For fucks sake, what planet are you on? This sort of thing needs to "just work" otherwise it is useless for 99% of the people who would actually benefit from it.
    --
    Boffoonery - downloadable Comedy Benefit for Bletchley Park
  54. People Like You by Doc+Ruby · · Score: 1

    Why don't you stop talking out of your fucking ass, and just read my post which makes clear how my system makes it totally easy for the user?

    I said the trust servers, and vouchers for those servers, would ship with defaults. All a casual user would do would see whether a given page is trusted, as a function of those two layers they'd never see. More sophisticated users could set their "vouch servers", probably by their organizations tech support. Even more sophisticated users could pick their own trust servers. Or make their own trust servers, or their own vouch servers. An open system with defaults that "just work" for everyone, unless they're inclined to tinker. With a simple mechanism for delegating the decisions of who to trust.

    My privacy scope keyed to trust, automating form completion, makes it even easier for the casual user to decide what to do (or not), once trust levels are established. It becomes a matter of seeing a page asking for info, and just saying "OK/"Cancel" when the browser just says "This page is asking for your creditcard info, but YOUR_FINANCE_MAGAZINE says you shouldn't trust it. Do you want to do it anyway, or get more info before you give it to them?" Also with open configs, so for casual users it "just works", but more support/sophistication can use others' input into the trust web.

    Distributed trust is complex. My system, drawing on decades of people working out how people trust and what's easy to understand, makes it easy for the 99.9999% who want to trust, and blame the people who vouched when it goes wrong. While accommodating the few, including me, who understand how to tailor trust even better.

    You are clearly part of the "six nines" who need it totally dumbed down, or you get scared into confusion. Just step away from the keyboard while pros do the hard work, and you'll get your simple, trustworthy interface. Getting in the way of the machinery can be dangerous for mere normals like you.

    --

    --
    make install -not war

  55. Do it yourself! by scovetta · · Score: 1

    I did a little writeup on this kind of thing a while back. Since all of the major browsers support a "proxy autoconfiguration" file, you simply a flat file on some server that returns a non-existent proxy address for URLs that you want to "block". So you don't need to use Opera's, just have someone run such a service and point your autoconfig there. A general "URL/IP Blacklist" could easily be built into browsers (as I'm sure there's a Firefox extension around for it).

    On the other hand, I think it's nice that banks that I've never even heard of are nice enough to find me and let me know that my account needs to be reset. Now I'll have a place to put the $50M that I'm getting for helping the Prince of Nigeria!

    --
    Wer mit Ungeheuern kämpft, mag zusehn, dass er nicht dabei zum Ungeheuer wird. --Nietzsche
  56. haven't they learned yet? by v1 · · Score: 1

    Every time some single internet entity tries something to stop spam, banners, or viruses, the dark forces they are trying to stop collaborate against them and next thing you know your server is a smouldering pile od slag attached to what's left of the stain on the table that was your router.

    What makes them think they are flood-proof, against people that have thousands of zombies at their command?

    --
    I work for the Department of Redundancy Department.
  57. It's NOT phoning home. by ahknight · · Score: 3, Insightful

    It's not phoning home. There's been a lot of idiocy about that statement lately and the phrase is starting to suffer the fate of the apostrophe: people are just using it whenever they think it might apply.

    Phoning home means sending personal, identifying information back to the author of a program, usually with nefarious intent. This is a feature that uses an Opera server in a non-identifying way to determine if the site you're going to is fraudulent. Huge difference.

    And you can probably turn it off. Yet another thing that you cannot do with software that is "phoning home" in the traditional definition.

    Come on, folks. There's privacy and there's paranoia. I know a lot of you haven't left home in a few weeks, but try to stay in touch with reality, okay? The foil hats do nothing...

    1. Re:It's NOT phoning home. by Phroggy · · Score: 1

      Phoning home means sending personal, identifying information back to the author of a program, usually with nefarious intent. This is a feature that uses an Opera server in a non-identifying way to determine if the site you're going to is fraudulent. Huge difference.

      Sorry, no. Phoning home means the application is contacting its creators, regardless of what information is being sent or retrieved. The most common purpose of this is to check for updated versions of the software, and to notify the user when one is available, without sending any personal information whatsoever; it still counts as phoning home, even when I authorize it (I usually do).

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    2. Re:It's NOT phoning home. by ahknight · · Score: 1

      Sorry, no, it's not that.

      Just because that's what you call it doesn't make that the definition.

    3. Re:It's NOT phoning home. by mdwh2 · · Score: 1

      Except that link seems to back up what he said. The article provides examples of communication, but I don't see where it says "personal, identifying information" must be sent?

      Your link says: "Phoning home is usually surreptitious communication between applications or hardware installed at end-user sites and their manufacturers or developers." - maybe that doesn't go so far as to include checking for updates, but I think it counts for this Opera feature.

    4. Re:It's NOT phoning home. by krell · · Score: 1

      Phroggy is correct. Phoning home means phoning home, regardless of the content being transferred during the "phone call." A decent browser won't do this without asking, and should by default not have such spyware features turned on in the first place.

