179 comments

[ 2.6 ms ] story [ 215 ms ] thread
Looks very good to see VPNs and crypto integrated as first-class citizens into a webbrowser. Also love the nightmode.
(comment deleted)
What is the point of having crypto integrated into the browser? Native bitcoin mining malware?
I guess identity and paying creators for content is the primary focus. ie brave.

their definition of web3 is kinda limited as it revolves heavily around cryptocurrencies instead of the more broad vision of web3 that is basically anything decentralized; ipfs, dat, zeronet, etc.

I'm not a blockchain specialist, but I guess you can have native identity / wallet / interaction on a blockchain (like Ethereum) without having to rely on browser extension (like Metamask) !
I wonder if it's an alternative take on payments, such as Apple Pay being integrated into Safari.
It's crucial to UX. Otherwise if you want to buy something you need to switch to the crypto wallet, pay for it by copying and pasting addresses and wait for the other side to pick up your transaction and show confirmation in the browser.
It's so that even more people can lose their crypto coins through insecure/faulty software.
SOCKS5 support has been in Firefox for aeons already. How is this VPN support any better?
> Our browser VPN is completely free and unlimited, as well as being a no-log service. Our VPN servers do not log or retain any activity data.

Few days ago we were discussing how VPN is important but won't save the day if you don't know what you are doing.

When we have calls of "I won't log you", I always try to image how tha mine's bird will be set: and if have to log me under some subpoena, how will I know?

yeah, just assume all VPN are logging you for sure. That does not mean they don't serve a useful purpose though. Just not what is defined as criminal in whatever place your traffic goes through. (That being said, I think it is only the US that tries to get people for "cyber crimes" in foreign countries?)
"Web 3 is an umbrella term for a set of emerging technologies intersecting cryptocurrencies, blockchains and distributed systems"

wat?

Yeah, seems like marketing bullshit (1) to me, even if the functionalities themselves seem pretty good (in theory, haven't tested yet).

(1) The term might be stronger than needed; I meant something a lot closer to "click-baity" than "garbage".

I don't think it's stronger than needed, I think you worded it exactly right, marketing bullshit is a phrase different from 'bullshit' so the sentiment is understood. It's a lot of marketing buzzwords they're making up to hype up something more than it needs to be hyped up. I absolutely hate when people / companies try to hijack terms that don't belong to them. Edit: to clarify, calling something Web 3 is confusing cause we had the adoption of Web 2.0 around the mid to late 2000's which was a huge deal, Web 3 is just wrong.
Regarding "(1)", "bs" is idiomatic and gentler than "bullshit" per se.
Kill it with fire. Lots of fire. There's nothing good to be coming out of this.
Because the current web is such perfection?
Cryptocurrencies and Blockchain technology has no use whatsoever. It's all made up with fictionary scenarios where any already existing and well-established technology would do just as good or even better.

Don't put that snake oil in my browser, please. Thanks.

Cryptocurrencies have all kinds of uses, people actually use them. From countries with hyperinflation, to ridiculous civil forfeiture, to PayPal freezing large amounts for no reason.

And it's my favorite method of payment, so easy.

So don't speak for everyone.

(comment deleted)
What's the Bitcoin adaptation rate in Venezuela?
So, you can go to the gas station, the grocery store and the barber and all pay them with Bitcoin? I doubt it.
I use crypto dapps almost everyday, but apparently that's a figment of my imagination.
What real world problem do they solve for you?
I can hold all my assets in one place, which includes holding an ERC20 token that follows the S&P500. I'm essentially holding an ETF outside of a brokerage. I've also been loaning some DAI, ETH and other ERC20's through uniswap, and I hold a bit of BTC through WBTC which is a wrapped ERC20 token that follows Bitcoins price. I do all of this with one asset, ETH. I expect to eventually hold tokenized real estate as well.

There's also a flight insurance app that I've used once. If your flight is delayed, then the contract automatically pays out.

And when I'm bored, I have a bunch of FUN tokens that I picked up for free when it first launched, so I use those to play casino games once in a while. I also loan these tokens out on uniswap.

I'm also involved in MakerDAO governance since I hold some MKR as well as DAOstack which is an infrastructure layer for DAOs.

