How secure is Opera Unite?
If a Unite widget is designed the way Opera intends, it should enroll itself in a menu clearly labeled "Opera Unite Services," accessible from the left side toolbar, as indicated in this screenshot from Opera Software. But that's if it's intentions are completely honorable. Since a Unite widget is essentially a widget with some extra inclusions in its config.xml file, it appears feasible on the surface for a malicious user to craft an Opera widget that purports to be just a local widget, but which ends up leveraging the Unite protocol to deliver a harmful payload...or to wreak havoc on the user's file system.
Opera's spokesperson tells Betanews today that the company itself will protect against this possibility by pre-screening all Unite widgets and certifying their developers' claims.
"We make sure that any service uploaded on http://unite.opera.com only does what it claims and informs the users about," the spokesperson said. "Any faulty/malicious services will not be approved. As such, we encourage our users to download services only from http://unite.opera.com -- this repository offers services absolutely free and is open to all developers."
As Firefox users are already well aware, Mozilla's servers aren't the only place in the world to download add-ons -- oftentimes their developers do their own distribution. So when Opera's servers see traffic from Unite widgets, how will they know for certain that these widgets are what they say they are, and being operated on the authority of legitimate users? This is another extremely important point because, as outlined in the Opera widget security model which pre-dates Unite, a widget can conceivably communicate using a secure protocol using authentication -- such as SSL -- but doing so is completely voluntary.
Opera's spokesperson told Betanews today that authentication takes place between the widget and Opera's proxy servers not using SSL (with the https:// protocol identifier) but one of its own: "The authentication between the Opera Unite client and the Opera proxy happens via http://auth.opera.com which is our secure authentication server. This is the same server that is used to authenticate all our services, like Opera Link."
Introduced in September 2007, Opera Link is a storehouse for user information, originally designed to enable users to transport their bookmarks, "Speed Dial," personal notes, and other browser data between desktop and mobile platforms. It's maintained by the "My Opera" server network, which is operated by the Opera Community as opposed to the company. While contributors have responded to user concerns by pointing out that link synchronization -- moving those assets between desktop and mobile platforms -- is done using encryption protocols, logging into the system itself is not.
In a discussion thread on My Opera last January launched by a user who wondered why Opera Link logins are not secured, initial responses came from folks who claimed protocols were pointless anyway because computers at public hotspots tend to use keyloggers. The thread was closed with a comment from a My Opera contributor essentially saying anyone that concerned about having his logon intercepted, probably shouldn't be using the Internet in a public place anyway.
But that was several months before the Opera Link system would be used to authenticate traffic for services that potentially have indirect, and perhaps even undirected, access to users' system folders. During this initial testing phase for Unite, one can probably bet safe money on the likelihood that someone -- perhaps a well-meaning security researcher, perhaps someone else -- will experiment with the notion of just how accessible the "My Documents" directory may be, for anyone who uses Unite to post a blog.