Yesterday’s announcement about browser developer Opera adding a native, free, unlimited VPN service to its browser is criticized online by security experts. They argue users shouldn’t think their privacy is properly protected when using Opera’s VPN service and argue it’s not even a real VPN.
Web security consultant Michal Špaček has analyzed the service and in his conclusion he writes, “This Opera “VPN” is just a preconfigured HTTP/S proxy protecting just the traffic between Opera and the proxy, nothing else. It’s not a VPN.”
Besides his concern there is also little information on how Opera protects your privacy. The company’s announcement about the service didn’t disclose whether the service logs visited sites, DNS requests, your IP address etc. It is for sure, based on the analysis of Špaček that each machine connecting to the service gets an unique device_id and password.
Opera did disclose that their service is powered by a company they acquired called SurfEasy which is based in Canada. If the Opera VPN uses exactly the same technology as SurfEasy then it means bandwidth and IP addresses are logged, according to this extensive list of VPN providers. That means you’re far from really private.
Or as Twitter user strings -a da_667 states it more blatantly:
Another difference with a real VPN is that Opera’s service only works on traffic in the browser. If you download torrents, send emails or use messaging software, then that goes through your regular connection.
Opera itself advertises the service for hiding your IP address, to prevent Wifi sniffing and to unblock firewalls and websites.
The latter might be useful, but using the VPN for circumventing e.g. the geoblocking from Netflix is pretty useless, the movie streaming site is cracking down on VPN users and quickly adds new VPN services to its blacklist.
Concluding, Opera’s VPN service is a HTTPS proxy of which hardly anything is known. It should therefore not be trusted and used if you are really concerned about your privacy.