I don't like the term Web3 and I think a lot of people using the it are basically pushing snake oil.
However, I really like the idea of eventually having client-side decrypted data, and censorship-resistant "torrent-like" distributed content. Whether cryptocurrencies must play a role in this or not remains to be seen.
Having the ability for users to pay granularly for their use of web infrastructure is a key requirement if we want to transition away from a model where big corporations with dubious motives pay for web infrastructure.
I think in terms of track records there isn't a huge difference between a Chinese-owned and a US-owned company. If you're already searching outside that sphere of influence, that makes you a huge outlier. Assuming that you are not, I think putting just the focus on the nationality here is maybe not a strong argument in any direction.
FWIW, this particular company's track record isn't great, and includes a reported backdoor in their older "Secure Browser" (which used an IE logo painted green): https://en.wikipedia.org/wiki/Qihoo_360#Controversies
I'm not sure why this was downvoted. US companies have been caught regularly adding backdoors to products sold abroad (from the top of my head, I seem to remember IBM admitting the charges, Microsoft being caught red-handed, etc.)
Last November, Emmanuel Macron gave a big speech about the fact that the EU cannot rely anymore on the US as an ally for cyberdefense, because the US spent so much effort spying on the EU (and regularly getting caught) that it was not even nearly possible.
So yeah, I trust US companies about as much as Chinese companies, which is not much.
Not like there's a lack of open source web browsers. Why go specifically for the closed source Chinese-owned browser that asks for your crypto keys and provides a "free" "VPN"?
Regarding point #2: Nope. Hell no. Our hardware might run on hardware from Chinese ODMs but there's no evidence that they have MITM hardware devices in them. But a software company owned by the People's (sic) Republic of China -- the same government that runs the Great Firewall -- can get bent.
In general, I would not be inclined to implicitly trust any Chinese company less than any US company
However, I do believe that reliance and trust in Opera of yore would have been based on those running it before circa 2011-2013 when there was a major change of staff, resignation of founder, switch to Chromium/Blink, etc. That all predates the Chinese acquisition (2016)
Are you saying that any Chinese company is untrustworthy? Because most of our world runs on Chinese technologies, eg. the ZTE hardware a technician has just installed at my home.
Edit: that is NOT an argument for its trustworthiness...
The fact that they sell a lot of it does not mean it's trustworthy. That means it's cheap and cost-effective, all else being equal. Trust, and the use of information, however, are exquisitely difficult to assess until it's too late. And humans, as a species, are well known for trading less pain now for more pain later.
Crypto's main issue is not the UX. It's the volatility and costs(i.e merchants pay less for the same crypto). Until these two issues are fixed it makes no sense to use crypto payments unless you are denied access to mainstream payment networks(visa/mastercard).
The VPN should be integrated at the OS level not browser level.
You are equating crypto with payment but it's really moved on from that. The blockchain space really about competing with Ethereum to provide a decentralised platform for applications - what some people term as web3.
I was not aware web 3.0 is a thing yet. Is there any "killer" web 3.0 app? From what I've seen most are small crypto currency apps or web 2.0 apps with a crypto payment/token component. Is IPFS considered Web 3.0 as well?
The biggest killer web 3.0 dapp right now is something generally refered to as DeFi (Decentrilized Finance). There are several dapps that make up defi, including MakerDAO, Compound, Uniswap, Dharma, dydx to name a few.
Yes, I would say ipfs is an important component of web3. Ethereum has it's own competitor to ipfs called swarm which provides the static content hosting to pair with decentralised database (Ethereum blockchain), and decentralised messaging (whisper), to provide a fully decentralised application platform.
Crypto in this case is also being used as an authentication / password replacement system. Signing with your wallet address proves you are a specific person. So that alone is a great reason to include the wallet.
>> Signing with your wallet address proves you are a specific person. So that alone is a great reason to include the wallet.
No, it doesn't. It just proves that you own/hold a private key. You need to build an identity protocol on top of that if you want to prove that you are a specific person/organization. Such protocols have been around for quite some time before crypto currencies. It's just they don't have a good UX, that's why most websites require a password based authentication instead of a key/certificate.
I like a lot JWT/JWT as it has a lot of useful attributes(. e.g the "acr" attribute) so you better start with that than a crypto wallet
I think they meant to say a specific "account" rather than getting into person-hood.
I have been wanting what the op describes for a long time - why do we have to "create" accounts? Why can't we simply tell the site our account with our request. For a dumb example, having "?publicKey=(key)" in the url. That way the site can know who we are and be able to link our profile, provable by our ability to sign using the private key, does away with login forms, does away with password recovery flow, does away with email single-point-of-failure, allows us to switch profiles easily, etc. It's mind-boggling that every site in the world rebuilds login logic.
Your statement makes me very curious because as far as I'm aware, key distribution is the core problem of asymmetric cryptography. I can generate a private key and say I'm you, and there's nothing stopping me from doing that.
The only solution I'm aware of so far is DNSSec which starts from the operating system level.
I'm not sure how I feel about tying authentication with payment. It means anywhere you log into with this address knows your payment history with this wallet.
All currencies have an acquisition cost, usually in the low percents. Bitcoin is actually on the cheaper end these days at around 10-25 bps.
> volatility
Prices of things are reflections of the aggregate opinions of those things by everyone in the market. When prices are volatile, that means people's opinions of those things are volatile. And that's because those things have a lot of unknowns associated with them. As time goes on, and society observes the thing more and how it behaves in different circumstances, the better people will be able to predict the effect of future events, and the lower the volatility will be. In a thousand years, for example, when almost any possible event that could have happened to Bitcoin has happened, volatility could be near 0, and price will probably appreciate predictably with population growth.
It opened the system setting for me. I didn't approve it though, so the default didn't switch. However I do confirm it pinned itself to the taskbar, which is somewhat intrusive. It certainly isn't the conventional thing for Windows apps, and I'm not sure if there's much to win by doing this, really...
Same here... Opera sets itself as default browser without any action/prompt whatever.
It also adds the Opera icon in the task bar without asking anything. Red line crossed.
Next step is probably to uninstall competitors ?
In addition to ad blocking, VPN is becoming a very important feature for modern web browsers. With so many countries blocking websites and websites geoblocking users it becomes necessary to help users circumvent that to access a wide web. This is kind of the whole point of web browsers, give access to world wide web, not local web.
Interestingly, Opera trying to compete with other browsers makes it pursue users interests, while other browsers yet again don't see Opera as competition, ignore users and pursue megacorp interests instead.
That used to be true before it was sold in 2016 to a Chinese conglomerate. As noted above, the Chinese removed VPN apps from the Apple app store, but they left this one. Which means it's compromised.
You cannot legally sell a VPN without lawful intercept capabilities in China. My guess is that if the Chinese authorities have let this VPN pass through the system, it could mean there must be some way for the Chinese authorities to intercept traffic. Of course, this conclusion is not backed by any evidence.
It’s a small jump from blocking websites to blocking popular VPNs. I know two countries which block websites (Russia and Kazakhstan) and they either block or have plans to block VPNs. I don’t see centralized VPN as effective solution for that problem.
How do you block a VPN though? Do you just constantly chase after their IP addresses? I mean Netflix and similar services do try but with not much luck really.
That isn't at all the same problem: Netflix is trying to block being accessed by a VPN, while China/Russia/etc. want to block users from talking to a VPN.
When packets traverse the edge router, IX, cable (landing) station, .. if they're recognised as VPN traffic, then the server's IP (or IP / port) is added to a blacklist, every subsequent packet is dropped.
HTTPS has whole series of side-channel leaks, which can be exploited to fingerprint the tunnelled protocol: many implementations don't add padding or active probing resistance.
Sizable communications with an uncommon IP can be singled out by netflow analysis.
You will start with blocking their websites. Then you might want to reverse-engineer it just a little bit (for example to find out which domains they connect to) and block those domains. Usually that's enough to block most of people from using it.
This had me thinking. Since Cloudflare wants to provide free VPN. May be they should collaborate with Firefox and Offer a Browser with Cloudflare VPN / DNS by default?
I don't use Nu-Opera, but when I used classic Opera the main selling point for me was not needing extensions. I have neither the time nor the expertise to curate extensions and stay up to date with new browser trends. Built-in features mean that I'm only trusting one entity rather than entrusting my privacy to a half-dozen individuals or small teams, it means that there is a stronger guarantee of maintenance and not breaking, there is a stronger guarantee of inter-op, and when something breaks I have one place to complain to rather than wondering if it's an obscure interaction between three pieces of quasi-independent software. The overall experience was much more seamless than what it would take to collect the equivalent set of feature into Firefox.
... the "trusting one entity" was a big part of the sell for me originally, and it a big part of the reason not to use Opera anymore. The company was purchase by a Chinese investment firm, which I'm a little light on details but seem to recall them being heavily invested in advertising.
Yet, the way Web 3.0 works in practice is with a browser extension (which Reborn basically integrated) that does http API calls to a centralized 3rd-party server.
So while they market decentralization and trustlessness, they are one server-compromise away from getting fed a completely false view of Ethereum's blockchain state and losing all their funds.
If that's an attempt on web 3.0, we might as well just skip straight to web 4.0.