Last but not least, I use Brave browser and get BAT tokens for browsing. That's mostly everything right now, other than experimenting with other dapps.

You can find people using anything if you look hard enough.

That doesn't mean those people are representative of something that's (a) useful, (b) an unstoppable trend as opposed to a fad, (c) can't be done better in other ways, (d) not harmful.

> Blockchain technology has no use whatsoever

GIT makes use of what is basically a blockchain. Calling it useless is an extremely bold claim that requires a strong evidence.

This is especially frustrating, considering that Sir Tim Berners-Lee himself has said, that “Web 3.0” should be about Semantic Web[1]. That does mean that it should get easier to build distributed and interlinked systems, but that seems to be a consequence, not the goal.

[1]: https://en.wikipedia.org/wiki/Semantic_Web#Web_3.0

The semantic web without transactions is like the www without hyperlinks. How do you weight anything? Who cares about a pristine, motionless dataset?

Maybe crypto transactions, basic at first but growing in complexity as each industry works out their own standards is how a decentralized semantic web will eventually energe

It is ironic that he later gave thumbs up to DRM which is like putting a black hole in the web. Maybe he lost faith in the web or just made a mistake.
I remember reading around that time that some people were wondering whether Semantic Web or IoT become Web 3.0. Unfortunately I won't find the references without a lot of googling. On the other hand Semantic Web is pretty much dead, HTML5 being not related to XML rather went further away again IMHO. Also IoT didn't seem to find the adaption as expected for home users, at least I don't find myself interacting with IoT devices on a day to day basis.

That said, IPFS servers and clients are there but it's not in use. So it would be quite a stretch to call that "officially" Web 3.0 until it will be in use by a significant amount of end user applications. Until now also blockchain (read Bitcoin) payment is very exceptional despite tons of frameworks, libraries, servers and clients. Even for the semantic web there are bizillions of tools but the information value remains questionable.

Looking back at Web 2.0, the transition went much more smoothly from static Web 1.0 to usage of "DHTML", HTML 4.0 with much JS/Ajax and eventually popular services making a lot of use of it, namely Facebook and Google including their plugins that were embedded on lots of websites at that time and still are.

Anyways, would be nice if a new development would get traction...

It's the name of the ethereum JS library:

https://github.com/ethereum/web3.js/

The idea is that cryptocurrencies will represent the 3rd wave of the internet after web 2.0 https://en.wikipedia.org/wiki/Web_2.0

Although Tim Berners lee tried to coin web 3.0 as the semantic web but that's not really taken off as a concept.

Haha, interesting.

I had the feeling everyone tried to coin web 3.0 for many years now and it didn't really take off.

Yet, the way Web 3.0 works in practice is with a browser extension (which Reborn basically integrated) that does http API calls to a centralized 3rd-party server.

So while they market decentralization and trustlessness, they are one server-compromise away from getting fed a completely false view of Ethereum's blockchain state and losing all their funds.

If that's an attempt on web 3.0, we might as well just skip straight to web 4.0.

You can use this with your own node without trusting any 3rd party server. Right now this takes some effort but projects like Ethereum 2.0 will enable running a self hosted trusted node on low power devices and even mobile phones via checkpoints. It's not a good idea to use today's capabilities to judge future use cases.
> "Web 3 is an umbrella term for a set of emerging technologies

Umbrella Corporation... here we go

Two questions : How different is this reskined chrome different than brave if I were to consider using it?

Can we still rely on opera and trust them (after their Chinese acquisition)?

Are you saying that any Chinese company is untrustworthy? Because most of our world runs on Chinese technologies, eg. the ZTE hardware a technician has just installed at my home.

Edit: that is NOT an argument for its trustworthiness...

The fact that they sell a lot of it does not mean it's trustworthy. That means it's cheap and cost-effective, all else being equal. Trust, and the use of information, however, are exquisitely difficult to assess until it's too late. And humans, as a species, are well known for trading less pain now for more pain later.
> The fact that they sell a lot of it does not mean it's trustworthy

I did not claim that. I merely said that it powers most of the world - meaning that most of the world is compromised, if so.

