- I found a clickjacking (UI redress) on opera.com!
- I see plenty of ads. I am using Windows
- Credentials in URL can be used for a spoofing attack!
- VirusTotal reports about malware in setup.exe
- I use Opera for web development. There is a strange element inside which is not in my source code!
- “Log Out” button on forums doesn’t log me out; you have improper SSO implementation!
- What is the AI Benchmarking tool?
- Why do I need the AI Benchmarking tool?
- What kind of data does the AI Benchmarking tool collect?
- Why does the AI Benchmarking test take so long to complete?
I found a clickjacking (UI redress) on opera.com!
While clickjacking is an effective attack in cases where only clicking or minimal key presses are required to perform a harmful action, typically in the context of a logged-in user’s account, we are not aware of any part of our site where a clickjack attack could have any significantly harmful consequences. We are aware that the site does not use clickjacking protection, but we are not able to see how a malicious attacker could use it against any parts of this site. (Parts of our other websites that need clickjacking protection will already use the header to prevent it. We only use the header on pages that actually need it.)
Therefore, we do not consider this to be an exploitable security issue, or even a bug. The lack of the X-Frame-Options header is intentional.
I see plenty of ads. I am using Windows
First of all, ensure that Opera’s native ad blocker is enabled and try enabling additional lists in Opera settings (Opera menu > Settings > Basic > Block ads > Manage lists…).
It sounds like there is malware or a virus on your computer which is opening unwanted pages in your browser.
Use reputable antivirus and antimalware products to scan and protect your computer. These will need to remove the original malware or virus for you. Without doing this, the other steps listed in this FAQ are essentially useless as the malware can run again and undo all of your fixes. Wikipedia has a good list here: http://en.wikipedia.org/wiki/Comparison_of_antivirus_software.
Note that if you have an existing antivirus product, it may have failed to detect this malware. Try some other products to see if they can detect it.
Once the malware has been removed, either reset your Opera settings (Opera menu > Settings > Browser > Reset Opera) or correct anything it had changed in your Opera settings. For example:
- Are there any unwanted extensions installed in Opera? Navigate to Opera menu > Extensions. Disable all extensions that are listed, and restart Opera to see if the problem has been fixed. You can now re-enable any extensions you want to keep.
- Has it changed your browser startup settings? Navigate to Opera menu > Settings > Browser > On startup. “Continue where I left off” is the default setting and should be selected, unless you decide to change it. Also check the “Set pages” link to see if any unwanted pages are listed there (the list is empty by default). Remove any unwanted pages from the list.
- Remove any bookmarks or Speed Dials it might have added.
- Check the properties of the Opera desktop icon which starts Opera. The malware may have added its own address to the end of the command that starts Opera. It may also have done this in your registry.
- Navigate to Opera menu > Settings > Browser > Search > Manage search engines… and remove any unwanted search engines from the Opera settings.
You will need to do this for any other browsers that you have installed as well. If you need assistance with any of this, please take your computer to a local computer servicing centre.
Credentials in URL can be used for a spoofing attack!
(e.g. http://example.com@sample.com)
Opera and other Chromium-based browsers consider this as expected behaviour. Even though the user lands on another website than the one written before the @ sign, the address bar is still the ultimate UI element which provides security information showing the actual website and not the web address written in the address bar. Additionally, Opera hides the username and password information after navigation in the URL box, so users can clearly see which site they really visit. This way, the effectiveness of such spoofing attacks is minimized.
VirusTotal reports about malware in setup.exe
VirusTotal is a service which scans selected files with multiple antivirus engines. Settings for these scanners can be much different than the settings used on typical computers, and sometimes they report what we believe are false-positives. This happens especially with Antiy-AVL, Baidu, Cylance, and Qihoo 360. Please don’t report this issue to us unless antivirus engines other than the ones listed find something suspicious.I use Opera for web development. There is a strange element inside which is not in my source code!
You appear to have enabled Opera’s native ad blocker. The ad blocker inserts non-lethal elements in a page's code to restructure the layout after blocking ads.
Each of these solutions will help in the order we suggest most:
- Ignore this <style> tag in the <head> tag ?
- Download and use either Opera Developer, Beta, or Portable for development (with ad blocker disabled), and use Opera Stable for web browsing
- Create a separate profile with ad blocker disabled
- Disable Opera’s native ad blocker
We decided not to hide our <style> tag because it would result in inconsistencies between what you see in DevTools and in the page, making debugging much harder.
“Log Out” button on forums doesn’t log me out; you have improper SSO implementation!
Short answer: It is by design.
Long answer: This is not an SSO (single sign-on) solution, but our Forums uses your Opera Account as an OAuth2 identity provider.
To give an analogy: If you used your Facebook account to log in into Spotify, you can click "Log out" on Spotify.com and it may appear you are logged out of Spotify. But, if you open Facebook in a different tab you'll see that you are not logged out of Facebook. Next, if you click "Log in with Facebook" on Spotify.com again, you will be immediately logged in without entering any credentials.
This is the same mechanism that we use. Spotify and Facebook do not share a session just like Forums and Auth do not. Logging out of Forums does not terminate the session on the Opera Auth servers since they don't share session or cookie information. There is no "central SSO login." Logging in our out of Forums is a completely independent action from logging in or out of Opera Auth.
What is the AI Benchmarking tool?
The AI Benchmarking tool tests your computer’s hardware to determine its readiness for running local AI language models. The tool allows you to download one of three local LLMs to your machine and check how your computer performs with each one.
Why do I need the AI Benchmarking tool?
You might be an AI enthusiast looking to get started with local LLMs, and want to know if your trusty laptop can cut it. You might be a developer looking to benchmark different hardware configurations. Or you might be a tech journalist looking to review AI-ready machines and want to test how each one performs. At the moment, there is no easy way to do that with AI language models. This tool aims to provide an easy-to-use, one-click way to get these insights.
What kind of data does the AI Benchmarking tool collect?
The AI Benchmarking tool collects anonymous information about your computer’s hardware configuration and the performance test results. Hardware information includes the type and model of your CPU and GPU, and the amount of RAM and storage space in your computer. This data is used only to produce your test results, compare your computer to other users who take the test, and allow you to share the test results through your social media, if you wish to. No personal data is collected through the tool and no data is associated with specific users, IP addresses, or other identifiers.
For more information on our data privacy practices, please see our Privacy Statement.
Why does the AI Benchmarking test take so long to complete?
Well, there’s a reason why they’re called “Large Language Models”. They can be several GB in size, and the test downloads such a model to your machine in order to properly test it. The tasks involved in the test are also repeated several times for redundancy and in order to generate a significant result.