subject: Opera 9.5+ snooping alert - fraud prevention feature - disable posted: Fri, 13 Mar 2009 01:29:46 -0000
Sooo whilst poking around in Opera's data directories, I discovered
that Opera has been sending the hostnames of every web address I
visit to a third-party company.
It's claimed that it's for fraud prevention, it's like a "safe surf"
feature, that's fab but I don't want my hostnames being sent
anywhere, I'd rather visit a dodgy website once in a blue moon than
have my browsing habits recorded.
Looking through the index, which can be found here:
c:\Documents and Settings\[username]\Local Settings\Application
Data\Opera\Opera\profile\opcache\dcache4.url
it's possible to observe that Opera has been querying addresses such
as www.google.com, maps.google.com, bioguide.congress.gov,
www.metoffice.gov.uk, login.facebook.com, www.hsbc.co.uk and
online.lloydstsb.co.uk.
The queries are sent to a host called sitecheck2.opera.com which for
me, resolves to a machine in Oslo. A geolocation feature may be in
use since according to the Washington Post, the company behind the
tech is "Seattle-based Haute Secure, a security company started by
four former Microsoft employees". [1]
This "feature" is enabled by default. It can be enabled/disabled
from Tools > Preferences > Advanced > Security by checking/unchecking
the box marked "Enable Fraud Protection." [2]
You must ALSO close and reopen Opera for the change to take effect
(testing done with Opera 9.63).
Performance, lamo, pinging sitecheck2.opera.com takes 45ms, and that
time does not include any database lookups or processing.
Vulnerability, not including the databasing of your browsing habits,
is that it's an obvious single point of failure, it may be that if
sitecheck2.opera.com goes down, so does Opera. Malicious manipulation
of that host's DNS record could result in a Denial-of-Service against
the user, or the bypassing of the feature.
search: