- A web browser made by Opera Software, using the Blink engine. Has some interesting features like mouse gestures, a built-in ad blocker and VPN. It is the sixth most popular browser. But how does it look like in terms of privacy?
-
-
Spyware Level: EXTREMELY HIGH
-
- Opera makes 55 unsolicited requests upon its first run. By default, it spies on all your browsing history. Works closely with advertisers and trackers. Is integrated with Facebook, one of the biggest privacy violators in the world. Has Google as the default search engine. Closed source.
-
-
-
Geolocation
-
-
The first request Opera makes is the geolocation request: which includes your country and the precise timestamp.
-
-
Homepage request
-
-
If this is the first time you run Opera, it makes this request: which will redirect you to their homepage. Then, that homepage will make a bunch of other requests, including to google analytics, facebook (if you're logged in, they now know who you are), and even yandex.ru. The yandex request will set a uniquely identifying cookie.
-
-
Cxense analytics
-
-
Later, it will make a few requests to cxense.com. What is Cxense?
-
-
We are Cxense. We help hundreds of leading publishers and marketers across the globe transform their raw data into their most valuable resource. Built on the premise of 1:1 analytics and communication; allowing you to both gain unprecedented insight about your individual customers, and to action this insight real-time in all your marketing and sales channels.
-
-
This request seems to include a unique ID
-
-
Search engines
-
-
Opera will also download a list of search engines, which you cannot delete, only add new ones (at least from the GUI). Apparently, there are some convoluted methods of deleting the search engines, but I haven't confirmed them. Of course, the default search engine is the anti-privacy Google.
-
-
OCSP querying
-
-
Opera will query OCSP servers (ocsp.comodoca.com) to check if SSL certificates expired.
-
-
Malware / Phishing protection
-
Anytime you visit a website, Opera will make a request like this: to check if it is malicious. So it is literally spying on your whole browsing history. Fortunately, this can be turned off.
-
-
Other requests
-
-
Other requests include ones to googletagmanager, google ads specific for your country, more requests to yandex (these include your screen size, encoding, and the page you came from), more geolocation, etc. Together, Opera made 55 unsolicited requests in my first run of it. Analyzing them all would probably take a book.
-
-
Facebook integration
-
-
Opera has a Facebook chat button on the sidebar, and Facebook is one of the most anti-privacy organizations out there.
-
-
Opera's "Partners"
-
Opera has a list of "partners" — those are the websites that are in the Speed Dial by default. If you click on one of them from there, they will know you visited from Opera's Speed Dial. Those requests also include unique user IDs.
- What happens if you close Opera and run it again? The websites in the Speed Dial will change to the ones from your country! And the same rule about them knowing where you came from applies.
-
-
Opera is closed source
-
And it will stay that way. From their FAQ (the message used to be there in 2017, they must have deleted it somewhere in 2018):
-
-
Opera has not officialy open sourced its browser. However, leaks of the Presto web engine Opera used have appeared on the internet.
-
-
Even with that however, there could still other spyware might be hiding in there.
-
-
-
Credits
-
- This article was written by digdeeper.neocities.org
- Formatting changes were done by the site maintainer.
-
-
-
- This article was last edited on 6/8/2018
-
-
- This article was created on 11/25/2017
-
-
- If you want to edit this article, or contribute your own article(s), visit us at the git repo on Codeberg. All contributions must be licensed under the CC0 license to be accepted.
-
A web browser made by Opera Software, using the Blink engine. Has some interesting features like mouse gestures, a built-in ad blocker and VPN. It is the sixth most popular browser. But how does it look like in terms of privacy?
+
Version tested: 87.0.4390.36
+
Spyware Level: EXTREMELY HIGH
+
Opera makes about 83 unsolicited requests on its first run:
+
+
By default, it spies on all your browsing. Works closely with advertisers and trackers. It is integrated with Facebook/Meta, one of the biggest privacy violators in the world. Has Google as the default search engine. Closed source.
+
Geolocation
+
Opera makes geolocation requests:
+
+
Malware / Phishing protection
+
Anytime you visit a website, Opera will make a request like this to check if it is malicious. So it is literally spying on your whole browsing history:
+
+
This can be turned off in the settings ("Privacy & Security" → "Privacy" → "Protect me from malicious sites").
+
Facebook, Instagram and WhatsApp integration
+
Opera has a Facebook Messenger, WhatsApp and Instagram button on the sidebar, and Facebook/Meta (which owns WhatsApp and Instagram) and is one of the most anti-privacy organizations out there.
+
Opera's "Partners"
+
Opera has a list of "partners" — those are the websites that are in the Speed Dial by default.