You can use this with your own node without trusting any 3rd party server. Right now this takes some effort but projects like Ethereum 2.0 will enable running a self hosted trusted node on low power devices and even mobile phones via checkpoints. It's not a good idea to use today's capabilities to judge future use cases.
I don't think it's stronger than needed, I think you worded it exactly right, marketing bullshit is a phrase different from 'bullshit' so the sentiment is understood. It's a lot of marketing buzzwords they're making up to hype up something more than it needs to be hyped up. I absolutely hate when people / companies try to hijack terms that don't belong to them. Edit: to clarify, calling something Web 3 is confusing cause we had the adoption of Web 2.0 around the mid to late 2000's which was a huge deal, Web 3 is just wrong.
This is especially frustrating, considering that Sir Tim Berners-Lee himself has said, that “Web 3.0” should be about Semantic Web[1]. That does mean that it should get easier to build distributed and interlinked systems, but that seems to be a consequence, not the goal.
I remember reading around that time that some people were wondering whether Semantic Web or IoT become Web 3.0. Unfortunately I won't find the references without a lot of googling. On the other hand Semantic Web is pretty much dead, HTML5 being not related to XML rather went further away again IMHO. Also IoT didn't seem to find the adaption as expected for home users, at least I don't find myself interacting with IoT devices on a day to day basis.
That said, IPFS servers and clients are there but it's not in use. So it would be quite a stretch to call that "officially" Web 3.0 until it will be in use by a significant amount of end user applications. Until now also blockchain (read Bitcoin) payment is very exceptional despite tons of frameworks, libraries, servers and clients. Even for the semantic web there are bizillions of tools but the information value remains questionable.
Looking back at Web 2.0, the transition went much more smoothly from static Web 1.0 to usage of "DHTML", HTML 4.0 with much JS/Ajax and eventually popular services making a lot of use of it, namely Facebook and Google including their plugins that were embedded on lots of websites at that time and still are.
Anyways, would be nice if a new development would get traction...
The semantic web without transactions is like the www without hyperlinks. How do you weight anything? Who cares about a pristine, motionless dataset?
Maybe crypto transactions, basic at first but growing in complexity as each industry works out their own standards is how a decentralized semantic web will eventually energe
Cryptocurrencies and Blockchain technology has no use whatsoever. It's all made up with fictionary scenarios where any already existing and well-established technology would do just as good or even better.
Don't put that snake oil in my browser, please. Thanks.
Cryptocurrencies have all kinds of uses, people actually use them. From countries with hyperinflation, to ridiculous civil forfeiture, to PayPal freezing large amounts for no reason.
You can find people using anything if you look hard enough.
That doesn't mean those people are representative of something that's (a) useful, (b) an unstoppable trend as opposed to a fad, (c) can't be done better in other ways, (d) not harmful.
I can hold all my assets in one place, which includes holding an ERC20 token that follows the S&P500. I'm essentially holding an ETF outside of a brokerage. I've also been loaning some DAI, ETH and other ERC20's through uniswap, and I hold a bit of BTC through WBTC which is a wrapped ERC20 token that follows Bitcoins price. I do all of this with one asset, ETH. I expect to eventually hold tokenized real estate as well.
There's also a flight insurance app that I've used once. If your flight is delayed, then the contract automatically pays out.
And when I'm bored, I have a bunch of FUN tokens that I picked up for free when it first launched, so I use those to play casino games once in a while. I also loan these tokens out on uniswap.
I'm also involved in MakerDAO governance since I hold some MKR as well as DAOstack which is an infrastructure layer for DAOs.
Last but not least, I use Brave browser and get BAT tokens for browsing. That's mostly everything right now, other than experimenting with other dapps.
What's the point? That one doesn't have the features from version 12, either.
spatial navigation, bittorrent, author mode, full page indexing for history, mouse gestures, key bindings editing, icons/buttons customisation, cycle show images/cached images/no images, shrink width to fit screen, presentation mode, panelise web page, navigation bar, tab preview pictures, custom icon sets installable from vendor homepage, all menus customisable by editing ini files
It's not a Blink fork, if that's what you mean. They built a new browser, using the HTML & JS engines from Chromium. The rest of the browser is different. As a user, I consider the HTML & JS to be commodities, and everything else to be the salient aspects that I look at when choosing between browsers.
It's crucial to UX. Otherwise if you want to buy something you need to switch to the crypto wallet, pay for it by copying and pasting addresses and wait for the other side to pick up your transaction and show confirmation in the browser.
I'm not a blockchain specialist, but I guess you can have native identity / wallet / interaction on a blockchain (like Ethereum) without having to rely on browser extension (like Metamask) !
