Be safe and private

Auto-update

To help keep your version of Opera up-to-date, with the latest features and important security and stability fixes, Opera includes an automatic update mechanism.

The auto-update dialog appears after a recommended update has been released. The browser also checks for updates at regular intervals and displays this auto-update dialog as a reminder if you have not yet updated. It includes information about the update, and helps you to install it.

Auto-update dialog options

The following options are available in the auto-update dialog:

Remind Me Later
This option closes the dialog and displays it later.
Download and Install
This option starts the download. Information about the download appears at the bottom of the page, on the right side of the status bar. When the download is complete, the dialog offers two options:

  • Install Now – Opera restarts immediately, and the update is installed.
  • Install Later – The update is installed later, the next time you start Opera.
Automatically install updates without notification from now on
This is the recommended option to keep you totally up-to-date, and allows all future updates to occur silently, meaning:

  • The auto-update dialog does not ever appear.
  • Updates are downloaded automatically.
  • Update information, when it exists, appears minimized on the status bar. Click this update information to display the auto-update dialog.
  • The updated version of Opera is installed automatically the next time you start the browser.

If you are not the system administrator, a password may be needed to complete the update.

Change auto-update settings

At any time, if you want to change auto-update settings, follow the steps below.

  1. From the menu, go to Settings > Preferences > Advanced > Security.
  2. In the “Auto-update” section at the bottom, select one of the following options from the drop-down list:
    • Do not check for updates – This option turns off the auto-update mechanism. To ensure that you are using the most up-to-date and secure version of the browser, you will need to manually check for updates.
    • Notify me about available updates – This option displays the auto-update dialog whenever a recommended update has been released, or from time to time if you have not yet updated the browser.
    • Automatically install updates – This option allows all future updates to occur silently (the same as the “Automatically install updates without notification from now on” setting above)
  3. Click “OK” to save your changes.

Check for updates manually

To check for updates manually, go to the menu and select Opera/Help > Check for Updates.

Backing up Opera

It is recommended that you regularly back up your most important Opera files. You should also always back up your files before upgrading.

The tips below are also useful if you need to move your Opera files from one computer to another.

Locating your files

From the menus, choose Help > About Opera, or go to opera:about to find the exact paths for your profile and data folders.

Selecting files

Not all files and folders listed below will be relevant for all users. If you have made no changes to the keyboard, mouse, toolbar, or menu setups, for example, there is no reason to make copies.

Files to back up
Description File name
Blocked content urlfilter.ini
Bookmarks bookmarks.adr
Certificate authorities opcacrt6.dat
Contacts contacts.adr
General settings operaprefs.ini
Notes notes.adr
Personal certificates opcert6.dat
Searches search.ini
Site-specific settings override.ini
Speed Dial speeddial.ini
Password Manager data wand.dat
Folders to back up
Description Folder name
Email, newsgroups, and feeds /Mail
Sessions – saved window setups /Sessions
Skins /Skin
Keyboard setups /Keyboard
Mouse setups /Mouse
Menu setups /menu
Toolbar setups /Toolbars

The default on Mac is to follow the platform convention of splitting up user data in three different folders. As a result, Opera is integrated with system services (including backup and cleanup routines) with no additional effort. The three folders in the user’s Home folder are:

~/Library/Application Support/Opera/
larger data sets including extensions, mail, and custom build preferences (example: settings for the Mac App Store version of Opera)
~/Library/Caches/Opera/
temporary files including icons, thumbnail, and cache
~/Library/Opera/
the Opera preference files and other small files

Note that since Mac OS 10.7 ‘Lion’, the Library folder in the users’s Home folder is hidden by default. From a Finder window, press Command–Shift–G to enter a folder path manually.

Security certificates

Security certificates are used to verify that a website is secure to use. Most of the time certificates are fully valid and you can proceed safely with your business. If there is something questionable about a certificate, a warning dialog will be displayed, as explained in the Certificate warnings topic below.

Certificate warnings

If there is something questionable about a certificate, a warning dialog will be displayed. You may choose to proceed, but full security cannot be guaranteed at this point.

