If you’re using the free VPN offered by the Opera browser because it’s convenient, think again.
Opera vpn is definitely not a secure vpn. Yes, it’s free. Yes, it’s very convenient, you connect with one click, but it comes at a price in terms of security/privacy/anonymity. Would you wear a bulletproof vest of dubious security?
It’s not just about being able to access banned websites, it’s that no one knows you’re there and what you’re doing there. Accessing a censored website is not a crime today, but what about tomorrow? How many bytes of space do you think your internet activity takes up in a year? When the time comes, it all boils down to a small search in the database. It doesn’t even have to be criminalized; there are realities in our lives called security investigations and archive searches.
So why is Opera VPN not secure?
First, opera vpn is not a real vpn, it’s a hardened proxy. Only opera calls it a vpn. Two vital features for the security of a vpn are the vpn protocol (like openvpn, wireguard) and the encryption method (like aes-256, aes-128). It is vital because these two are what hide your internet activity. Every vpn provider advertises them in big font on their website. Opera, on the other hand, has never disclosed its protocol and encryption algorithm, not even in the fine print deep within its website. According to the experts, this means that Opera does not use a vpn protocol at all, and that it uses tls as its encryption method, which is a low-level encryption never used in the industry and can be cracked (source). I think this is the case because it makes a lot of sense to explain and advertise these two things in two words, but if it doesn’t, then there is a problem.
Secondly, the logging issue. Opera explains in the part of its privacy policy about its vpn service that it doesn’t log your browsing activity and ip address. that’s great. but in the part about the browser it says that it logs your device ID, hardware information, location and other personal information and has the right to transfer it to other countries (source). Moreover, it allows third-party companies to collect and process your data (the source has a list of them).
This makes sense “from opera’s point of view” because opera browser is neither paid nor a foundation/volunteer group product like firefox. So as a commercial company it has to make money somehow, and it does that by selling user data.
Third, it suffered a data leak that seriously damaged its credibility. In 2016, it stole the data of 1.7 million opera sync users. The data included at least usernames and hashed passwords (source 1, source 2)
Finally, another indication that they don’t take security seriously is that the “bypass vpn in search engines” feature is selected. So the searches you do on google thinking the vpn is on are obvious.
Since the main issue with vpn is reliability, not to mention super slow or captchas that won’t go away even if you keep solving them.
To Summarize
Your data is available to those on your wi-fi network and your ISP (and therefore the government) due to the lack of a vpn protocol and weak encryption, and it is available to opera itself and third-party companies in any country due to the privacy policy you agreed to.
As a result, unfortunately, opera vpn is not for those looking for security/privacy/anonymity.