I guess identity and paying creators for content is the primary focus. ie brave.
their definition of web3 is kinda limited as it revolves heavily around cryptocurrencies instead of the more broad vision of web3 that is basically anything decentralized; ipfs, dat, zeronet, etc.
while they may end up monitoring you I think the most direct reason is that it is a feature they hope will attract new users and that they will use search referrals to make money like other browsers use.
Isn't it misleading, to discuss it as a "vpn service"? If you install a binary, that not only controls vpn channel on both sides, but is also a browser, do I understand it right, that it can completely highjack the trust mechanisms, and happily MITM anything you visit?
Is there any way to find out if it's really establishing, well, vpn connection (e.g. openVPN or Wireguard), without DPI hardware and corresponding expertise?
If you have a malicious browser publisher, you have bigger problems than the networking layer to worry about.
The browser already has access to all your keystrokes and all the data it's displaying to you. In some way, it's a "Man In The Middle" that sits at the UI layer and will be able to sniff anything both ways irrespective of the networking layers.
That password coming from your "secure keychain" (or any other password manager)? It is also visible "in the clear" by the browser. Only challenge-based, out-of-browser authentication methods will keep the browser from seeing your secret, but it'll still be able to snoop your interaction both ways, and make sensitive API calls on your behalf (like transferring money, etc). There are other methods like OTP that also limit the exposure of your secret, but don't protect against the main threat of hijacking an authenticated browser session.
Thankfully some services add another layer of authentication for "sensitive actions", but it's not that common, and it is often weak (for example, sending an SMS with a code). Better than nothing of course.
Please correct me, if I'm wrong. When a non-tech person buys a vpn subscription, she may be provided with a tunneling software, but the key exchange is still happening in the browser. If the site shows a green lock, you can trust the connection to be encrypted, to the extent you trust Mozilla.
Also, many vpn providers let you use open source software, like OpenVPN.
Opera, however, can ship an installer with a statically linked mock ssh lib, that's always showing a green lock. It's a much more sinister threat model.
> Our browser VPN is completely free and unlimited, as well as being a no-log service. Our VPN servers do not log or retain any activity data.
Few days ago we were discussing how VPN is important but won't save the day if you don't know what you are doing.
When we have calls of "I won't log you", I always try to image how tha mine's bird will be set: and if have to log me under some subpoena, how will I know?
yeah, just assume all VPN are logging you for sure. That does not mean they don't serve a useful purpose though. Just not what is defined as criminal in whatever place your traffic goes through. (That being said, I think it is only the US that tries to get people for "cyber crimes" in foreign countries?)
I personally feel that browsers are headed entirely in the wrong direction - "one thing well" no longer applies in this space.
Does anyone have any recommendations for a lightweight browser, if such a thing even exists anymore? Perhaps Chromium + Scriptsafe + uBlock is what I need, but ultimately I want is a tabbed browser without a load of unnecessary features bundled in.
For example; there is no way I would trust the VPN embedded into a browser, thereby rendering it useless bloat. Much like I don't trust the ad blocker in Brave for Android, but I find the experience better than Firefox mobile, and carry on using it despite my displeasure.
Installed, and uninstalled when I found it automatically add it's icon to my dock. (It's the first mac software I ever installed that add it's icon to dock itself)
No American company is to be trusted either - not with shadow courts ordering companies to hand them data and install backdoors and not tell anyone about it.
I'd rather be surveilled by the Chinese government than Google/Facebook and other FAGMAN companies.
At least I don't live in the Chinese jurisdiction, while the tech giants do whatever they can to slip their tentacles into every website you visit, even if you don't do any business with them and actively fight their spyware. The Chinese government doesn't want to sell me anything either.
and be the one very strong signal from $VPN_IPRANGE that has a random wacky user agent, along with disabled scripting (and a quite comprehensive CSS fingerprint to boot).
I really like Opera and use it as my main browser. Yes, that Chinese company is notorious. Just don't put any spyware in your oversea version. If you have to, please only plant it in Chinese release.
This looks a bit like Neon, which to me the UX is a bit of gimmick. Since Opera is sold to a Chinese company, I may consider this if Opera's going to open source it's code. Btw, I believe nothing is free, you are just paying it in a non monetary form.
Opera has a chrome-based engine since 2013 more-less. I guess their old engine were called Trident, and its gone. Also i think they are now owned by a Chinese company.
Edit: oops, Trident was the Microsoft browser engine.. i guess i meant 'Presto' as the name of the old ditched Opera web engine.
Opera is a Chinese owned company now, right? How safe are you in trusting a Chinese VPN? Maybe slightly better than a VPN operated by Facebook...maybe?
However, I really like the idea of eventually having client-side decrypted data, and censorship-resistant "torrent-like" distributed content. Whether cryptocurrencies must play a role in this or not remains to be seen.