• On GameSpot: So-called 'Halo killer' gets 23 to life
June 16, 2009 7:31 AM PDT

Opera Unite service opens a door to the PC

by David Meyer

Opera has released an early version of a browser-based sharing and collaboration service called Unite, which has been criticized by some security experts as having a level of protection that is too low.

Opera Unite, an application platform that turns the user's PC into a Web server, was unveiled in an alpha version by the Norwegian company on Tuesday. Components of the browser-based service include file sharing, photo sharing, a shared media player, a chat lounge, and the ability to run Web sites hosted on the user's PC.

Inside Opera Unite--screenshots

View the full gallery

While the user hosting the content needs to be running a particular version of Opera 10 for Windows, Mac, and Linux, those viewing the content can do so from within any browser, including Internet Explorer or Firefox.

Opera is trying to encourage developers to create new applications that use Opera Unite. "It all happens through the browser, so no additional software has to be downloaded, and it will work wherever Opera works (Windows, Mac, Linux and later mobile phones and other devices)," Opera product analyst Lawrence Eng wrote in a blog post on Tuesday. "Opera provides the platform and you provide the applications -- what you create is limited only by your imagination."

Eng referred to the initial Opera Unite applications as "just simple demos" and said the platform would allow for "a whole new class of social software on the Web ... [where] people can all connect directly without needing middlemen who control third-party servers." He also said the service will, in time, work on mobile phones and other devices, as well as on desktop computers.

The content is shared via Opera Unite by people sending other people URLs, and the security for protecting access to the content relies entirely on passwords. However, there are two ways to do this, and one method has been criticized by analysts as potentially posing a security risk.

When a person (the host) wants to share content, there are two options: either send a URL that leads to the host's personal landing page on Opera Unite, or send a URL that links to the application within Opera Unite that relates to the content they want to share.

With the first option, the host must send the viewer a password generated by Opera Unite for them to access the application. With the second option, the URL includes the password at the end, so it is in plain view if the URL is inadvertently shared. Also, with the second option, anyone who sees the URL does not need any further details to view the content, as clicking on the link will take them directly there.

"Be a bit cautious"
A spokeswoman for Opera confirmed to ZDNet UK on Tuesday that there is no encryption involved in the Opera Unite.

Asked whether the platform could be used by someone to access data on the host's PC that the host had not chosen to share, the spokeswoman said: "Definitely not -- unless they're a hacker."

"Opera Unite has been tested by a number of people within Opera, so the more people we have using the service, the more we'll know about the service itself," the spokeswoman added. "At this point, [you should] be a bit cautious in the files you're sharing -- only share amongst people you trust."

Greg Day, a McAfee principal security analyst, said Opera Unite was a "smart idea, going back to people self-hosting," and said there was "some value [from a security perspective], insofar as you are in control of your own data." However, he said there are also security risks associated with the approach.

"The [negative] is you have to have enough security integrated into the technology, or have the personal knowledge to put that security in around the technology," Day warned. "The logical evolution of services like Facebook was about simplifying the process, so you rely on a third party who, in theory, has the expertise to host on your behalf and keep it secure."

Andy Buss, a senior analyst at Canalys, said security based on the distribution of passwords was "an avenue to disaster."

"If there is no transport-layer security, it is easy to intercept the information being transported," Buss said. "This will need to be looked at as an option."

Another potential problem is related to intellectual-property violations, where hosts might illegally store copyrighted content on their PC and then distribute this via Opera Unite. Buss predicted that security and copyright issues will be a challenge for the next generation of internet applications, which will move a lot of activity now done on PCs to cloud-based services. "These services are required and useful, but they have to be as secure as possible," Buss said.

Asked about the copyright issue, Opera's spokeswoman said that if a user was found to be distributing copyrighted material, Opera would ask the user to remove the content and, if the person did not comply, would block the account. "This would only happen if the matter was brought to Opera's attention, as Opera does not monitor your data," the spokeswoman added.

Related story: Speedy Opera 10 beta reconfigures as Web suite

David Meyer of ZDNet UK reported from London.

Topics:

Browsers and extensions

Tags:

Opera,

Opera Unite,

browsers

Share:
Digg
Del.icio.us
Reddit
Recent posts from Webware
Hundreds of Facebook groups hijacked
Plan your wedding with these Web resources
Twitter, LinkedIn team up for self-promotion free-for-all
'Elf Yourself' returns with Facebook and Twitter power
Sneak peek: Xobni e-mail app for BlackBerry
More time needed for revised Google Books deal
With AdMob, Google seeks mobile-ad advantage
Closing chapter of Google Books saga near
Add a Comment (Log in or register) (22 Comments)
  • prev
  • 1
  • next
by bithaze June 16, 2009 8:12 AM PDT
Unite is only announced this morning, barely released, and already we're criticizing its security? It's a valid concern obviously and I'm not challenging that, but I feel like we should at least give it a chance beyond the first hour or two.
Reply to this comment
by lennie22 June 16, 2009 10:22 AM PDT
give it a chance then someone breaks in through opera's open doors? I don't think so, this is a valid concern even you stated that and because it is valid we have to treat it as such. security should be at high priority.
by plings June 18, 2009 4:57 PM PDT
@lennie22: Why are you spamming?
by Vegaman_Dan June 16, 2009 8:43 AM PDT
CNET wrote:

"Asked whether the platform could be used by someone to access data on the host's PC that the host had not chosen to share, the spokeswoman said: "Definitely not -- unless they're a hacker." "

Security is indeed a major issue, and any web browser that comes with its own web server included by default just became the #1 target for those hackers. Opera better be damned sure they have 100% security on those systems because they will have left themselves... and more importantly their customers, open to exploit.

