The following guide provides several tricks (‘tweaks’) how you easily setup Opera for the maximum security in terms of internal given mechanism which you need to enable or switch to enhance the overall browser security. It’s a guidance and not an universal guide because Browsers changing frequently and there might getting or removing several functions, please keep this in mind.
Based on Opera 51 the guide will show several recommendations from me to lower the attack surface. Let’s get started.
Ensure you enabled “Block ads and surf the web up to three times faster” among the filter lists which you like to use. The default pre-defined list ‘Easylist’ and ‘NoCoin’ are good enough for most users, of course there exist no lists which address really every advertisement but loading more lists might breaking pages or loading the website less fast because the ad-blocker is busy parsing the list when you run out of memory.
Click on ‘Manage Exceptions’ and ensure you remove all of the pre-given exceptions because you especially want to block ads on Facebook & Co. You don’t need to do this step if you never visit such platforms but I suggest you remove it anyway and only add manually the pages which might not loading correctly.
The download location is an important option because several OS mechanism protecting special dirs, for Windows this is the Documents/Download location, don’t set it to Desktop because by default Windows Defender protects (if on latest Windows 10 version 1709) the download dir against Ransomware (Ransomeware protection must be manually be enabled in Windows Defender first!).
To avoid attacks locate the default download dir on a secure place, in case you use a Sandbox or RamDisk use this location. Also ensure that the ‘Ask where to save each file before downloading’ option is enabled, which will ensure that there no sneaky background downloads.
Cookies are always problematically because they can expose and track you, the strategy here is to only accept cookies from visited pages and then delete them automatically when we close Opera.
Cookies getting automatically deleted after you are finished using the Opera browser. 3rd-party cookies getting blocked by default.
This option ensures that we see all ‘hidden’ options, well there not really hidden but Opera things that there not really ‘useful’ to bother with for the normal user but we want to control every aspect - so let’s enable it with a simple click.
The full URL showing option ensures that you not get a shorten URL, this can prevent attacks to obfuscate or nest bad links into a short one.
Disable Adobe Flash via “Block sites from running Flash” and simply don’t use any website with Flash, use alternative pages which don’t require Adobe Flash, this is a simple rule.
Same rule from Adobe Flash goes for Location, Camera and the Microphone option, simply work with exclusions and turn it off.
If possible don’t use any Sync or background processes to avoid attack scenarios in the first place, only use Sync if you really need it, nothing these days speaks against local copies and backups. As always work with exceptions.
This is the interesting stuff and some options are by default hidden here and the reason why we enabled the advance options.
Turn everything off except the automatically crash submission to help Opera in to identify or fix possible problems. If you don’t trust Opera with this, simply don’t use their browser in the first place, people often say that this reveals a lot about you and this is not wrong but how else you provide something useful without submitting a crash report? Right you can’t, besides it only contains meta-data like which OS you use and this alone doesn’t say anything about you.
Opera’s Turbo mechanism tries to reduce the overhead and compress the pages, images while their so called VPN is simply a Proxy, instead better use your own VPN provider.
Theoretically nothing speaks against it, but Password Managers like KeePass are more secure since they encrypting their database which in case you computer gets hacked the attacker would need to brute-force your database. Autofill entries in Chrome/Opera and Passwords can be read-out with several tools and that is a no-go, so better use KeePass or another password manager program instead.
If you not need WebRTC then turn it off, if you use it ensure you use the “Use default public network interfaces only” option.
Change it to “Disable non-proxied UDP” in case you don’t want/need WebRTC. it doesn’t entirely turn every connection of but it eliminates the leakage problem on insecure connections.
We don’t want that any websites can add or ‘Handlers’, turn it off by setting the option to “Do not allow any site to handle protocols”. The Handlers are used e.g. if you Browser are not aware what to do with a specific format/protocol eg. if there is no support for it or if it requires an external program, this can be a security risk.
Here comes the geek stuff but I make it brief, open the about:flags (opera://flags/) page by typing it into the address bar which shows a lot of additional options. Since Opera is a tweaked Chromium engine based Browser, it works exactly the same like with Chrome, change a value and restart you Browser afterwards to activate the change but not all changes requiring a restart so set every flag you want and do only once restart to avoid wasting time.
[caption id=”attachment_3148” align=”alignnone” width=”1582”] Tons of options but I will only show the important ones.[/caption]
I will list only the interesting ones, all others are same like the not mentioned Opera options optional and more a matter of taste, we are keeping out focus on the security aspect.
To simplify the process I only mention the links so you can click on them and Opera loads it automatically for you:
The missing gap is covered by Add-ons which getting an separated article because it would be too much right now to explain them over here.
Opera can be tweaked same way like Chrome and it’s worth to do this because it can lower the attack surface in several scenarios, the site isolation function for example is really powerful and it’s beyond me why it isn’t enabled by default already.
The guidance is a current view of given options and should not be seen as ‘ultimative privacy guide’ to harden Opera, harden something means you constantly check the product for weaknesses and try to fix them within the source code and not with ‘optional’ implemented options - such options are there because some users might have or not have problems and several things are optional because of that, always test things yourself and not blindly trust any page, ask questions and reveal the truth to understand how things are really working to build strategies to be more secure than he mass. Stay informed and monitor several sources to know what to do when the next leak comes - and for sure there will be the next bang, no matter which Browser you use, at the end all you can do is to keep yourself updated with information and the latest software.