Server certificate expired
Certificates like credit cards have an expiry date, and must be renewed on a regular basis by the people maintaining the site.
Accepting an expired certificate does not necessarily reduce security, however take into consideration the site you are visiting and how long since the certificate expired.
Wrong certificate name
A certificate is issued by an authority for a single site to use, and sites cannot borrow certificates from each other as this invalidates the whole concept of certificates.
Accepting a certificate belonging to another site is not recommended.
Certificate signer not found
Certificates are signed by an authority. For example, the secure version of the University of Oslowebsite is authorized by the Thawte organization.
If the signer of a certificate is not found in your list of authorities, you should not accept the certificate unless you have a confident relation with the website.
Some certificates are self-signed, that is, signed by the person or organization running the site, and not an authority. Trusting a self-signed certificate from, for example, your employer can be considered as safe.
If you know that the signer can be trusted, and you want all sites using this signer to be considered as safe, install the certificate to add the signer to your regular list of authorities.

Tip: To see your list of authorities, see Manage certificates below.

Manage certificates

To see an overview of your installed certificates, go to Opera > Preferences > Advanced > Securityand select Manage certificates.

Personal
Client certificates identify you during transactions with secure websites
Authorities
Certificate Authorities certify the identity of websites
Intermediate
Intermediate Certificate Authorities certify the identity of websites
Approved
You have approved these certificates, which have security issues
Rejected
You have rejected these certificates, which have security issues

Set a master password

Client certificates, sometimes called personal certificates, are given to you by banks and other secure websites in order to identify you. Since the client certificates stored on your computer are meant to certify your identity, Opera requires you to protect them by setting a master password.

Opera will ask you to set a master password the first time that you install a client certificate. You should select a password that is impossible to guess, and keep it secret. When you want to use your client certificates, Opera will ask you to enter the master password.

To later change the master password, or to set a master password even in the absence of any client certificates, press the button marked “Set Master Password”. The master password can be used to protect not just your client certificates, but also your saved passwords.

Ask for password

Once the master password is set, you may adjust the interval at which it is checked. By default, the interval is set to “Every time needed”, meaning every time that you need a client certificate, or every time you need a stored password, if you have checked “Use master password to protect saved passwords”.

Delete private data

To delete private data, go to Opera/Settings > Preferences > Delete Private Data. A dialog displays, allowing you to select the data you want to delete.

This dialog helps you to delete traces of your browsing activity, however take care not to erase useful data inadvertently. If you are not already familiar with them, try private tabs; the data for each private tab is automatically deleted when you close the tab.

Delete Private Data dialog options are:

Delete temporary cookies
Delete session cookies
Delete all cookies
Delete password protected pages and data
Delete HTTP authentication passwords (not in Password Manager)
Delete entire cache
Clear history of visited pages
Clear history of downloads
Clear bookmark visited time
Clear all email account passwords
Clear Password Manager
Delete persistent storage
Close all tabs

Warning: After deleting private data you may need to re-enter various passwords and set up preferences on websites again.

Do not track

You can set Opera to tell sites if you prefer to opt-out of online behavioral tracking. To set this, go to Opera/Settings > Preferences > Advanced > Security and check “Ask websites not to track me”.

Set site-specific preferences

If you want to apply this setting for a particular website, you can use site preferences, and check this option on the Network tab.

Fraud and Malware Protection

Fraud and Malware Protection warns you about suspicious webpages by checking the page you request against a database of known “phishing” and “malware” websites. To protect yourself when entering sensitive information, always look for the lock in the security badge.

Security status

With Fraud and Malware Protection enabled, every webpage you request is subjected to phishing and malware filters, and the status of the page is displayed as a badge on the left side of the address field, as indicated in the table below. Clicking on the badge reveals additional information.

Security Badge Status

Trusted

Secure connection, with verified identity

Secure

Secure connection

Web

Regular website

Turbo

Website accelerated by Opera Turbo

Local

File or folder on your computer

Fraud Warning

Blacklisted site, with Fraud Warning

Malware Warning

Blacklisted site, with Malware Warning

When the connection is secure, a lock is displayed in the security badge, implying that no one else can read the information that passes between you and the site. A process called Extended Validation (EV) can be used to verify the identity of the site owners.

If a website is found on the blacklist, you will be presented with a warning page, and you can decide whether to visit the website, or to go to back safely to the previous page. Fraud and Malware Protection does not cause any delay in the opening of webpages.

Enabling/Disabling Fraud and Malware Protection

Fraud and Malware Protection is enabled by default. It can be disabled/enabled from Preferences > Advanced > Security by unchecking/checking the box marked “Enable Fraud and Malware Protection.”.

Report a site

If you discover a site that you think is fraudulent or contains malware and is not yet listed on blacklists, as shown in the security details from the badge in the address field, you can report it.

  1. Click the badge in the address field.
  2. Click the “Details” button.
  3. In the Fraud and Malware Protection tab, choose an option.
  4. Click “Report Site”, then click “OK”.

Privacy

To ensure your privacy, there are ways you can control how websites monitor your web activities, and ways to keep your browsing habits and data private when sharing a computer or account.

Private browsing

To browse without leaving any trace of the websites you visit, you can use a private tab or window. This is especially useful if you are using someone else’s computer, or planning a surprise that you want to keep secret. When you close a private tab, the following data related to the tab is deleted:

  • browsing history
  • items in cache
  • cookies
  • logins

A closed private tab or window cannot be recovered from the “Closed Tabs” drop-down on the right side of the tab bar.

While private tabs or windows do not leave any record of the websites you visit, if you deliberately save data, for example, if you save a bookmark, or download a file, it will still be visible after the tab is closed.

Create a private tab

To create a private tab, select File > New Private Tab from the menu. Alternatively, Ctrl-click the tab bar and select “New Private Tab” from the context menu.

Close a private tab

Close a private tab in the same way as a normal tab. To close all the private tabs you have open at once, Ctrl-click a tab and select “Close All Private Tabs”.

Private windows

If you prefer to use separate windows when browsing, rather than tabs, you can create a private window by selecting File > New Private Window. Closing the window removes all traces of your browsing.

Security protocols

Security protocols are used to communicate securely with sites where sensitive data, such as credit card information, is involved. The protocols most commonly used are SSL and TLS.

When you visit a site using security protocols, information displays in the badge to the left of the address field. For more about this, see the Fraud and Malware Protection topic. As a summary, a padlock displays for these sites and the domain name of the certificate is written. For sites with extended validation (EV), the name of the organization that registered the certificate is given. Click the security badge to see more information.

Enable or disable protocols

To enable or disable specific security protocols, from the menu, go to Opera/Settings > Preferences > Advanced > Security. Check or uncheck the protocols you want to enable or disable.

If you want to select ciphers to enable or disable, click the “Details” button.

Security

Browser security depends on establishing the identity of individuals and organizations who wish to transact business over the internet, and providing them with a secure channel in which to do so. You can manage the security environment provided by Opera through the following security preferences:

Trusted websites

Browser security depends on establishing the identity of individuals and organizations who wish to transact business over the internet, and providing them with a secure channel in which to do so. You can manage the security environment provided by Opera through the security preferences.

Like Fraud and Malware Protection, the list of trusted websites is meant to protect you from phishing and malware. But whereas Fraud and Malware Protection depends on an externally-maintained blacklist, the list of trusted websites is a whitelist you maintain yourself. The “Trusted Websites” dialog has two tabs:

Extensions
You can only install extensions from the sites listed under the “Extensions” tab.
Secure Internal Hosts
External servers can only redirect to computers on your intranet if those computers are listed under the “Secure Internal Hosts” tab.

Adding to the list of trusted websites

To add a source to the list of “Trusted Websites”, take the following steps:

  1. From the menu, go to Opera/Settings > Preferences > Advanced > Security.
  2. Click the “Trusted Websites” button.
  3. Choose the relevant tab: Extensions or Secure Internal Hosts
  4. Click “Add” and enter the web address of the site. You can also edit or delete sites in the list.

Extensions

If you attempt to install an extension from a site that is not listed in the “Trusted Websites” dialog under the “Extensions” tab, the installation will be blocked with a warning: “For your safety, you can only install extensions from addons.opera.com or other trusted websites. Trusted websites are defined in the security preferences.” If you nevertheless want to install the extension, you have two choices:

  • Find an equivalent extension on addons.opera.com
  • Add the extension’s web address to the whitelist

By default, extensions and extension updates can be installed only from the following websites:

Secure Internal Hosts

By default, no secure internal hosts are defined.