Opera 9.1 will include Fraud Protection

[halcyoncmdr]

Opera Backstage: Opera 9.1 will include Fraud Protection

By borg. Tuesday, 17. October 2006, 13:11:05

As presented at the Opera Backstage event in London today, Opera 9.1 will include enhanced fraud protection. Today we display the name of the certificate owner in the right end of the address field when you're on a secure site. In 9.1 we will reuse that field to display more information about the trust level of the site you visit.

When you go to a new site for the first time, Opera will check against a database if the site is trusted or if it is a known fraud site. If we know the site, there will be a small information "i" in the right end of the address field. If it's unknown/not verified there will be a "?" and if it's known as a fraudulent site we will display a warning and block the user from accessing the site.

The browser sends only the minimum information the database needs to identify a fraud site. When a result is received by the browser, it will be cached there for some time, so it doesn't have to check again if you go to the same site often.

- Why don't we use a downloaded blacklist like Firefox 2?

Firefox 2 only checks against a blacklist unless you turn on real-time protection from Google or other providers. We feel that only real-time protection is real protection, since phishing attacks tend to be more and more like virus attacks, most of their damage is done in a very short time.

- Why don't we use a downloaded whitelist like IE 7?

This makes some sense, especially to save bandwidth for our servers. But for the privacy-concerned user, we don't think it changes anything, since it's typically the more obscure sites that you really want to keep to yourself. We've made it easy to turn on and off the fraud protection from the information dialog you get when clicking the icon.

More technical details:

When you browse to a site you have not visited before, the browser sends a request for site information to our server. The requests contains the domain name of the site and a hash value of the URL. We don't send the full URL, but we need a fingerprint of the full URL in case you visit a dangerous page on a site that is otherwise harmless.

The reply from the server is an XML document containing the trust level of the domain. This reply will be cached by Opera for a time indicated by our server. This means that information about well-trusted sites can be cached for a longer period than for unknown sites.

We don't store information on our servers that let us track individual users. IP addresses are discarded and we don't use cookies or other session information. No information goes directly to third parties, all communication goes through our own servers. Our servers get the trust information from a database supplied by GeoTrust, who have a long experience with anti-fraud solutions.

The requests go over HTTP, but the replies will be signed by the server to make sure they are genuine. We prefer to send information between the browser and ourselves in plain text, so our users can inspect the data we send "home".

Source

[Pallab]

The new upgrade to Opera 9 will be released in two weeks time, dubbed as Opera 9.1 it will feature the following:

Fraud Protection (anti-phishing)

A whole set of web developer tools integrated including:

Live CSS (Cascading Style Sheets) inspector

DOM inspector

view source

view live source (generated code)

cool colour picker/inspector: lets you hover over any colour on the screen and get the code for it.

windows resizer to common sizes for devices, mobile phones and pcs.

Source

[Steve Gosselin]

A whole set of web developer tools integrated including:

Live CSS (Cascading Style Sheets) inspector

DOM inspector

view source

view live source (generated code)

cool colour picker/inspector: lets you hover over any colour on the screen and get the code for it.

windows resizer to common sizes for devices, mobile phones and pcs.

:woot: Excellent news!

[Crazysah]

Awsome news for Opera and its fans!

[Pink Floyd Veteran]

I installed Built from of October 20th but for some reasons, it lag as hell :(

Going back to 9.01

[halcyoncmdr]

Why did you go back to 9.01? Why not 9.02, was that lagging too?

[ravix7]

I too installed the latest weekly a while ago, however it lagged too much, used too much CPU on some sites. Reverted back to 9.02.

Anyone else have any lag issues?

[Steve Gosselin]

Anyone else have any lag issues?

Nope, all seems to works fine for me. :)

[halcyoncmdr]

I don't have any lag issues, but I do have some crashing issues; can't figure out what's causing it either. :(