This only seems like a way to make sure even less people use the product- at least those people who know anything about network security. It's a sure fired way to make sure Opera is banned from company / corporate networks too- how can any IT department defend against badly or unconfigured web servers from the inside? End users are largely ignorant and this could lead to all sorts of problems.

It could be a good thing, but I'm a paranoid bastard and can see all sorts of liabilities here.
Reply to this comment
by _davidlister_ June 18, 2009 9:23 AM PDT
Are you an idiot? Of course this won't get opera banned in the corporate environment, there is no tunnelling or reverse tunnelling going on, unless you spesifically configure NAT and firewall rules on the ports needed or UPnP is enabled (and the company that runs with UPnP enabled deserves whatever they are getting) no-one on the outside of your corporate firewall will be able to connect to your web server, however badly configured it is.

"how can any IT department defend against badly or unconfigured web servers from the inside?"
With the normal security measures any IT department with the crud in their keyboards should have.

I assume your reply to this would be "hackers could do it", newsflash for you and the rest of buzzword meida; hacking is not magic. If someone uses this opera feature to exploit anything behind a corporate firewall they will allready be behind it, no matter how you turn it around you can't pin the initial security breach on opera.

Sure it raises some issues on the home front, but I forsee that in time PGP and end-to-end encryption will be implemented, either way it's probably still more secure than windows home server...
by dudesmiles June 16, 2009 8:57 AM PDT
Everyone download this quickly or the EU will sue your behind off.
Reply to this comment
by plings June 16, 2009 10:00 AM PDT
Keep up the whining. It makes Microsoft look real good.
by lennie22 June 16, 2009 10:26 AM PDT
I won't be downloading Opera, and I implore all windows users to do the same...use Firefox, IE, even safari, but leave opera in the dust.
by plings June 16, 2009 1:52 PM PDT
@lennie22

Whine, whine whine. Want some cheese with that?

By the way, Mozilla is part of the complaint as well, so you better boycott them as well!
by lennie22 June 16, 2009 2:14 PM PDT
@Plings:

you sound like a broken record...

also, wine and cheese? really guy? I guess I'm just not used to your culture.
by plings June 18, 2009 4:56 PM PDT
@lennie22: *I* sound like a broken record? You are the one who has been whining and repeating yourself over and over here :D
by pjk0 June 16, 2009 10:56 AM PDT
All you Opera haters make me wonder if it's just another faux "grassroots" (paid) initiative by Microsoft to badmouth the competition.

Kinda ironic that people are griping about Opera and security, when it has been, by-and-large, the most secure mainstream web browser for years now.

Not to mention, most of the "keen new technology" that the browser competition has eventually adopted was originally invented and deployed by Opera in their own product.

Sour grapes from the sheeple, seems to me.
Reply to this comment
by lennie22 June 16, 2009 11:39 AM PDT
no I'm not, I wish i was paid my MSFT as least I would have extra money in my pockets. don't be so easy to write it off as people being paid.

"Sour grapes from the sheeple, seems to me." who are you yoda? learn to write a proper sentence.
by dudesmiles June 16, 2009 12:22 PM PDT
Paid by ms! I wish buddy. IE is a piece of **** browser. Im a Firefox/Chrome guy. Dont need lawsuits to teach me how to download and install them though. Opera thinks I do.
by lennie22 June 16, 2009 12:41 PM PDT
also, let me get on your other points before you jump up and start shouting that I over stepped them: yes opera has done some things their competition has copied like speed dial, I think google was the only one who copied that, tabbed browsing, everyone copied that,
bittorrent in the browser...I use a bt client that takes up way less memory foot print that opera and it much faster plus I have way more control over what I'm downloading and how I'm downloading and sharing.
widgets? I dont' know anyone copied that
popup blocking/integreated search I'm not sureif they had came up with these but everyone has them.

and about your point that Opera is "by-and-large, the most secure mainstream web browser for years now" is all wishfull thinking on your part...as a matter of real fact it is the least secure masinstream browser out there. Opera does not take incorperate DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) which all the othe mainstream browsers use.....it is much easier to do a buffer overflow in opera that it is in other browsers.
by lennie22 June 16, 2009 12:57 PM PDT
@dudesmiles:

I use IE8 maybe it's crap to you but it's good for me.....the other day I had about 26 tabs open I use quick tabs to navigate them visually because it's much better that way with that much tabs.....then I met a website that tried to take down my browser it was only able to close that 1 tab and IE8 was still there standing, all my 26 tabs were still open and running....
as far as I know opera has no technologies included that treats each tabs seperately, so if I was running opera my browser session would of ended up in a damn loop where after a crash and I restart it opera loads back all the tabs even the one that caused it to crash....which, you guess it, caused it to crash again....constant loop.

