Opera calls google. Is this new ?
Winston Smith
I've just upgraded to the latest Opera 10.10.
I've noticed in my proxy log that it calls silently (but maybe it did this before) when starting:
and
I find that extremly unpleasant. Why does it call google ?
How do I disable these requests ?
TIA.
Arioch
<wsm...@oceania.invalid> сообщал:
> I've just upgraded to the latest Opera 10.10.
>
> I've noticed in my proxy log that it calls silently (but maybe it did
> this before) when starting:
Starting empty ? no WWW pages open, no RSS/Atom newsfeeds ?
Perhaps some of those trigger them ?
443 is HTTP over SSL, httpS://
Encryption
> and
> crl.verisign.com/pca3.crl
Opera probably need key for that encryption.
Open something like https://www.google.com/accounts/ManageAccount - where
is both google.com and https
No, right from the address bar would be certificate info box. In default
skin it looks like
http://help.opera.com/Windows/10.10/en/fraudprotection.html
Open it and explore certificate tree, it's "CRL Distribution Points"
header links them into a chain. Where is the chain root - you may already
guess.
So, if you use some Google account, be it mail, iGoogle or whatever, it is
quite probably that you use encrypted access to Google, and then keys for
encryption should be checked and re-checked and re-checked to prevent
phishing fraud.
You might learn of it here:
http://www.google.com/search?client=opera&rls=ru&q=ev+certificates&sourceid=opera&ie=utf-8&oe=utf-8
So, to remove crl.verisign.com/pca3.crl you must disable all Opera
security and acryption.
> I find that extremly unpleasant. Why does it call google ?
Here we can only guess. Few possible reasons i told above.
One more. Firefox also calls google, to see for fraud sites. Opera uses
PhishTank, Thawte - see
http://help.opera.com/Windows/10.10/en/fraudprotection.html
Maybe it also uses Google now ?
If you worry much, perhaps you'd check which certains page Opera loads
within https://www.google.com:443/xxxxxxxxxxx ?
Some tool like Proxomitron + OpenSSL might be set to monitor all this.
Winston Smith
> В письме от Sun, 29 Nov 2009 14:45:46 +0300, Winston Smith
> <wsm...@oceania.invalid> сообщал:
>
>> I've just upgraded to the latest Opera 10.10.
>>
>> I've noticed in my proxy log that it calls silently (but maybe it did
>> this before) when starting:
>
> Starting empty ? no WWW pages open, no RSS/Atom newsfeeds ?
Yes, empty. about:blank
No newsfeed, no email account defined, no Usenet.
>
> Perhaps some of those trigger them ?
Should'nt as there is nothing (at least I thought so).
>
>> www.google.com:443/
>
> 443 is HTTP over SSL, httpS://
> Encryption
>
>> and
>> crl.verisign.com/pca3.crl
>
> Opera probably need key for that encryption.
>
> Open something like https://www.google.com/accounts/ManageAccount -
> where is both google.com and https
> No, right from the address bar would be certificate info box. In default
> skin it looks like
> http://help.opera.com/Windows/10.10/en/fraudprotection.html
>
> Open it and explore certificate tree, it's "CRL Distribution Points"
> header links them into a chain. Where is the chain root - you may
> already guess.
I'll check the certificates ASAP.
> So, if you use some Google account, be it mail, iGoogle or whatever, it
> is quite probably that you use encrypted access to Google, and then keys
> for encryption should be checked and re-checked and re-checked to
> prevent phishing fraud.
I use a scroogle SSL search but it doesn't call scroogle if I don(t have something to search.
Fraud protection is disabled.
> You might learn of it here:
> http://www.google.com/search?client=opera&rls=ru&q=ev+certificates&sourceid=opera&ie=utf-8&oe=utf-8
>
>
> So, to remove crl.verisign.com/pca3.crl you must disable all Opera
> security and acryption.
>
>
>> I find that extremly unpleasant. Why does it call google ?
>
> Here we can only guess. Few possible reasons i told above.
>
> One more. Firefox also calls google, to see for fraud sites. Opera uses
I have anti phishing disabled in Firefox too.
> PhishTank, Thawte - see
> http://help.opera.com/Windows/10.10/en/fraudprotection.html
> Maybe it also uses Google now ?
>
> If you worry much, perhaps you'd check which certains page Opera loads
> within https://www.google.com:443/xxxxxxxxxxx ?
> Some tool like Proxomitron + OpenSSL might be set to monitor all this.
I use Privoxy and that's where I saw that unexplained activity.
This is what it produces after starting:
Nov 30 10:11:37.866 00000128 Request: www.google.com:443/
Nov 30 10:11:37.882 000002f8 Request: certs.opera.com:443/
Nov 30 10:11:46.086 00000d34 Request: www.google.com:443/
Nov 30 10:11:46.102 00000e8c Request: certs.opera.com:443/
Nov 30 10:11:52.333 00000c5c Request: evsecure-crl.verisign.com/pca3-g5.crl
Nov 30 10:11:52.333 00000c98 Request: crl.verisign.com/pca3.crl
Nov 30 10:12:07.316 00000a00 Request: ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQekgxxxxxxxxx...
Nov 30 10:12:07.348 00000b8c Request: ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRFxxxxxxxxx...
Nov 30 10:12:17.274 00000b8c Error: Empty server or forwarder response.
Nov 30 10:12:17.603 00000a00 Error: Empty server or forwarder response.
Nov 30 10:12:21.360 00000aa8 Request: certs.opera.com:443/
If I can't find how to disable this then I'll probably stop using it.
Thank you for your help.
Rijk van Geijtenbeek
<wsm...@oceania.invalid>:
> Arioch wrote:
..
>> If you worry much, perhaps you'd check which certains page Opera loads
>> within https://www.google.com:443/xxxxxxxxxxx ?
>> Some tool like Proxomitron + OpenSSL might be set to monitor all this.
>
> I use Privoxy and that's where I saw that unexplained activity.
>
> This is what it produces after starting:
>
> Nov 30 10:11:37.866 00000128 Request: www.google.com:443/
> Nov 30 10:11:37.882 000002f8 Request: certs.opera.com:443/
> Nov 30 10:11:46.086 00000d34 Request: www.google.com:443/
> Nov 30 10:11:46.102 00000e8c Request: certs.opera.com:443/
> Nov 30 10:11:52.333 00000c5c Request:
> evsecure-crl.verisign.com/pca3-g5.crl
> Nov 30 10:11:52.333 00000c98 Request: crl.verisign.com/pca3.crl
> Nov 30 10:12:07.316 00000a00 Request:
> ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQekgxxxxxxxxx...
> Nov 30 10:12:07.348 00000b8c Request:
> ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRFxxxxxxxxx...
> Nov 30 10:12:17.274 00000b8c Error: Empty server or forwarder response.
> Nov 30 10:12:17.603 00000a00 Error: Empty server or forwarder response.
> Nov 30 10:12:21.360 00000aa8 Request: certs.opera.com:443/
>
>
> If I can't find how to disable this then I'll probably stop using it.
>
> Thank you for your help.
Maybe you've set your Google search to a https address instead of the
expected http? Or you've got a default bookmark that is set to
https://www.google.com? On startup, Opera tries to get favicons to show in
the search field and for default bookmarks.
--
Rijk van Geijtenbeek
Opera Software ASA, Documentation & QA
Tweak: http://my.opera.com/Rijk/blog/
"The most common way to get usability wrong is to listen to what users
say rather than actually watching what they do." - J.Nielsen
Winston Smith
Hello,
You mean that there is no reason for Opera to call google (by itself).
My default search field is (from search.ini):
[Search Engine 4]
UNIQUEID=78AE0D60C8E6CD43A989785A3EDE9293
Name=Scroogle English
Verbtext=0
URL=https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi?Gw=%s&l=en&sourceid=opera&num=%i&ie=utf-8&oe=utf-8
Query=
Key=i
Is post=0
Has endseparator=0
Encoding=iso-8859-15
Search Type=0
Position=-1
Nameid=0
Deleted=0
Opera starts with a blank page and no speed dial is defined.
I've searched through my bookmarks and found no google on HTTPS or :443.
So what can it be ?
TIA.
Arioch
<wsm...@oceania.invalid> сообщал:
> I use Privoxy and that's where I saw that unexplained activity.
> This is what it produces after starting:
> Nov 30 10:11:37.866 00000128 Request: www.google.com:443/
> Nov 30 10:11:37.882 000002f8 Request: certs.opera.com:443/
> Nov 30 10:11:46.086 00000d34 Request: www.google.com:443/
> Nov 30 10:11:46.102 00000e8c Request: certs.opera.com:443/
You see, inside SSL encrypted tunnel to server your proxy cannot say what
certain page been requested
Proxomitron with OpenSSL libraries was told to be posssible like
man-in-the-middle, tracing certain pages accesses with SSL tunnel.