> most of the world is compromised, if so.

This is the only assumption which is safe to make.

The question is not if your internet communications are being monitored, the questions are who and why.

I think in terms of track records there isn't a huge difference between a Chinese-owned and a US-owned company. If you're already searching outside that sphere of influence, that makes you a huge outlier. Assuming that you are not, I think putting just the focus on the nationality here is maybe not a strong argument in any direction.
I'm not sure why this was downvoted. US companies have been caught regularly adding backdoors to products sold abroad (from the top of my head, I seem to remember IBM admitting the charges, Microsoft being caught red-handed, etc.)

Last November, Emmanuel Macron gave a big speech about the fact that the EU cannot rely anymore on the US as an ally for cyberdefense, because the US spent so much effort spying on the EU (and regularly getting caught) that it was not even nearly possible.

So yeah, I trust US companies about as much as Chinese companies, which is not much.

Not like there's a lack of open source web browsers. Why go specifically for the closed source Chinese-owned browser that asks for your crypto keys and provides a "free" "VPN"?
In general, I would not be inclined to implicitly trust any Chinese company less than any US company

However, I do believe that reliance and trust in Opera of yore would have been based on those running it before circa 2011-2013 when there was a major change of staff, resignation of founder, switch to Chromium/Blink, etc. That all predates the Chinese acquisition (2016)

Regarding point #2: Nope. Hell no. Our hardware might run on hardware from Chinese ODMs but there's no evidence that they have MITM hardware devices in them. But a software company owned by the People's (sic) Republic of China -- the same government that runs the Great Firewall -- can get bent.
Crypto's main issue is not the UX. It's the volatility and costs(i.e merchants pay less for the same crypto). Until these two issues are fixed it makes no sense to use crypto payments unless you are denied access to mainstream payment networks(visa/mastercard).

The VPN should be integrated at the OS level not browser level.

Crypto in this case is also being used as an authentication / password replacement system. Signing with your wallet address proves you are a specific person. So that alone is a great reason to include the wallet.
I'm not sure how I feel about tying authentication with payment. It means anywhere you log into with this address knows your payment history with this wallet.
>> Signing with your wallet address proves you are a specific person. So that alone is a great reason to include the wallet.

No, it doesn't. It just proves that you own/hold a private key. You need to build an identity protocol on top of that if you want to prove that you are a specific person/organization. Such protocols have been around for quite some time before crypto currencies. It's just they don't have a good UX, that's why most websites require a password based authentication instead of a key/certificate.

I like a lot JWT/JWT as it has a lot of useful attributes(. e.g the "acr" attribute) so you better start with that than a crypto wallet

Can you name a few such protocols?

Your statement makes me very curious because as far as I'm aware, key distribution is the core problem of asymmetric cryptography. I can generate a private key and say I'm you, and there's nothing stopping me from doing that.

The only solution I'm aware of so far is DNSSec which starts from the operating system level.

I think they meant to say a specific "account" rather than getting into person-hood.

I have been wanting what the op describes for a long time - why do we have to "create" accounts? Why can't we simply tell the site our account with our request. For a dumb example, having "?publicKey=(key)" in the url. That way the site can know who we are and be able to link our profile, provable by our ability to sign using the private key, does away with login forms, does away with password recovery flow, does away with email single-point-of-failure, allows us to switch profiles easily, etc. It's mind-boggling that every site in the world rebuilds login logic.

You are equating crypto with payment but it's really moved on from that. The blockchain space really about competing with Ethereum to provide a decentralised platform for applications - what some people term as web3.
I was not aware web 3.0 is a thing yet. Is there any "killer" web 3.0 app? From what I've seen most are small crypto currency apps or web 2.0 apps with a crypto payment/token component. Is IPFS considered Web 3.0 as well?
Yes, I would say ipfs is an important component of web3. Ethereum has it's own competitor to ipfs called swarm which provides the static content hosting to pair with decentralised database (Ethereum blockchain), and decentralised messaging (whisper), to provide a fully decentralised application platform.
I'm not sure how a decentralized message application can be safe from flooding.
The biggest killer web 3.0 dapp right now is something generally refered to as DeFi (Decentrilized Finance). There are several dapps that make up defi, including MakerDAO, Compound, Uniswap, Dharma, dydx to name a few.
These are non-issues in the long-term:

> cost

All currencies have an acquisition cost, usually in the low percents. Bitcoin is actually on the cheaper end these days at around 10-25 bps.

