Security and privacy

Ad blocker

In order to use Opera’s built-in ad blocker, the feature must first be enabled in your browser. To enable Opera’s ad blocker, or to turn off ad blocker:

  1. Open Opera and go to Settings (Alt+P)
  2. Under Privacy protection, click the switch next to Block ads…. This will enable Ad blocker.

The blue ad blocker badge  on the right side of the combined address and search bar shows that the feature is enabled.

Click the ad blocker icon to open the ad blocker pop-up window. In this window you can optionally disable ad blocker for the current website. You can also enable/disable the Tracker blocker, or click the gear icon to be taken to the settings page for ad blocker.

Whitelist a website in Opera’s ad blocker

Some websites request that you disable ad blocker so you can visit and fully enjoy their webpage. Instead of having to completely turn off Opera’s ad blocker to visit one site, you can whitelist the requesting website.

To do this, open the ad blocker pop-up window in the combined address and search bar and click the Turn off for this site button. This will disable ad blocker on that site. In the same popup, you can also enable/disable the Tracker blocker, or click the gear icon to be taken to the settings page for ad blocker.

Opera’s ad blocker pauses when you visit a whitelisted website and resumes when you navigate to another website, allowing for an uninterrupted browsing experience.

The whitelisted website’s domain is added to your ad blocking exceptions list. Read below to learn how to manage exceptions for Opera’s ad blocker.

Managing filter lists for Opera’s ad blocker

You can choose which filter lists Opera’s ad blocker uses when the feature is enabled. EasyList and NoCoin are enabled by default. To manage lists in Opera’s ad blocker:

  1. Go to Settings.
  2. In Privacy protection, under Block ads, click Manage lists.
  3. Check the boxes next to the lists you want enabled for ad blocker.

Opera updates your selected lists automatically. You can update the lists manually by clicking the Update button at the top of the page.

These lists, also known as filter lists, contain rules that tell ad blockers which content is likely to be an ad. The most popular and commonly used list for removing ads on international websites is EasyList. Opera includes additional lists, such as EasyPrivacy, NoCoin, and lists for multiple languages, in order to remove ads.

NoCoin is a cryptocurrency mining protection filter list which stops crytpojacking scripts from running on your computer. Read more about Opera’s cryptocurrency mining protection.

Learn how to turn ad blocker on or off.

VPN

Normally, your browser connects directly to websites, allowing websites to identify your IP address and approximate location. With VPN, you connect to websites via a VPN (virtual private network) server. As a result, your apparent location changes to the location of the server. To enable VPN:

  1. Go to Settings.
  2. Click Advanced in the left sidebar, and click Features.
  3. Under VPN, turn on Enable VPN.

When you enable VPN, it starts automatically, and a VPN badge appears in the combined address and search bar. Click on the badge, and you will see an on/off switch, information about the amount of data transferred, the virtual location, and the virtual IP address.

From the point of view of websites, your browser is now located in the region given by the virtual location. To change your virtual location, select a region from the list. If you do not choose a region, you are automatically assigned an optimal location. To turn off VPN, flip the switch in the badge.

Because the connection from your browser to the VPN server is encrypted, even if the local network is not, VPN enhances your privacy on the local network. You can hide your browsing activities from other users of that network.

To enhance your privacy with regard to websites, making it more difficult for them to track you, you need a combination of features. The issue is cookies. Even if you disguise your location, websites can still identify you if they have set a cookie. Notice, however, that by blocking ads you block the source of many tracking cookie. At the end of a private browsing session, when you close the browser, all cookies from that session are deleted.

VPN is a free service, and the amount of data you are allowed to transfer is unlimited.

Private window

Private browsing ensures that your internet history and activity data is removed as soon as you close all private windows.

  • To browse privately on Windows and Linux, go to Menu > New private window.
  • To browse privately on Mac, select File > New Private Window (Ctrl+Shift+N).

When you close all private windows, Opera will clear the following associated data:

  • Browsing history
  • Items in cache
  • Cookies

After being closed, a private tab or window cannot be recovered from the Recently Closed list in the tab menu.