+
+
If you click on one of them from there, they will know you visited from Opera's Speed Dial. Those requests also include unique user IDs.
+
Opera is closed source
+
And it will stay that way. From their FAQ (the message used to be there in 2017, they must have deleted it somewhere in 2018):
+
Opera has not officialy open sourced its browser. However, leaks of the old Presto web engine Opera used to use have appeared on the internet.
+
Even with that however, there could still other spyware might be hiding in there.
Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). But how does it look in terms of privacy? Versions 1.15 and 2.0 were tested to make this article. Program used for testing requests: Mitmproxy.
-
Spyware Level: Medium
-
Vivaldi makes a bunch of requests to Google upon startup and after (malware protection requests can be turned off, but extension updates don't appear to?). Phones home every 24 hours with a unique ID using Piwik, an analytics service. Anti-privacy Bing as the default search engine. Not fully open source. Connects to an analytics platform that spies on its users.
-
Vivaldi's developers do not respect your privacy
-
Vivaldi connects to the analytics platform Piwik[1] that it uses to spy on its users, which is discussed in greater detail in other sections of this page. What is most notable about this is the attitude of Vivaldi's developer team: Developers that belittle privacy concerns, and insult their users further when they speak out about being spied on, are not developers you can trust. Below is an anti-privacy rant from a moderator on Vivaldi's forums:
-
@dib_ Stop spreading FUD. Piwik as employed by Vivaldi is not "spyware." Piwik is not a "spyware company" (unless Google, Facebook, Yahoo, TVGuide, Microsoft, Apple, NYT, Huffpo, Ancestry.com, WaPo, CenturyLink and McAfee are "spyware companies" — in which case just disconnect your computer and go to bed). It is irresponsible and malicious of you to lie about Vivaldi in this fashion. If you want to know what a connection does, ask. But don't sling around reckless accusations.[2]
-
Addon updates
-
-
These are the Chrome webstore requests, supposed to update your extensions. But with a new Vivaldi install, you don't have any, so they only accomplish spying. And the first request includes "x-googleupdate-appid" which is most likely uniquely identifying. Can't be disabled.
-
Google Safe Browsing
-
-
-
Vivaldi is downloading the lists for Google's Malware and Phishing protection, which is enabled by default, but can be disabled from the Settings menu.
-
Phoning home
-
From Vivaldi's privacy policy: "When you install Vivaldi browser ('Vivaldi'), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, CPU architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution.". So they (claim to) delete "the last octet" of your IP. How generous of them. This is the full request:
-
-
Anti-privacy search engine by default
-
The default search engine is Bing, whose privacy policy states: "Microsoft will collect the search or command terms you provide, along with your IP address, location, the unique identifiers contained in our cookies, the time and date of your search, and your browser configuration.". To make it worse, that data is shared with third parties: "We share some de-identified search query data, including voice queries, with selected third parties for research and development purposes." (you have no proof it has been "de-identified", by the way). Vivaldi has other engines preinstalled, and you can easily change it, but still, the default is all we can judge it by.
-
New tab sites
-
By default, Vivaldi contains some websites in its new tab page that have a lot of spyware in them, but does not automatically make any connection, and those sites can easily be deleted.
+
Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). Just like modern Opera, it is based on Chromium.
+
Version tested: 5.2.2623.48
+
Spyware Level: High
+
Vivaldi makes about 119 requests on startup, and continues to make unsolicited connections after. Anti-privacy Bing is the default search engine.
+
+
Even if you disable everything under "Google Services" and "Google Extensions" under "Privacy" in settings, it will still make automatic connections to Google. Also makes connections after first start up to mirmir.vivaldi.com and downloads.vivaldi.com.
+
Vivaldi's web pages are Cloudflared
+
You will be blocked if using Tor, and be connected to hcaptcha.cloudflare.org. You can disable this by simply changing the homepage.
+
+
Vivaldi Assigns you a unique ID
+
From the Privacy Policy: "When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution".[1]
Cannot be built from source code
-
"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium)."[3]
+
"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium)."[2]
which includes your country and the precise timestamp.
which will redirect you to their homepage. Then, that homepage will make a bunch of other requests, including to google analytics, facebook (if you're logged in, they now know who you are), and even yandex.ru. The yandex request will set a uniquely identifying cookie.
Of course, the default search engine is the anti-privacy 
to check if it is malicious. So it is literally spying on your whole browsing history. Fortunately, this can be turned off.
+ 
+ 
+ 
+ 
+ 
+ 
- 
- 
- 
- 
+ 
+ 
