SpywareWatchdog/articles/vivaldi.html

93 lines
6.8 KiB
HTML

<!DOCTYPE HTML>
<html lang=”en-us”>
<head>
<link rel="stylesheet" href="../style2.css">
<meta charset="UTF-8">
<title>Vivaldi - Spyware Watchdog</title>
</head>
<body>
<img src="../images/vivaldi_logo.png" alt="vivaldi logo">
<h1>Vivaldi</h1>
<p>
Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). But how does it look in terms of privacy? Versions 1.15 and 2.0 were tested to make this article. Program used for testing requests: Mitmproxy.
</p>
<h2>Spyware Level: <font color=yellow>Medium</font></h2>
<p>
Vivaldi makes a bunch of requests to Google upon startup and after (malware protection requests can be turned off, but extension updates don't appear to?). Phones home every 24 hours with a unique ID using Piwik, an analytics service. Anti-privacy <a href="../articles/bing.html">Bing</a> as the default search engine. Not fully open source. Connects to an analytics platform that spies on its users.
</p>
<h3>Vivaldi's developers do not respect your privacy</h3>
<p>
Vivaldi connects to the analytics platform Piwik<sup><a href="#1">[1]</a></sup> that it uses to spy on its users, which is discussed in greater detail in other sections of this page.
What is most notable about this is the additude of Vivaldi's developer team: Developers that belittle privacy concerns, and insult their users further when they speak out about being spied on,
are <font color=red><b>not developers you can trust.</b></font> Below is an anti-privacy rant from a moderator on Vivaldi's forums:
</p>
<p><i>
@dib_ Stop spreading FUD. Piwik as employed by Vivaldi is not "spyware." Piwik is not a "spyware company" (unless Google, Facebook, Yahoo, TVGuide, Microsoft, Apple, NYT, Huffpo, Ancestry.com, WaPo, CenturyLink and McAfee are "spyware companies" - in which case just disconnect your computer and go to bed). It is irresponsible and malicious of you to lie about Vivaldi in this fashion. If you want to know what a connection does, ask. But don't sling around reckless accusations.<sup><a href="#2">[2]</a></sup>
</i></p>
<h3>Addon updates</h3>
<p>
<BR>
<img class="screenshot" src = "../images/vivaldi_update.png"><BR>
These are the Chrome webstore requests, supposed to update your extensions. But with a new Vivaldi install, you don't have any, so they only accomplish spying. And the first request includes "x-googleupdate-appid" which is most likely <b>uniquely identifying</b>. <font color=red>Can't be disabled.</font>
</p>
<h3>Google Safe Browsing</h3>
<p>
<img class="screenshot" src = "../images/vivaldi_safebrowsing.png"><BR>
<img class="screenshot" src = "../images/vivaldi_threatlist.png"><BR>
Vivaldi is downloading the lists for Google's Malware and Phishing protection, which is enabled by default, but can be disabled from the Settings menu.
</p>
<h3>Phoning home</h3>
<p>
From Vivaldi's privacy policy: "When you install Vivaldi browser ('Vivaldi'), each installation profile is <b>assigned a unique user ID</b> that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution.". So they (claim to) delete "the last octet" of your IP. How generous of them. This is the full request: <img class="screenshot" src="../images/vivaldi_piwik.png">
</p>
<h3>Anti-privacy search engine by default</h3>
<p>The default search engine is Bing, whose privacy policy states: "Microsoft will collect the search or command terms you provide, along with your IP address, location, the unique identifiers contained in our cookies, the time and date of your search, and your browser configuration.". To make it worse, that data is shared with third parties: "We share some de-identified search query data, including voice queries, with selected third parties for research and development purposes." (you have no proof it has been "de-identified", by the way). Vivaldi has other engines preinstalled, and you can easily change it - but still, the default is all we can judge it by.
</p>
<h3>New tab sites</h3>
<p>By default, Vivaldi contains some websites in its new tab page that have a lot of spyware in them, but does not automatically make any connection, and those sites can easily be deleted.</p>
<h3>Cannot be built from source code</h3>
<p>
"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium)."<sup><a href="#3">[3]</a></sup>
</p>
<hr>
<center>
<h2>Sources</h2>
<p>
<a name="1">1.</a>
<a href="https://matomo.org/download/">Get Matomo</a>
<a href="https://web.archive.org/web/20180531220947/https://matomo.org/download/">[web.archive.org]</a>
<a href="http://archive.is/q9hOn">[archive.is]</a><br>
<a name="2">2.</a>
<a href="https://forum.vivaldi.net/topic/24029/return-of-vivaldi-spyware">Return of Vivaldi spyware</a>
<a href="https://web.archive.org/web/20180214185847/https://forum.vivaldi.net/topic/24029/return-of-vivaldi-spyware">[web.archive.org]</a>
<a href="http://archive.li/8Elc9">[archive.li]</a><br>
<a name="3">3.</a>
<a href="
https://www.reddit.com/r/vivaldibrowser/comments/62adz5/the_vivaldi_source_code_license_and_the_eula/dfn7ltm/
">The Vivaldi source code license and the EULA appear to conflict with each other...</a>
<a href="
https://web.archive.org/web/20180410043927/https://www.reddit.com/r/vivaldibrowser/comments/62adz5/the_vivaldi_source_code_license_and_the_eula/dfn7ltm/
">[web.archive.org]</a>
<a href="http://archive.li/ZoRUx">[archive.li]</a><br>
</p>
<hr>
<p><b>
This article was last edited on 10/14/2018
</b></p>
<p><b>
This article was created on 11/25/2017
</b></p>
<p>
If you want to edit this article, or contribute your own article(s), contact us on XMPP over in spyware@conference.nuegia.net, or visit us at the git repo on <a href="https://codeberg.org/TheShadow/SpywareWatchdog">Codeberg</a>. All contributions must be licensed under the CC0 liscence to be accepted.
</p>
<a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode"><img class="icon" src="../images/cc0.png" alt="CC0 Liscence"></a>
<p><a href="../articles/index.html">Back to catalog</a></p>
</center>
</body>
</html>