Opera's new baked in VPN is NOT a good solution for your privacy!

The news recently dropped that Opera will begin bundling a VPN into the beta version of their browser. This was met with cheers and positive articles from many tech blogs and subs all over Reddit. I’ve been trying to leave comments to provide this information, but figured it might be easier to put it all in a thread.

I want to take a minute to educate those reading these so that you can manage your expectations and learn why this is not a good solution for privacy conscious users.

Some facts:

On 10 February 2016, a group of Chinese investors offered $1.2 billion to buy the company:

Opera’s business model is as an ad network.

Opera sells your usage and connection data to Google and Facebook as part of their model. Opera is an ad network unto themselves and collects your usage data for those purposes.

Opera and third-parties, including Google, use first-party cookies and third-party cookies together to a) inform, optimize, and serve ads

Opera uses Facebook Custom Audience on Opera’s web Opera and Facebook uses cookies, web beacons or similar technologies to collect or receive information from your visit to Opera’s website with the purpose to provide measurement and target ads on Facebook.

Opera purchased SurfEasy VPN just over a year ago:

SurfEasy is a VPN company located in Canada (a five eyes country)

They keep bandwidth and usage logs. These are temporary, but they’re still logs.

Remember, if you aren’t paying for it, YOU are the product. Opera isn’t doing this out of the kindness of their heart, they are in it for your data as that’s how they operate. There are many VPN companies that do not log their users data. They might ask a fee, but that’s what’s required for the best possible privacy in this arena.

Edit: Some corrections and clarification.

Edit 2: Here’s a good article with more info by HelpNet Security.

There’s another thing to consider here. WebRTC.

Since Opera is built on Chromium, the WebRTC bug that reveals your true IP address, even when behind a VPN, still exists.

Try visiting ipleak in Opera

I’m gonna quote this tweet by @spazef0rze , a security consultant.

“This Opera “VPN” is just a preconfigured HTTP/S proxy protecting just the traffic between Opera and the proxy, nothing else. It’s not a VPN.”

He also posted a detailed explanation here.

These creds can be used even when connecting from a different machine, it’s just an HTTP proxy anyway.

When you use the proxy on a different machine (with no Opera installed), you’ll get the same IP as when using Opera’s VPN, of course.

the sooner sheeple understand there’s no such thing as privacy in public (which includes the internet), the better.

There are many VPN companies that do not log their users data.

They claim to not log user data. Some of those VPNs have servers in countries that require data logging, sometimes up to two years.

Additionally, they may not log it but they may have also been served an NSL that requires a port mirror setup to a government device that does log it. They wouldn’t be able to tell you this and they also wouldn’t be lying by saying they don’t log.

The only VPN you can trust is one you make yourself. That said, you shouldn’t be doing illegal shit over a VPN anyway.

I’ve been using Private Internet Access for some time and according to that chart they’re not too bad. Lot’s of down right awful VPN’s. It actually a little upsetting seeing so many red and yellow boxes and that most VPN’s arent worth it.

Don’t worry, that data will be stored, temporarily, by a small shell company called the F.I.B.

Facebook picked up on the china connection of Opera which is kind of a big deal if you ask me. So now we have Google and the Chinese competing for user data. Beyond that, the VPN is slow AF and Opera sometime doesn’t load images correctly and there is a diamond pattern glitch on some page loads. I love the idea of a real VPN and proxy built-in

Nice idea but I wouldn’t touch a Chinese owned VPN with a very long pole while wearing surgical gloves

This one got me a bit concerned. Esp. Principle 4: Limiting Conn.

http://imgur.com/19fqxny

Thanks for this post , I just use opera to make watch content in the US

They keep bandwidth and usage logs

Following your link, it says:

“The SurfEasy network is a No Log network. SurfEasy does not store users originating IP address when connected to our service and therefore cannot identify users when provided IP addresses of our servers. Additionally, SurfEasy cannot disclose information about the applications, services or websites our users consume while connected to our services; as SurfEasy does not store this information.”

Comment?

If you are doing something which can result you going to jail or otherwise, you should be using paid high end solutions to begin with.

This is a free version which is focused on Ease of Use and convenience.

Currently its a hassle to access services which have nothing to do with maintaining privacy but just geo-blocked for silly reasons. Getting/setting up extensions etc is a hassle. This is for these people and it will find a niche just fine.

And as the blog post on the Opera site mentioned, not everyone who uses a VPN does it for the same reason, Anonymity is not the only thing, in fact its not even 50%.

Why mobile version doesnt come with VPN ?!?

Would Opera Max (Android VPN) be affected by this as well?

What about downloading torrents with this software?

Thoughts?

Opera - OUT

Hello, Vivaldi

Luckily I didn’t use it. But still, it’s stupid to assume that because it’s Chinese it’s less reliable than American

Their CEO has said they operate more like a Chinese Company than a Western one

Nice cherry picking…Here’s the quote actually in context:

“I think that we at Opera are much more like a Chinese internet company than a Western one,” says Boilesen. “We have a lot of contacts in Silicon Valley. It’s really easy to have a lot of discussions there about emerging markets, but it’s hard to make things happen. Western companies kind of wait until there’s a marketplace before they start investing. Chinese companies are more aggressive. They go all in,” he adds.

He was specifically talking about aggressiveness at going after emerging markets.

Im a big fan, it allowed me to watch porn in Indonesia.