While private windows do not leave any record of the websites you visit, if you deliberately save data – for example, if you save an item to your Speed Dial, save a password, or download a file – it will still be visible after the window is closed.

Clear browsing data

By default, Opera stores certain browsing data to help speed up connections, load common page elements, and improve your interaction with the sites you visit. You may wish to remove traces of your browsing habits by clearing your browsing data. To clear browsing data:

  1. Go to Settings.
  2. Click Advanced in the left sidebar, and click Privacy & security.
  3. Under Privacy and security, click Clear browsing data.
  4. Select a time range and the types of data you wish to clear, and click Clear data.

Browsing history – A list of sites you have visited.

Download history – A record of the files you’ve downloaded. Clearing this will not delete the file you downloaded, only the record of where and when.

News usage data – Information on the frequency and the length of time you spend on a news article from the personal news page, which is used to customize what news you see.

Cookies and other site data – Data from websites you visit which is stored on your computer, such as site preferences and login status.

Cached images and files – Data stored on your computer by applications or websites to make processes and site loading faster. Should be cleared periodically.

Passwords and other sign-in data – Data related to logging into websites and applications. Allows you to be signed-in automatically.

Autofill form data – Information like credit-card numbers, names and phone numbers, which you can choose to store on your computer in order to have forms filled in automatically.

Site settings – Permission data for websites, such as whether they can access your microphone or send you cookies.

Hosted app data – Data stored by extensions you have installed in your browser. Clearing this data will reset the extension to its default.

Clearing your browsing history will delete any stored location information about the pages you have viewed and the times you accessed them.

Clearing download history will empty Opera’s record of the files you’ve downloaded through the browser. This will not delete the file from your local machine, only the record of when and where you downloaded it.

Deleting cookies and other site data will remove any tracked site data. Read more about managing cookies.

Emptying your browser’s cache will delete any temporarily stored data from websites. The cache is used to briefly store page elements such as images or search queries. Cached data also helps reduce loading times when you wish to access a recently visited site. Emptying cache will clear up space on you local disk.

Clearing data from hosted apps will delete any data stored by extensions you have installed in the browser. For example, if you installed a weather extension on Speed Dial and set your location in its settings, clearing this data will reset the extension to its default and you will have to tell the extension your location again. Note: Take care not to erase useful data inadvertently. If you are not already familiar with it, try private browsing. The data for private browsing is automatically cleared when you close all private windows.

Managing how Opera stores private data may be useful, as an alternative to clearing all private data. Read more about setting web preferences.

Security badges

Opera warns you about suspicious pages by checking the page you request against a database of known phishing and malware websites. To protect yourself when entering sensitive information, always look for the  lock in the security badge to the left of the combined address and search bar.

Badges indicate details about the page you are viewing. When a badge appears in your combined address and search bar, click it to see more information, including security certificates and more.

IconIndicates…
Compressed connection
Ads are blocked
Camera access
Extension
Fraud or malware warning
Local file
Location access
Microphone access
Opera page
Secure connection
Unprotected connection
MIDI access
VPN is on

When the connection is secure, a lock is displayed in the security badge, implying that no one else can read the information that passes between you and the site. Opera uses certificates to verify the identity of the site owners. A lock means there is good encryption between you and the recipient, and the recipient’s identity has been verified.

If a website is blacklisted, you will be presented with a warning page, and you can decide whether to visit the website or to go back safely to the previous page. Fraud and malware protection does not cause any delay in the opening of pages.

Manage security certificates

HTTPS (Hypertext Transfer Protocol Secure) is a widely used technology that provides encrypted communication and identity assurance on the Internet. Security certificates are used to verify the ownership of Internet domains. If you see a black padlock security badge in your combined address and search bar, then according to your operating system’s configuration, you are securely connected to the website. However, it is still your responsibility to make sure that the address is correct. When in doubt, type the address by hand.

If you’d like more information about a site’s security certificate, click on the security badge and click the Certificate (Valid) link. Opera will provide the certificate’s issuer, the type of certificate, and whether the issuer is publicly-known and valid.

