Opera is Spyware!?

RESTING IN SUNNY FLORIDA, I was Running Opera on a nephew's system, specifically ver 7.03 US - the adware version. I didn't mind ignoring the ads too much, and even occasionally clicked on a few to feed the clikthru hungry bannerati. Lo and behold, without entering any voluntary location data, and always entering such info in a dodgy fashion when it was a "required field", the banner ads started getting personal, or at least - local, advertising businesses very close by. It seemed as if the browser might be feeding back URL lists, or perhaps, gasp, form field content, or XML. Naw... I thought - not Opera. I like those folks, and have recommended it to so many.

Being a wary security sort, my early experience with Opera was good. I didn't want to believe that Opera was no longer behaving ethically. I wanted to find other culprits.

Ok, let's review... I was running anti-virus at least two extra full scans a day, with daily updates (AVG-Anti Virus - free for personal use and a very good anti-virus program). I also had Ad-Aware running and cleaning everything it could find several times daily. I didn't want to believe that Opera wasn't behaving ethically. The machine also operated on a network connection behind a firewall appliance.

Time to install Sygate Personal Firewall (free for personal use). Heck - it should have been installed from the outset, but in a previous visit, it had interfered with my nephew's personal mud server.

I digress... Using Sygate is a bit of work if you want to be diligent about security, so I set the options to register every dll. This meant that every time a program loaded a new DLL, I would be asked permission, or the dll would not be allowed to load henceforth. Well - Opera went and caused me numerous notifications, and by reading the fine print, it was loading several DLLs at a time.

Now in fairness, dll's seemed to load at times when there might have been an excuse to do so, for example - when I asked to print a page, it loaded several dlls. Fine. I wasn't certain it needed as many as it asked for, but I allowed it. I noticed that every now and again, it seemed to be loading DLLs at synchronous moments when my nephews Opera-based mail account was periodically going to his POP3 server to look for mail. Odd. Now I noticed that opera seemed to occasionally update a dll that appeared to be connected to it's ad-banner, but while I objected to being updated without my express permission, I allowed it a couple of times.

But then during a now seemingly routine DLL load notification, I read that Opera had loaded a pgpmn.dll file, that I couldn't explain. After all, I wasn't using pgp on this machine, and my nephew hadn't fired it up in weeks, or longer, so I had to wonder - What was Opera doing with my pgp files, without my express permission to be there?

Having tried to e-mail Opera folks about security questions a few times in the past, I knew better than to try again, and I thought about the other odd things Opera had done recently.

Well, one of the things about Opera for some time now, is that I've noticed Opera's memory footprint growing on my system as if it had a bad memory leak. And after a hour of use, the Opera footprint could be pretty large. Opera crashes seemed to happen repeatedly after sucking up mucho memory, but I had thought that a design flaw that failed to dump old memory/pages aggressively enough.

(Right now with about 7 active windows, it was taking about 47 MB, with an additional 69 MB of virtual memory swapped out. I had lots to spare, but that's a pretty big chunk of memory. Opera commonly pumped itself up well over 100MB, and sometimes well over 200.

Time for another tool. PROCESS VIEWER (Free!) I used to use AATools, but those tools are nag-and-timeout-ware now, and this process viewer utility is fine to discover processes and threads under the hood.

Ok, after a look, Opera looked like it had referenced everything but the kitchen sink. While one nasty possibility I floated was that Opera was linking to a PGP dll to get at my private keyring - perhaps snooping for some dark-sunglasses guvmint agencies. An alternate explanation for accessing my pgp files, could be simply as on in a long list of modules Opera was just taking an inventory of. Less nefarious, but still unethical in my book.

Looking still deeper, Opera appeared to have pgpmn.dll listed twice in the modules list, with two different entry points. A few minutes later, Opera dropped one of the entry points, and again had pgpmn.dll registered only once. Time to worry some more. With two entry points to a pgp dll, it was no longer likely to be just a file inventory exercise.

And how many modules was Opera loading? In all one count just yielded 80 modules. Compared with all the other tasks running, it appeared to be the program with the largest number of modules linked.

The Process viewer also showed me the 8 threads it was running, and strangely, though MS Task Manager showed Opera operating at normal priority, the child threads showed a different story. No less than two threads were running at Time-Critical priority, and another thread was "above normal".

Now I'm worried. At this point, I no longer trust Opera, and will soon be removing it from all the PC's I own and influence - and that's a great lot of PC's BTW.

As far as I'm concerned, they have a near-impossible chance of winning back any trust from me, and despite the many features of Opera that I truly enjoyed, like mouse gestures and easy page ZOOM, I'm going to flip over to Phoenix. I've been playing with it, and thought it wasn't quite ready, but I now think that it is ready enough, based on the alternatives. (Phoenix and Mozilla also have the best support I've seen for Math-ML, do render complex mathematical formulae almost as well as TeX.) Phoenix is FAST, has a tiny memory footprint, and it is open source.

Oh, and for you lot out there still trusting the Microsoft browser, and Active-X controls, your security isn't affected by this Opera issue. Mind you, I won't run the Vole's browsers on my PCs either. Most data security professionals credit the Redmond Satan with writing the book on bad examples for security. You can have bad security on a Linux OR Microsoft box, but it is so much easier with MS.

So Opera folks - unless you can come up with a complete and thorough explanation, you might want to plead insanity, and go open source. For me, that's the most likely road back to any measure of trust. Today I've learned to spell betrayal - O.P.E.R.A. µ

Checked the site out and this is what it found:
My IP Address - if you are on the net, you have to have it, so this it no great task.
Cookies - the cookies it itself put on (but did not find my FR cookie and other cookies I have used this session).
It found my browser (not quite it called it netscape) this info is sent out so that pages can be sent appropriately. No big deal here either.
Location and no other info was found.

I am using Phoenix on Linux with no special security setup (other than auto deletion of cookies after one day and not allowing popups).

It is possible to determine at least rudimentary geograhical information from an IP address. There is at least one free Perl module (Geo::IP) that can return the country of most IP addresses. With targetted advertising being a must-have feature, it wouldn't surprise me that some ad agencies maintain a much more detailed database for use when serving ads, that could narrow down most IPs to the city.

As for loading PGP, (assuming that is pgpmn.dll), it could be instrumental in security checks for maybe applets or plugins, or an automatic new-version check. Shrugs. While I wouldn't implicitly trust Opera, I do rule out such an aggrievious violation of trust-- that is, searching out user's private keys for nefarious uses-- that would ruin the company, and is probably illegal (at least in some countries.)

Before penning a scathing and possibly misinformed attack on Opera, the author of this article should have pulled up his friendly neighborhood packet sniffer and accounted for the packets.

Before penning a scathing and possibly misinformed attack on Opera, the author of this article should have pulled up his friendly neighborhood packet sniffer and accounted for the packets.

Precisely. This is what crossed my mind as well.

And today was a good day...

Wow! That's pretty neat. Imagine something like that hooked into an activism database, a community-maintained list of rallies and events, and then have it display upcoming event information in a little box for each reader's area.

I wonder if the benefit of increased activism would outweigh that creepy Big Brother™ feeling.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.