Home > Desktop > Opera 9.1 is out with Fraud Protection

Opera 9.1 is out with Fraud Protection

December 18, 2006

The Opera Desktop team today released the first major upgrade to Opera 9, version 9.1 (Download Opera 9.1).

Fraud Protection was added to this new version, where Opera will alert you when you visit a fraudulent site (such as those from the phishing emails we all get).

You can read about the Fraud Protection in Opera’s documentation, below are some snippets and summaries.

By default Opera’s fraud protection feature is off. When it’s on, the Opera browser will contact Opera’s fraud protection server every time you request a webpage. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.

The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank. Opera’s fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.

The domain name is forwarded to GeoTrust in plain text, together with a hash of the URL, if the site you are checking is served by HTTP. The full URL is not sent, but a fingerprint of the full URL is needed in case you visit a dangerous page on a site that is otherwise harmless. The reply is an XML document containing the trust level of the domain. This reply will be cached for a time indicated by the Opera’s fraud protection server. Information about well-trusted sites can be cached for a longer period than for unknown sites.

If a Web site is found on the blacklist, you will be presented with a warning page, and you must decide whether to visit the fraudulent Web site, or to return to the home page.

Opera’s fraud protection server does not cause any delay in the opening of Web pages.

How Opera handles your privacy?

  1. By default, Opera Fraud protection is disabled.
  2. With Opera Fraud Protection enabled, the domain name of Web sites you visit is sent to Opera’s fraud protection server together with a hash of the complete URL. No information goes directly to third parties, and the information that is forwarded to whitelist/blacklist providers is not connected to your identity. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.
  3. Although Opera’s fraud protection server stores the domain name and the security status of the Web sites you visit, it does not save your IP address or any other information related to your identity. There are no cookies or other session information.
  4. You can at any time disable Opera Fraud Protection in preferences, by choosing Tools > Preferences > Advanced > Security , and unchecking the box marked “Enable Fraud Protection.”

Download Opera 9.1

Categories: Desktop
  1. December 18, 2006 at 10:53 am

    First! 😉

    Using it now. Seems to work fine so far. 😀

  2. December 18, 2006 at 10:57 am

    Oh man, I just noticed the Opera devs finally put yellow highlighting back into the text search! At last!

  3. December 18, 2006 at 12:44 pm

    At home I’ve got a Technorati search feed for “opera browser,” and I’d been watching posts about “Opera 9.1 FTP link!” cropping up all weekend. So I’m glad to see the final is actually up.

    I’ve only been using it for a few minutes, and I don’t have fraud protection turned on, so it doesn’t feel any different than 9.02. But the changelog mentions compatibility with the Flash 9 beta for Linux, which is very welcome! I’ll have to surf over to youtube or someplace when I get home (I have no speakers on my computer at work) and try it out.

  4. December 18, 2006 at 1:05 pm
  5. December 18, 2006 at 1:27 pm

    Does anyone know what exactly they mean by the domain name. If I were to type http://username:password@mydomain.com/hello/world/, would my username and password information be sent to the servers? And is it sent to Opera servers, or GeoTrust servers (as said above).

    How does Opera perform on ftp pages for fraud protection? (or would this be unneeded)

  6. December 18, 2006 at 6:23 pm

    The username and password aren’t really considered part of the current URL — you’ll note that when you go to a site using that structure, they won’t be displayed. So I seriously doubt that they would be sent along with the domain name.

    That said, I suspect that when they say “domain name” they actually mean hostname+domainname, to distinguish between, say, two blogspot sites (myblog.blogspot.com vs. yourblog.blogspot.com).

    As for where it gets sent, it looks like it’s sent to sitecheck.opera.com. So presumably it’s Opera’s servers using GeoTrust’s data.

  7. Marcus
    December 18, 2006 at 9:51 pm

    Still waiting for the packages to hit http://deb.opera.com/opera
    But hey, that would probably take a minute of some Opera employee’s time, so I guess it’s better that a gazillion users have to spend a total of a gazillion minutes of their time on manually downloading and installing instead.

    And why can’t Opera put Ubuntu dist-files on the same deb repository or even a separate one? Since they already have packages for Ubuntu it should be very easy to set them on a deb repository.

  8. anon
    December 19, 2006 at 1:59 am

    What is the name of the font used in the “Opera 9.1” logo ?

  9. December 19, 2006 at 10:38 pm

    This comment is related to the Browser Poll: “Do you need fraud protection in your browser?”

    I think not. I didn’t like the feature in IE7, I never knew it was in Firefox 2. Don’t get me wrong, it’s an important feature… but I don’t think I need this kind of protection 24/7 on my browsing. Not all the sites need to be screened for Fraud. I like to keep it disabled and when ever I got a bad feeling of a website (or submit important information via a form) I’ll run a quick check via the browser. I won’t fall for;

  10. December 20, 2006 at 7:31 pm

    Looks like the Fraud Protection doesn’t recognize the website for the Washington Post — kinda weird.

  11. Petros
    February 27, 2007 at 2:05 pm

    Is there any way to disable sitecheck in Opera 9.10?

  12. February 27, 2007 at 4:53 pm

    Petros, yes you can. Click on the question mark on the right side of the address bar, that will bring up the fraud protection menu. Uncheck “enable fraud protection”.

  13. March 25, 2007 at 12:29 pm

    How do you get rid of the question mark in the address bar?

    I don’t want fraud protection and don’t want the question mark showing but can see no way to get rid of it.

    I don’t have fraud protection enabled BTW but the question mark is still there.

  14. March 25, 2007 at 7:31 pm

    carbuncle, I don’t think there’s currently a method of removing the question mark in the address bar. 😦

  15. Bill
    April 4, 2007 at 5:42 am

    Will Opera Version 9.1 remain free? I surely hope so. I love it!

  16. April 5, 2007 at 9:43 am

    Bill, of course Opera will remain free.

  1. No trackbacks yet.
Comments are closed.
%d bloggers like this: