Opera is Spyware!?!
By Andrew Busigin
April 21, 2003
Resting in sunny Florida I was running Opera on a nephew's system,
specifically ver 7.03 US - the adware version. I didn't mind ignoring the ads
too much, and even occasionally clicked on a few to feed the clikthru hungry
bannerati. Lo and behold, without entering any voluntary location data, and
always entering such info in a dodgy fashion when it was a "required field", the
banner ads started getting personal, or at least - local, advertising businesses
very close by. It seemed as if the browser might be feeding back URL lists, or
perhaps, gasp, form field content, or XML. Naw... I thought - not Opera. I like
those folks, and have recommended it to so many.
Being a wary security sort, my early experience with Opera was good. I didn't
want to believe that Opera was no longer behaving ethically. I wanted to find
other culprits.
Ok, let's review... I was running anti-virus at least two extra full scans a
day, with daily updates (
AVG-Anti Virus - free for personal use and
a very good anti-virus program). I also had Ad-Aware running and cleaning
everything it could find several times daily. I didn't want to believe that
Opera wasn't behaving ethically. The machine also operated on a network
connection behind a firewall appliance.
I realized this wasn't enough.
Time to install Sygate Personal Firewall (
free for personal use). Heck - it should have been installed from the outset, but
in a previous visit, it had interfered with my nephew's personal mud server.
I digress... Using Sygate is a bit of work if you want to be diligent about
security, so I set the options to register every dll. This meant that every time
a program loaded a new DLL, I would be asked permission, or the dll would not be
allowed to load henceforth. Well - Opera went and caused me numerous
notifications, and by reading the fine print, it was loading several DLLs at a
time.
Now in fairness, dll's seemed to load at times when there might have been an
excuse to do so, for example - when I asked to print a page, it loaded several
dlls. Fine. I wasn't certain it needed as many as it asked for, but I allowed
it. I noticed that every now and again, it seemed to be loading DLLs at
synchronous moments when my nephews Opera-based mail account was periodically
going to his POP3 server to look for mail. Odd. Now I noticed that opera seemed
to occasionally update a dll that appeared to be connected to it's ad-banner,
but while I objected to being updated without my express permission, I allowed
it a couple of times.
But then during a now seemingly routine DLL load notification, I read that
Opera had loaded a pgpmn.dll file, that I couldn't explain. After all, I wasn't
using pgp on this machine, and my nephew hadn't fired it up in weeks, or longer,
so I had to wonder - What was Opera doing with my pgp files, without my express
permission to be there?
Having tried to e-mail Opera folks about security questions a few times in
the past, I knew better than to try again, and I thought about the other odd
things Opera had done recently.
Well, one of the things about Opera for some time now, is that I've noticed
Opera's memory footprint growing on my system as if it had a bad memory leak.
And after a hour of use, the Opera footprint could be pretty large. Opera
crashes seemed to happen repeatedly after sucking up mucho memory, but I had
thought that a design flaw that failed to dump old memory/pages aggressively
enough.
Source of Story
and more:
The Inquirer
Related
Informal response by Yngve Pettersen a noted Senior Developer of Opera:
Opera Forum.
