"Vivaldi is Spyware" ⁉

Catweazle

Vivaldi is a feature-full, customizable web browser made by some of Opera's old developers (since they were dissatisfied with the direction Opera was heading). Just like modern Opera, it is based on Chromium.

Version tested: 5.2.2623.48

Spyware Level: High
Vivaldi makes about 119 requests on startup, and continues to make unsolicited connections after. Anti-privacy Bing is the default search engine.

Even if you disable everything under "Google Services" and "Google Extensions" under "Privacy" in settings, it will still make automatic connections to Google. Also makes connections after first start up to mirmir.vivaldi.com and downloads.vivaldi.com.

Vivaldi's web pages are Cloudflared
You will be blocked if using Tor, and be connected to hcaptcha.cloudflare.org. You can disable this by simply changing the homepage.

Vivaldi Assigns you a unique ID
From the Privacy Policy: "When you install Vivaldi browser (“Vivaldi”), each installation profile is assigned a unique user ID that is stored on your computer. Vivaldi will send a message using HTTPS directly to our servers located in Iceland every 24 hours containing this ID, version, cpu architecture, screen resolution and time since last message. We anonymize the IP address of Vivaldi users by removing the last octet of the IP address from your Vivaldi client then we store the resolved approximate location after using a local geoip lookup. The purpose of this collection is to determine the total number of active users and their geographical distribution".[1]

Cannot be built from source code
"However, it is only our Chromium work that is found on https://vivaldi.com/source. If you were to build it and run it, nothing will display as the HTML/CSS/JS UI is missing. This UI is only available as part of our end user packages, which is covered by the EULA (in which we also bundle with a compiled version of our modified Chromium)."[2]

Source https://spyware.neocities.org/articles/vivaldi

Pathduck

*cough*
https://forum.vivaldi.net/topic/30542/vivaldi-is-spyware

When quoting passages from articles, it's a good idea to make it clear it's a quote and not you writing this

Use blockquotes

"Or use quoted italicized text"

mib2berlin

@Catweazle
Hi, are they really use version 5.2.2623.48?

Cheers, mib

DoctorG

LOL, old articles.

My Networkanalyse of HTTP request says
Last-Modified: Wed, 01 Jun 2022 03:39:08 GMT

matt991

old yes, still (or was this even) relevant though is the question?

DoctorG

@matt991 Relevance for what? Explain.

DoctorG

Even if you disable everything under "Google Services" and "Google Extensions" under "Privacy" in settings, it will still make automatic connections to Google. Also makes connections after first start up to mirmir.vivaldi.com and downloads.vivaldi.com.

Yes. Connects to Google domains. To update internal files, malwarelists, DRM, etc.
We can discuss about Google/Chromium devs could add something strange.

Vivaldis? Checking for updates and Sync.

You will be blocked if using Tor, and be connected to hcaptcha.cloudflare.org. You can disable this by simply changing the homepage.

Well, Cloudflare protects website.
They do not install spyware.
Oh yes, they can track by IP. Huh!

OK, blocking TOR is not nice and blocks users who need to stay safe.

Vivaldi Assigns you a unique ID

Yes, Vivaldi tracks anonymous usage internally and does not sell data.
You want a free and unpaid software, so let them check.

Cannot be built from source code

It can be built and analysed for malware.

---

My resume of the "article": WTF? Why has this something to do with Spyware?

Pathduck

These are the connections made from a clean profile of Vivaldi 6.1 Stable on startup on my system.

10	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62517	151.101.2.137	vivaldi.map.fastly.net		443    https	
11	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62516	31.209.137.18	mimir.vivaldi.com		443    https		
13	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62518	192.168.0.105					8008
15	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62519	192.168.0.105					8009
20	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62520	172.217.21.163	update.googleapis.com		443    https
24	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62521	172.217.21.163	update.googleapis.com		443    https
32	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62522	172.64.41.3	chrome.cloudflare-dns.com	443    https
33	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62523	162.159.61.3	chrome.cloudflare-dns.com	443    https
34	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62524	172.64.41.3	chrome.cloudflare-dns.com	443    https	
37	4756	D:\bin\Vivaldi-stable\Application\vivaldi.exe	TCP	Crapstation	192.168.0.10	62525	192.229.221.95	fp2e7a.wpc.phicdn.net		80     http

So let's look at them:

vivaldi.map.fastly.net - Fastly CDN, maps to downloads.vivaldi.com

mimir.vivaldi.com - Vivaldi server hosted by Hringdu in Reykjavik

192.168.0.105:8008/8009 - SSDP discovered Cast device (my TV box) (GET /ssdp/device-desc.xml HTTP/1.1)

update.googleapis.com - This is probably the "worst" - but simple checking for updated Chromium components and extensions. Vivaldi should try to proxy these requests for the tinfoil hatter brigade who go ballistic over anything Google. @yngve covered all this years ago...

chrome.cloudflare-dns.com - By default Vivaldi uses DoH, my system primary DNS is set to 1.1.1.1 so it detects this and queries Cloudflare.

fp2e7a.wpc.phicdn.net - This one was new to me - I had never heard of phicdn.net - apparently this is Edgecast/Edgio CDN.

The last one is port 80 so easy to see what it actually does.

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D HTTP/1.1
Host: ocsp.digicert.com

HTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 3292
Cache-Control: max-age=7200
Content-Type: application/ocsp-response

So, OCSP for CRLs basically.

You want to check this yourself?
https://www.nirsoft.net/utils/smsniff.html
If you want to decrypt TLS packets and view in Wireshark a bit more work:
https://wiki.wireshark.org/TLS

Catweazle

@Pathduck, edited, well, the other is from 2018, I don't even remember it.
I use Portmaster to check in and outgoing data and eventl block them.

Catweazle

@Pathduck, what about this?

DoctorG

@Catweazle Embedded videos are always prolematical.

Catweazle

@DoctorG, what I thought

Pathduck

@Catweazle I think people should spend more time getting worried and angry about the massive data gathering done by huge corporations like Google, Meta, Microsoft, Amazon ++, rather than obsessing about the possible privacy implications of 3rd-party cookies being used for embedded content on the website of a small browser company who is trying their best to protect the privacy of their users...

At least Vimeo embeds are way better than YouTube
Besides, anyone who is a little privacy-concious will block 3rd-party cookies anyway...

Catweazle

@Pathduck, I know, and I always click on a wasp's nest, when I say that the default search engine in Firefox is Google and with sync activated, that Mozilla sends user data to Alphabet (also Brave do it), googleanalytics and googletagmanager. Ouch

WildEnte

@Pathduck said in "Vivaldi is Spyware" :

When quoting passages from articles, it's a good idea to make it clear it's a quote and not you writing this

The first thing I thought of when I saw the title of this thread was a quote, actually:

"You shouldn't believe everything you read on the internet" - Albert Einstein

Catweazle

@WildEnte, that was a quote from Kafka, I think

WildEnte

@Catweazle said in "Vivaldi is Spyware" :

@WildEnte, that was a quote from Kafka, I think

Ah you are right. I always get this wrong because they were twins separated at birth.