Skip to main content.
Featured articles: Opera CEO video interview :: An inside look at how Opera works on site compatibility :: Give your input on the next version of Opera
Opera 9.1 is out with Fraud Protection

By Daniel Goldman
December 18th, 2006 10:22 AM EST

The Opera Desktop team today released the first major upgrade to Opera 9, version 9.1 (Download Opera 9.1).

Fraud Protection was added to this new version, where Opera will alert you when you visit a fraudulent site (such as those from the phishing emails we all get).

You can read about the Fraud Protection in Opera’s documentation, below are some snippets and summaries.

By default Opera’s fraud protection feature is off. When it’s on, the Opera browser will contact Opera’s fraud protection server every time you request a webpage. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.

The server checks the domain name of the requested page against live whitelists compiled by GeoTrust, and blacklists compiled by GeoTrust and Phishtank. Opera’s fraud protection server downloads blacklists directly from Phishtank, and sends a query to GeoTrust.

The domain name is forwarded to GeoTrust in plain text, together with a hash of the URL, if the site you are checking is served by HTTP. The full URL is not sent, but a fingerprint of the full URL is needed in case you visit a dangerous page on a site that is otherwise harmless. The reply is an XML document containing the trust level of the domain. This reply will be cached for a time indicated by the Opera’s fraud protection server. Information about well-trusted sites can be cached for a longer period than for unknown sites.

If a Web site is found on the blacklist, you will be presented with a warning page, and you must decide whether to visit the fraudulent Web site, or to return to the home page.

Opera’s fraud protection server does not cause any delay in the opening of Web pages.

How Opera handles your privacy?

  1. By default, Opera Fraud protection is disabled.
  2. With Opera Fraud Protection enabled, the domain name of Web sites you visit is sent to Opera’s fraud protection server together with a hash of the complete URL. No information goes directly to third parties, and the information that is forwarded to whitelist/blacklist providers is not connected to your identity. HTTPS sites are checked via an encrypted channel, while IP addresses on the local intranet will never be checked.
  3. Although Opera’s fraud protection server stores the domain name and the security status of the Web sites you visit, it does not save your IP address or any other information related to your identity. There are no cookies or other session information.
  4. You can at any time disable Opera Fraud Protection in preferences, by choosing Tools > Preferences > Advanced > Security , and unchecking the box marked “Enable Fraud Protection.”

Download Opera 9.1

Follow along with future Opera browser news by subscribing to our email or RSS feeds.

Subscribe to Opera Watch Click here to subscribe to Opera Watch

   

:: Comments ::

  1. December 18th, 2006 at 10:53 am    
    Posted by BAMAToNE using Opera Opera 9.10 on Windows Windows XP

    First! ;)

    Using it now. Seems to work fine so far. :D

  2. December 18th, 2006 at 10:57 am    
    Posted by BAMAToNE using Opera Opera 9.10 on Windows Windows XP

    Oh man, I just noticed the Opera devs finally put yellow highlighting back into the text search! At last!

  3. December 18th, 2006 at 12:44 pm    
    Posted by Kelson using Opera Opera 9.10 on Linux Linux

    At home I’ve got a Technorati search feed for “opera browser,” and I’d been watching posts about “Opera 9.1 FTP link!” cropping up all weekend. So I’m glad to see the final is actually up.

    I’ve only been using it for a few minutes, and I don’t have fraud protection turned on, so it doesn’t feel any different than 9.02. But the changelog mentions compatibility with the Flash 9 beta for Linux, which is very welcome! I’ll have to surf over to youtube or someplace when I get home (I have no speakers on my computer at work) and try it out.

  4. December 18th, 2006 at 1:05 pm    
    Posted by Tamil using Opera Opera 9.02 on Linux Linux

    Digg

  5. December 18th, 2006 at 1:27 pm    
    Posted by IceArdor using Opera Opera 9.10 on Windows Windows XP

    Does anyone know what exactly they mean by the domain name. If I were to type http://username:password@mydomain.com/hello/world/, would my username and password information be sent to the servers? And is it sent to Opera servers, or GeoTrust servers (as said above).

    How does Opera perform on ftp pages for fraud protection? (or would this be unneeded)

  6. December 18th, 2006 at 6:23 pm    
    Posted by Kelson using Opera Opera 9.10 on Linux Linux

    The username and password aren’t really considered part of the current URL — you’ll note that when you go to a site using that structure, they won’t be displayed. So I seriously doubt that they would be sent along with the domain name.

    That said, I suspect that when they say “domain name” they actually mean hostname+domainname, to distinguish between, say, two blogspot sites (myblog.blogspot.com vs. yourblog.blogspot.com).

    As for where it gets sent, it looks like it’s sent to sitecheck.opera.com. So presumably it’s Opera’s servers using GeoTrust’s data.

  7. December 18th, 2006 at 9:51 pm    
    Posted by Marcus using Opera Opera 9.02 on Linux Linux

    Still waiting for the packages to hit http://deb.opera.com/opera
    But hey, that would probably take a minute of some Opera employee’s time, so I guess it’s better that a gazillion users have to spend a total of a gazillion minutes of their time on manually downloading and installing instead.

    And why can’t Opera put Ubuntu dist-files on the same deb repository or even a separate one? Since they already have packages for Ubuntu it should be very easy to set them on a deb repository.

  8. December 19th, 2006 at 1:59 am    
    Posted by anon using Opera Opera 9.10 on Windows Windows XP

    What is the name of the font used in the “Opera 9.1″ logo ?

  9. December 19th, 2006 at 10:38 pm    
    Posted by PhoenixP3K using Opera Opera 9.10 on Windows Windows XP

    This comment is related to the Browser Poll: “Do you need fraud protection in your browser?”

    I think not. I didn’t like the feature in IE7, I never knew it was in Firefox 2. Don’t get me wrong, it’s an important feature… but I don’t think I need this kind of protection 24/7 on my browsing. Not all the sites need to be screened for Fraud. I like to keep it disabled and when ever I got a bad feeling of a website (or submit important information via a form) I’ll run a quick check via the browser. I won’t fall for;
    http://paypal.ebays.co.au/secure-transaction/

  10. December 20th, 2006 at 7:31 pm    
    Posted by Tom Buckner using Opera Opera 9.10 on Windows Windows XP

    Looks like the Fraud Protection doesn’t recognize the website for the Washington Post — kinda weird.

Post a comment

HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Previous Article: Opera Mini team not resting
Next Article: Interview with Johan Borg, Opera’s desktop team manager