> volatility

Prices of things are reflections of the aggregate opinions of those things by everyone in the market. When prices are volatile, that means people's opinions of those things are volatile. And that's because those things have a lot of unknowns associated with them. As time goes on, and society observes the thing more and how it behaves in different circumstances, the better people will be able to predict the effect of future events, and the lower the volatility will be. In a thousand years, for example, when almost any possible event that could have happened to Bitcoin has happened, volatility could be near 0, and price will probably appreciate predictably with population growth.

(comment deleted)
the blockchain-based Internet of the future, also known as Web 3

So...how does the koolaid taste?

> free and unlimited browser VPN

How can they do this for free?

(comment deleted)
They log all your data and use it for surveillance.
It clearly says they don't.
That's tooth fairy trust. Last year china got rid of all its VPN apps in the apple store, how can someone would trust a VPN made by a Chinese company?
(comment deleted)
while they may end up monitoring you I think the most direct reason is that it is a feature they hope will attract new users and that they will use search referrals to make money like other browsers use.
In addition to ad blocking, VPN is becoming a very important feature for modern web browsers. With so many countries blocking websites and websites geoblocking users it becomes necessary to help users circumvent that to access a wide web. This is kind of the whole point of web browsers, give access to world wide web, not local web.

Interestingly, Opera trying to compete with other browsers makes it pursue users interests, while other browsers yet again don't see Opera as competition, ignore users and pursue megacorp interests instead.

It’s a small jump from blocking websites to blocking popular VPNs. I know two countries which block websites (Russia and Kazakhstan) and they either block or have plans to block VPNs. I don’t see centralized VPN as effective solution for that problem.
Of course it's not a solution for countries that block VPNs, but most countries that block websites don't do that.
How do you block a VPN though? Do you just constantly chase after their IP addresses? I mean Netflix and similar services do try but with not much luck really.
Yeah you block vpn providers ip ranges and it's actually very effective unless you're deploying e.g. ovpn on a box yourself. Even then some sites will block content submission from large hosting provider ranges as well.
That isn't at all the same problem: Netflix is trying to block being accessed by a VPN, while China/Russia/etc. want to block users from talking to a VPN.
How do you block "talking" to a VPN?
When packets traverse the edge router, IX, cable (landing) station, .. if they're recognised as VPN traffic, then the server's IP (or IP / port) is added to a blacklist, every subsequent packet is dropped.

https://en.wikipedia.org/wiki/Deep_packet_inspection

Yup; this is why VPN over HTTPS is a thing.
HTTPS has whole series of side-channel leaks, which can be exploited to fingerprint the tunnelled protocol: many implementations don't add padding or active probing resistance.

Sizable communications with an uncommon IP can be singled out by netflow analysis.

But yes, it usually works.

You will start with blocking their websites. Then you might want to reverse-engineer it just a little bit (for example to find out which domains they connect to) and block those domains. Usually that's enough to block most of people from using it.
Netflix do it with a good amount of success I thought.

Self hosting a vpn is still beyond the vast majority of consumers and every big player in the market has their ip ranges mapped thoroughly.

You use deep packet inspection to detect and block VPN protocols. Ask the Egyptian gov!
> Interestingly, Opera trying to compete with other browsers makes it pursue users interests

Lol, sure the closed source browser owned by chinese is out there for user's interests! /s

That used to be true before it was sold in 2016 to a Chinese conglomerate. As noted above, the Chinese removed VPN apps from the Apple app store, but they left this one. Which means it's compromised.
How does it conclusively mean that?
You cannot legally sell a VPN without lawful intercept capabilities in China. My guess is that if the Chinese authorities have let this VPN pass through the system, it could mean there must be some way for the Chinese authorities to intercept traffic. Of course, this conclusion is not backed by any evidence.
This had me thinking. Since Cloudflare wants to provide free VPN. May be they should collaborate with Firefox and Offer a Browser with Cloudflare VPN / DNS by default?
Mozilla already partnered with ProtonVPN.
The background color is different of the tab and with white border color, it's so ugly.
A company that sold itself to a Chinese consortium for $600M announces a free VPN service.