May it be some plugins or java using them ? what if diable plugins and
java ?
Yngve Nysaeter Pettersen (Developer, Opera Software A/S)
wrote:
>I use Privoxy and that's where I saw that unexplained activity.
>
>This is what it produces after starting:
>
>Nov 30 10:11:37.866 00000128 Request: www.google.com:443/
>Nov 30 10:11:37.882 000002f8 Request: certs.opera.com:443/
>Nov 30 10:11:46.086 00000d34 Request: www.google.com:443/
>Nov 30 10:11:46.102 00000e8c Request: certs.opera.com:443/
>Nov 30 10:11:52.333 00000c5c Request: evsecure-crl.verisign.com/pca3-g5.crl
>Nov 30 10:11:52.333 00000c98 Request: crl.verisign.com/pca3.crl
>Nov 30 10:12:07.316 00000a00 Request: ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQekgxxxxxxxxx...
>Nov 30 10:12:07.348 00000b8c Request: ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRFxxxxxxxxx...
>Nov 30 10:12:17.274 00000b8c Error: Empty server or forwarder response.
>Nov 30 10:12:17.603 00000a00 Error: Empty server or forwarder response.
>Nov 30 10:12:21.360 00000aa8 Request: certs.opera.com:443/
www.google.com you will have to check your configuration about. Others have
suggested it is caused by your secure google search configuration and a request
for its favicon (I am not familiar with the search field functionality, but my
guess is that it is built to show the favicon beside the name of the
searchengine you have configured, and it will try every startup until it finds
it).
certs.opera.com is the Opera Root Certificate repository, checked once a week on
startup, makes at least two requests each time (repository index and list of EV
enabled CAs), and will automatically download and install missing Roots whenever
you encounter a known Root Certificate that is not in the local root repository.
evsecure-crl.verisign.com, crl.verisign.com, ocsp.verisign.com: revocation
checking for certs.opera.com's EV certificate (making sure they have not been
invalidated)
ocsp.thawte.com: revocation checking for Google's certificate
Winston Smith
> On Mon, 30 Nov 2009 10:22:05 +0100, Winston Smith <wsm...@oceania.invalid>
> wrote:
>
>
>> I use Privoxy and that's where I saw that unexplained activity.
>>
>> This is what it produces after starting:
>>
>> Nov 30 10:11:37.866 00000128 Request: www.google.com:443/
>> Nov 30 10:11:37.882 000002f8 Request: certs.opera.com:443/
>> Nov 30 10:11:46.086 00000d34 Request: www.google.com:443/
>> Nov 30 10:11:46.102 00000e8c Request: certs.opera.com:443/
>> Nov 30 10:11:52.333 00000c5c Request: evsecure-crl.verisign.com/pca3-g5.crl
>> Nov 30 10:11:52.333 00000c98 Request: crl.verisign.com/pca3.crl
>> Nov 30 10:12:07.316 00000a00 Request: ocsp.thawte.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQekgxxxxxxxxx...
>> Nov 30 10:12:07.348 00000b8c Request: ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRFxxxxxxxxx...
>> Nov 30 10:12:17.274 00000b8c Error: Empty server or forwarder response.
>> Nov 30 10:12:17.603 00000a00 Error: Empty server or forwarder response.
>> Nov 30 10:12:21.360 00000aa8 Request: certs.opera.com:443/
>
>
> www.google.com you will have to check your configuration about. Others have
Yes, I'll probably have to reinstall from scratch and integrate some small modifications one by one.
> suggested it is caused by your secure google search configuration and a request
No, because it's not google but scroogle (not the same domain name).
> for its favicon (I am not familiar with the search field functionality, but my
> guess is that it is built to show the favicon beside the name of the
> searchengine you have configured, and it will try every startup until it finds
> it).
> certs.opera.com is the Opera Root Certificate repository, checked once a week on
> startup, makes at least two requests each time (repository index and list of EV
> enabled CAs), and will automatically download and install missing Roots whenever
> you encounter a known Root Certificate that is not in the local root repository.
>
> evsecure-crl.verisign.com, crl.verisign.com, ocsp.verisign.com: revocation
> checking for certs.opera.com's EV certificate (making sure they have not been
> invalidated)
>
> ocsp.thawte.com: revocation checking for Google's certificate
Thank you for your explanation.