      --
      Where were you when the voynix came?
  58. a better idea by NynexNinja · · Score: 1

    A better idea would be to offer a plugin (which might be included by default but turned off by the user at installation time) that periodically syncronizes with a remote database of "bad" sites. This is basically what AdBlock + FilterSet.g plugin does for firefox, only it deals with ad blocking instead of phishing sites....

  59. Resistance i futile. by The+Creator · · Score: 1

    "I will beat you 6-0 6-0 6-0."

    --

    FRA: STFU GTFO
  60. Blacklists are bad and unethical by macraig · · Score: 1

    Blacklists are bad and unethical, regardless what particular purpose they serve. They're analogous to eugenics and Adolf Hitler: do you REALLY want someone(s) else quietly determining for you what is ham or spam, fishing or phishing, without you having any final veto at all?

    Just say NO to blacklists, of any form.

  61. Re:Someone please cry foul by trifish · · Score: 1

    Actually, no. If you open a SSL connection (you know, the https thing), the URLs you request from the server are encrypted (so your ISP donesn't know what files or documents you download from the server).

  62. Re:Someone please cry foul by trifish · · Score: 1

    And if you connect to a proxy via SSL, you can browse any sites without your ISP knowing. The ISP will only know you connected to a proxy in China (or wherever) and that's it. No URLs, no domains, just strongly encrypted packets.

  63. speaking as a user of Opera from 1999... by alizard · · Score: 1

    I've enjoyed the cutting edge technology that somehow seems to work despite its being cutting edge for years. I've taken it along with me when I went from Windows to Linux. I've encouraged people to try it out both as a user and a technology writer for the last several years.

    If I can't turn these features off, I'll stay in v9.0 until something better than Opera comes along or it can't be used with whichever Linux distro I'm going to be using.

    I make the decisions about what my web browser downloads and who it phones home to.

    If I wanted a browser to play "Big Brother", I would have stayed in Windows, be using IE, and be planning a hardware upgrade to Vista.

    --
    Tech Public Policy stuff
    1. Re:speaking as a user of Opera from 1999... by Anonymous Coward · · Score: 0

      Read. The. Fucking. Article.

      If you can't do that, read the post above you!

      If you can't read, WHAT ARE YOU DOING HERE.

    2. Re:speaking as a user of Opera from 1999... by cshark · · Score: 1

      If I couldn't read, how would I post a flippant response to your flippant response? Get over yourself. You know they have clinics for people who take themselves too seriously.

      --

      This signature has Super Cow Powers

  64. Re:Someone please cry foul by Macthorpe · · Score: 1

    I love how people suggest this without thinking that when your ISP 'monitors everything you do' and finds that you don't do anything except via a secure proxy, that they might just be even more suspicious.

    --
    "It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
  65. Re:Someone please cry foul by trifish · · Score: 1

    Why via proxy and via SSL? Because why would a nerdy admin working for your ISP should be allowed to read everything I read, download and upload, and why should he know the URLs where I do?

    You missed the point. It was to prove that ISP doesn't have to know everything you do.

  66. Re:Someone please cry foul by hkmwbz · · Score: 1

    Now the admins of the proxy server would know your surfing habits instead. Besides, setting up a secure proxy is a hell of a lot more work than simply disabling the anti-phishing feature in Opera.

    --
    Clever signature text goes here.
  67. Re:Someone please cry foul by trifish · · Score: 1

    Yes, and do you expect a proxy admin in North Korea to disclose your searching habits to someone from the US?

  68. Re:Someone please cry foul by trifish · · Score: 1

    > Besides, setting up a secure proxy is a hell of a lot more work than simply disabling the anti-phishing feature in Opera.

    In case you missed it, I didn't talk in regard to Opera. I responded to the statement that your ISP knows everything anyway. The point was that if you want, your ISP doesn't have to know everything.

  69. It is phoning home, for sure. by krell · · Score: 1

    "Phoning home means sending personal, identifying information...."

    You are confusing the instance of phoning home (which is clearly happening here) with what is said during the instance of phoning home. Which is quite debatable.

    "And you can probably turn it off."

    Problem solved if it asked you once, during the installation, if you wanted it turned on in the first place (default answer = No). Then you aren't tricked into turning it on.

    "Come on, folks. There's privacy and there's paranoia.

    And then there is proper browser behavior. Browsers have no business connecting to pages you don't tell them to or to material not specifically linked into the pages you go to, unless you actually tell the browser to do so.

    --
    Where were you when the voynix came?
  70. Re:Someone please cry foul by hkmwbz · · Score: 1

    The point is, someone will know.

    --
    Clever signature text goes here.
  71. Re:Someone please cry foul by trifish · · Score: 1

    What a red-herring comment. The actual point is that your US/EU ISP doesn't have to know everything.

  72. Re:Someone please cry foul by hkmwbz · · Score: 1

    No, the actual point is that if you are that paranoid, you should know that someone will be able to track you.

    --
    Clever signature text goes here.
  73. Re:Someone please cry foul by trifish · · Score: 1

    First, I'm not paranoid and I don't use proxies at all. Second, I was helping that poster to understand that there ARE WAYS TO PREVENT HIS ISP FROM KNOWING EVERYTHING HE DOES. GOT IT?

    Where did your other "points" and "counter-points" came from is truly beyond me.