That's some high quality humor.

If it's free then you are the product
On the new internet, this tired adage is already outdated. You're still the product even if you're paying.
In this case, the user is fuel for the product.
Unless it's under the GPL.
Why's that supposed to be humorous?
The Chineese apple store got purged of all its VPN apps last year. If this one is approved by the party, it has to be quite good!
I'd rather be surveilled by the Chinese government than Google/Facebook and other FAGMAN companies.

At least I don't live in the Chinese jurisdiction, while the tech giants do whatever they can to slip their tentacles into every website you visit, even if you don't do any business with them and actively fight their spyware. The Chinese government doesn't want to sell me anything either.

Id rather be surveiled by neither, and a VPN does very little to prevent stuff like browser fingerprinting.
Just block scripts and randomize the useragent, here's your new fingerprint every minute.
> Just block scripts

And make the web nigh-unusable.

and be the one very strong signal from $VPN_IPRANGE that has a random wacky user agent, along with disabled scripting (and a quite comprehensive CSS fingerprint to boot).
My fingerprint is different every minute. That "very strong signal" is discarded by every surveillance engine as useless noise.
There are like three dozen factors in a web user's fingerprint, of which the user agent is just one. And no, the rest aren't all controlled by JS.
Won't even download or think twice about now. Thanks for the reminder.
(comment deleted)
No American company is to be trusted either - not with shadow courts ordering companies to hand them data and install backdoors and not tell anyone about it.
what a greedy and evil world we have now.
I would rather the Chinese have my pr0n logs and such than Google / Facebook / NSA

Preferably nobody would have it.

I assume American VPN providers are all gathering data for the NSA. Russians for Russia, China for China.

I think I'll wait for Web 4, with three dimensions and time. I hope it's as fun and conducive to creativity as MineCraft!
Opera is closed source browser owned by the Chinese.

There is literally nothing they can say that will make me install this software.

Please don't post racism like "the Chinese".
(comment deleted)
I seriously doubt if the concern (however poorly phrased) was in reference to the ethnicity as such.
apparently we are currently on version 3 of the web?
3.0.5274a-rc99, haven't you been getting the release notes?;)

(But seriously, it's like HTML5; there probably won't really be another major version ever, just new things built on top of the existing schema)

I must also have missed 1.0 and 2.0 too then
1.0 was the static web, 2.0 is basically HTML+JS+css, 3.0 includes a value exchange protocol layer.
This looks a bit like Neon, which to me the UX is a bit of gimmick. Since Opera is sold to a Chinese company, I may consider this if Opera's going to open source it's code. Btw, I believe nothing is free, you are just paying it in a non monetary form.
Installed, and uninstalled when I found it automatically add it's icon to my dock. (It's the first mac software I ever installed that add it's icon to dock itself)
God I miss Opera 12, Presto and Dragonfly. :(
You might be interested in Vivaldi, a chromium fork made by some of the same people that originally made opera.

https://vivaldi.com/

It's not a Chromium fork, it basically is Chromium with a custom UI and stuff added on top.
So, in other words... it's a Chromium fork.

It's not a Blink fork, if that's what you mean. They built a new browser, using the HTML & JS engines from Chromium. The rest of the browser is different. As a user, I consider the HTML & JS to be commodities, and everything else to be the salient aspects that I look at when choosing between browsers.

What's the point? That one doesn't have the features from version 12, either.

spatial navigation, bittorrent, author mode, full page indexing for history, mouse gestures, key bindings editing, icons/buttons customisation, cycle show images/cached images/no images, shrink width to fit screen, presentation mode, panelise web page, navigation bar, tab preview pictures, custom icon sets installable from vendor homepage, all menus customisable by editing ini files

I remember having 300 open tabs on a 4GB Core2Duo computer... How time flies.
I really like Opera and use it as my main browser. Yes, that Chinese company is notorious. Just don't put any spyware in your oversea version. If you have to, please only plant it in Chinese release.
I don't like the term Web3 and I think a lot of people using the it are basically pushing snake oil.

