If you’re using the free VPN offered by the Opera browser because it’s convenient, think again.
Opera vpn is definitely not a secure vpn. Yes, it’s free. Yes, it’s very convenient, you connect with one click, but it comes at a price in terms of security/privacy/anonymity. Would you wear a bulletproof vest of dubious security?
It’s not just about being able to access banned websites, it’s that no one knows you’re there and what you’re doing there. Accessing a censored website is not a crime today, but what about tomorrow? How many bytes of space do you think your internet activity takes up in a year? When the time comes, it all boils down to a small search in the database. It doesn’t even have to be criminalized; there are realities in our lives called security investigations and archive searches.
So why is Opera VPN not secure?
First, opera vpn is not a real vpn, it’s a hardened proxy. Only opera calls it a vpn. Two vital features for the security of a vpn are the vpn protocol (like openvpn, wireguard) and the encryption method (like aes-256, aes-128). It is vital because these two are what hide your internet activity. Every vpn provider advertises them in big font on their website. Opera, on the other hand, has never disclosed its protocol and encryption algorithm, not even in the fine print deep within its website. According to the experts, this means that Opera does not use a vpn protocol at all, and that it uses tls as its encryption method, which is a low-level encryption never used in the industry and can be cracked (source). I think this is the case because it makes a lot of sense to explain and advertise these two things in two words, but if it doesn’t, then there is a problem.
This makes sense “from opera’s point of view” because opera browser is neither paid nor a foundation/volunteer group product like firefox. So as a commercial company it has to make money somehow, and it does that by selling user data.
Third, it suffered a data leak that seriously damaged its credibility. In 2016, it stole the data of 1.7 million opera sync users. The data included at least usernames and hashed passwords (source 1, source 2)
Finally, another indication that they don’t take security seriously is that the “bypass vpn in search engines” feature is selected. So the searches you do on google thinking the vpn is on are obvious.
Since the main issue with vpn is reliability, not to mention super slow or captchas that won’t go away even if you keep solving them.
As a result, unfortunately, opera vpn is not for those looking for security/privacy/anonymity.