Publicly-known issuers and their certificates are validated against a number of security and identity checks. Opera will warn you if some part of a publicly-known issuer’s certificate is questionable. You may choose to proceed but Opera cannot guarantee your security.

To see which HTTPS/TLS certificates are used by your Opera browser and how Opera handles them:

  1. Go to Settings.
  2. Click Advanced in the left sidebar, and click Privacy & security.
  3. Under Privacy and security, click Manage certificates.

A note about local certificate issuers

Some connections can be certified by certificates from local issuers, either from apps on your machine or other non-public sources (such as a local intranet). These issuers can be used to verify secured connections in the browser. Most of these connections are valid. For example, debugging applications, third-party security scanning, and parental filters may rely on locally-issued certificates.

Connections certified by certificates from local issuers aren’t screened by the same security standards as publicly-known issuers and certificates. Such screening is too strict and may not allow connections to work as intended. Malware or viruses may use these certificates to view encrypted information or inject ads.

If you wish, you can configure Opera to warn you about public sites that use certificates from local issuers. If you continue to browse on these connections, be aware that some security measures, such as certificate pinning and Certificate Transparency, will be disabled for all such connections during your browsing session.

Review how to manage security certificates.

Invalid certificate warnings in Opera

Invalid certificate pop-up in Opera

If Opera cannot verify the identity of the server for a website you wish to visit, you will see this pop-up. Click Show certificate to review the certificate yourself. When reviewing the certificate, check that the certificate’s validity date is current and that the issuer of the certificate is trusted.

Click Continue anyway to proceed to the website.

If you do not trust the server or the certificate and you wish to not proceed to the website, click Cancel.

A note about Extended Validation (EV) certificates

The best guarantee of a website’s identity is provided by Extended Validation (EV) certificates. Extended Validation means that the details of the organization buying the certificate have been audited by an accountable, third-party entity, who can therefore verify that the certificate owner is who it claims to be. EV websites are indicated by a black security badge with a padlock in the address field.

Extended Validation certificates are designed to endorse a company’s validity as a reliable, rather than transient, business. For example, to obtain a certificate, a company must provide three years of tax records and other financial information to the Certificate Authority. This certification provides peace of mind and security for Internet shoppers.

Opera has already implemented procedures and processes for EV certification and is at the forefront of complying with standards. We have built-in procedures to automatically verify that everything in a certificate for a website is correct when someone visits a page on the site and that the certificate has not been revoked.

Tell sites to not track your activity

Most sites track your behavior while you visit them. If you do not like this idea, Opera can send an additional header with every request: “DNT: 1”. This is a flag to websites that the user does not want to be tracked. Some countries have DNT legislation that will legally protect your request and most well-behaved websites will respect this additional header.

You can set Opera to tell sites you prefer to opt-out of online behavioral tracking. To set this:

  1. Go to Settings.
  2. Click Advanced in the left sidebar, and scroll down to Privacy & security.
  3. Click Cookies and other site data.
  4. Under Cookies and other site data, turn on Send a “Do Not Track” request with your browsing traffic.

A note about phishing and malware

Opera’s fraud and malware Protection warns you about suspicious web pages and is enabled by default. It checks the requested page against several databases of known phishing and malware websites, called blacklists. Although it is not possible to totally eliminate the risk of encountering an unidentified phishing or malware website, the risk is minimized.

Note that checking against the database does not delay the opening of web pages.

Phishing

The growth of Internet commerce has given online criminals an opportunity to steal your passwords, your credit card numbers, and other personal information by impersonating authority figures from your bank or other institutions you frequent. This is known as phishing.

You will be encouraged to log in and “verify” your customer information: in other words, to reveal your password, credit card number, or other private data. The best defense against this threat is to be aware of the problem and to be alert when transacting business online.

Malware

For the same reason that you have anti-virus software installed, you may want protection from websites that distribute viruses or other malicious software, collectively known as malware. The concept of malware encompasses not just viruses, but also scripts that may run automatically when you load a web page.