Opera VPN – more a Proxy than a VPN
In its latest developer edition, Opera Software recently introduced its browser VPN, or you can just call it a VPN depending on the source you download the web application from. You can activate the Opera VPN quite simply; all you have to do is open your browser’s configuration settings and check the box labeled ‘VPN’.
The VPN helps safeguard traffic through encryption, which enhances both your privacy and web security while you browse different websites. However, it is important to understand that the VPN is NOT designed with WebRTC or plug-in support. This means that the websites you surf and the services you seek can potentially track your public IP regardless of the type of device you use with the VPN enabled.
A Look into the So-Called Opera VPN
According to Michael Spacek, who is an experienced IT security specialist and a web developer from Prague, Opera Software isn’t being honest with what they are providing. He says that the ‘VPN’ bit is more marketing and less web security.
After a thorough evaluation of the VPN, Spacek was able to discover that it isn’t actually a VPN, but a proxy. So, if you’re looking for enhanced privacy and security, you shall find none here. Web security must always be the foremost priority of anyone accessing different websites using a VPN. Opera’s VPN cannot be used in conjunction with different web or email applications such as Outlook – exposing your IP.
On top of that, the browser VPN also has a possible privacy issue – which is the fact that when you attempt to set up the virtual private network, the browser will always ask for something known as ‘device-id’, this request is consistently sent each time you use the proxy. Restarting your browser or re-installing it will not solve the problem – unless you delete all your user data. But if you don’t delete your user data, this privacy breach could be utilized to monitor your IP address.
“I’d just like to point out that the proxy in Opera (the thing they call “VPN”) is actually a secure proxy. That means that all data between the browser and the proxy server are encrypted no matter the protocol used by the browser to load the page. Even if the browser loads a page over plain HTTP the connection between the Opera browser and the proxy server will be encrypted using HTTPS – that’s why it’s so called secure proxy. Also here’s an implementation of the handshake in Python, it will generate credentials used by the browser to authenticate to proxy servers.”
How it Functions (the geek stuff)
Once you enable Opera VPN in your browser’s settings, the application starts to send API requests to the parent website (https://api.surfeasy.com). It does this to receive your IP credentials as well as the IPs for the proxy you are using. The browser then communicates with a de0.opera-proxy.net proxy. It is important to understand here that the internet protocol address it communicates with can solely be resolved with the browser VPN, when it is functioning.
What this basically means is that the VPN first sends a notification to the main provider of the application, requesting your IP. In the case of VPNs, they form a point-to-point connection, enabling users to securely mask their IPs and surf a private network. Think of a VPN as a firewall. A firewall protects your data on the PC; similarly, a VPN secures it online.
In the case of Opera VPN, all the app does is mask your IP inefficiently mask your IP, giving you access to a private network, however, it does not protect your data in anyway.
When this happens, any website you access with the VPN enabled begins to send requests to gain a proxy authentication request, which is a header.
Spacek was able to decode the proxy authentication header, which showed the following credentials:
The fact of the matter is, the credentials listed above, which belong to a proxy, can be utilized irrespective of the computing device you use, REGARDLESS of whether or not Opera is installed on that browser – you will get the same IP as with the device you originally used.
Further underlining this fact is a comment made by the head engineer of Opera, Krystian Kolondra. Kolondra stated they are working on what is being termed a ‘browser VPN’. This means the Opera VPN will function only in the browser and not on the entire system. Hence, this shows that Opera is not quite a VPN and is more of a proxy.