However, I really like the idea of eventually having client-side decrypted data, and censorship-resistant "torrent-like" distributed content. Whether cryptocurrencies must play a role in this or not remains to be seen.

Having the ability for users to pay granularly for their use of web infrastructure is a key requirement if we want to transition away from a model where big corporations with dubious motives pay for web infrastructure.
This is an interesting idea. Do you know of any good articles/books about it? I am interested in learning more.
A good chunk of the cryptocurrency space is built around this idea. Some more well known projects are Filecoin and Blockstack.
Or links with example pages where to experience that would be nice
(comment deleted)
what IS web3?
nm. i thought it was like web 3.0 or something, turns out it's an etherium api?
Isn't it misleading, to discuss it as a "vpn service"? If you install a binary, that not only controls vpn channel on both sides, but is also a browser, do I understand it right, that it can completely highjack the trust mechanisms, and happily MITM anything you visit? Is there any way to find out if it's really establishing, well, vpn connection (e.g. openVPN or Wireguard), without DPI hardware and corresponding expertise?
This is the same as any non-tech person using a "VPN". They do not care about privacy or anything. So this makes sense.
Please correct me, if I'm wrong. When a non-tech person buys a vpn subscription, she may be provided with a tunneling software, but the key exchange is still happening in the browser. If the site shows a green lock, you can trust the connection to be encrypted, to the extent you trust Mozilla.

Also, many vpn providers let you use open source software, like OpenVPN.

Opera, however, can ship an installer with a statically linked mock ssh lib, that's always showing a green lock. It's a much more sinister threat model.

Mozilla could do the same. That said, I do trust Mozilla quite a bit more.
If you have a malicious browser publisher, you have bigger problems than the networking layer to worry about.

The browser already has access to all your keystrokes and all the data it's displaying to you. In some way, it's a "Man In The Middle" that sits at the UI layer and will be able to sniff anything both ways irrespective of the networking layers.

That password coming from your "secure keychain" (or any other password manager)? It is also visible "in the clear" by the browser. Only challenge-based, out-of-browser authentication methods will keep the browser from seeing your secret, but it'll still be able to snoop your interaction both ways, and make sensitive API calls on your behalf (like transferring money, etc). There are other methods like OTP that also limit the exposure of your secret, but don't protect against the main threat of hijacking an authenticated browser session.

Thankfully some services add another layer of authentication for "sensitive actions", but it's not that common, and it is often weak (for example, sending an SMS with a code). Better than nothing of course.

> It allows you to browse and make transactions the blockchain-based Internet of the future, also known as Web 3.

Pretty important press release for Opera. You'd think they'd proof read it?

How is any of this new? I mean it's cool, but we already have most of those features with Firefox and extensions.
You can have almost anything through extensions and that doesn’t disqualify built-in alternatives such as this.
I don't use Nu-Opera, but when I used classic Opera the main selling point for me was not needing extensions. I have neither the time nor the expertise to curate extensions and stay up to date with new browser trends. Built-in features mean that I'm only trusting one entity rather than entrusting my privacy to a half-dozen individuals or small teams, it means that there is a stronger guarantee of maintenance and not breaking, there is a stronger guarantee of inter-op, and when something breaks I have one place to complain to rather than wondering if it's an obscure interaction between three pieces of quasi-independent software. The overall experience was much more seamless than what it would take to collect the equivalent set of feature into Firefox.

... the "trusting one entity" was a big part of the sell for me originally, and it a big part of the reason not to use Opera anymore. The company was purchase by a Chinese investment firm, which I'm a little light on details but seem to recall them being heavily invested in advertising.

It is crazy world. The most notorious company in China for stealing people’s privacy told the world it has a VPN browser.
Opera is a Chinese owned company now, right? How safe are you in trusting a Chinese VPN? Maybe slightly better than a VPN operated by Facebook...maybe?
Last time I looked at operas "VPN," it wasn't even a VPN. Just a http/https proxy.
Opera is owned by Chinese governments. It’s worse than Huawei.