I never had this problem with Firefox, but I don't think it treats the tabs seperately either.
by plings June 16, 2009 5:09 PM PDT
@lennie22

"and about your point that Opera is "by-and-large, the most secure mainstream web browser for years now" is all wishfull thinking on your part...as a matter of real fact it is the least secure masinstream browser out there"

This is a blatant lie. Opera has the fewest security holes of any browser. Also, current versions of Opera du use DEP and all that crap.

Why are you lying like that?
by ktswami June 16, 2009 2:13 PM PDT
As they've been doing for 15 years, Opera innovates and everyone else follows. Everyone running around like chickens figuring out how to add file I/O, sandboxing, UPnP, and server-side scripting in Javascript into a 6M footprint. Start your copiers!

@lennie22: How does it feel to speak so authoritatively about which you know absolutely nothing?
http://www.opera.com/docs/changelogs/windows/964/

Your whining and screeching is hurting everyone's ears, so please stop. How's your Zune? Isn't it cool??

@CNET: Your credibility after getting bought by CBS is sinking fast with your technical "insight" and use of "heavy" quotes that "belie" your "obvious" unprofessionalism. Treating Opera like they're North Korea is bullsh--. Especially, when they all shamelessly copy features and you report it and pretend it's new. Cute.
http://www.opera.com/docs/history/#facts

For anyone still intent on using IE7/8, know that you are forcing all web developers to waste millions of hours of additional testing given that Microsoft continues to drag their feet with a 22 score in Acid3. They are being dragged, kicking & screaming into the era of standards-based web development...and they are being marginalized slowly, but surely (by Opera, Safari and Chrome's Acid3 prowess).

(Now if we can only get hypocritical Google engineers to not browser-sniff Opera and send subordinate code to render, like for Wonder Wheel.)
http://my.opera.com/community/forums/topic.dml?id=275843&t=1245186364&page=1#comment2982737

Grow up, sheeple, and learn how to give credit when it's due.
Reply to this comment
by lennie22 June 16, 2009 2:32 PM PDT
the last time I check was in January, didn't know they added DEP and A SLR support in march which by the way is way after everyone had it....but thats against the point, at least now they have it included. I also hope they fixed that problem which causes the browser to loop when it reaches a page that causes it to crash.

how is my Zune? its great actually and I will be upgrading to the ZuneHD when it comes out...it will be easy to hook up to my 32inch monitor when I don't want to turn on my computer and watch videos from there......also just incase you ask me, my xbox360 is doing pretty well too, I had my day off today but they're getting XBL ready for some nice updates in a couple months so it's offline right now, so I'm about to hit the road with my friends to a couple bars for some drinks....I'll be half drunk playing COD4 tonight...good times.
by plings June 16, 2009 5:11 PM PDT
@lennie22

LOL, there's more security than DEP and crap like that. Firefox, for example, had more security holes than even IE in 2008. That says something, considering that IE is an extremely insecure piece of garbage.
by pjk0 June 17, 2009 1:56 AM PDT
@lennie22: this "problem" of the browser re-starting and getting in trouble with a bad page is trivial to address by using the appropriate Opera configuration setting. (for example, set it to prompt at launch rather than automatically load the last open session/tabs. )

The feature that is related to that (ie crash recovery or saved sessions - another Opera innovation from years ago that others are only now copying) has saved my ass literally many hundreds of times over the years, and is a massive productivity booster by allowing you to save multiple collections of tabs (including their page position, forward/back history, etc) to either load on launch or at any time you wish to launch them later.

Oh and BTW - any other common web browser can have exactly the same problem if the user decides to automatically load a "homepage" on browser launch, when that "homepage" turns out to be a crasher. That's a key reason why I stopped doing that on older browsers many years ago. (ie back in the Netscape 4 days)
by aitchondo June 18, 2009 4:22 AM PDT
Asked whether the platform could be used by someone to access data on the host's PC that the host had not chosen to share, the spokeswoman said: "Definitely not -- unless they're a hacker." Huh? Who else is going to hack your computer. You have two types writing comments here, those who are Browser Fans, having one or more that they love... and hating all the rest. The others are computer people who know that all Browsers can be breached. I use several, depending on the circumstances, Opera, I.E., Firefox, The World, Chrome and Safari. Wait! Don't know about Wine and Cheese? Get cultured (pun intended).
Reply to this comment
(22 Comments)
  • prev
  • 1
  • next
advertisement

About Webware

Say No to boxed software! The future of applications is online delivery and access. Software is passé. Webware is the new way to get things done.

Add this feed to your online news reader

Webware topics

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET