On Fri, 29 Dec 2017 12:31:14 -0600, Char Jackson wrote:

Most people lock their door, but I don't know many people who take all
of the steps that you take. That's probably what Diesel was getting at.

Let's try to stay on topic, which is to first try to understand *what*
Opera actually does - and then - once we understand that - then we can see
if anyone here knows Windows well enough to figure out how to capture it.

I thought it was a valid question. "Windows Networking" isn't
responsible for creating or storing either of the unique IDs in
question, and by the time they're being transported, the session is
encrypted.

Your point about Windows isn't valid but your point about encryption is
valid. Windows should be able to capture anything that emanates from our
computers. If we can't capture what emanates from our computers, we're
essentially driving them blind.

As for encryption, yes, it may be encrypted - but - we know where it goes,
as it goes to de0.opera-proxy.net. And we know that it is preceded by
the following Proxy-Authorization request header.
* CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE 67
* 4A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D8 6A3

The point is that we are all ignorant, in that we are driving our Windows
computers with a blindfold on - and where all I'm asking is for advice from
people who know how to drive Windows better than I do - for how to remove
the blindfolds.

Same as above. I think he's asking a valid question.

What's a perfectly valid question is *what* does Opera actually do when you
run it on Windows, where, most people here are clueless, as am I.

What Opera does is like "winter". It does what it does. All I'm asking is
if anyone knows winter well enough to suggest a warm coat.

For example, trying to keep on topic even though I probably won't learn
anything from you - not because you can't help - but because you know even
less than I do about the problem set - we can at least *clear* the
sequential subscriber-id and the unique device_id, although we clear them
using two different methods:

1. The Device-ID is generated upon VPN connection by SurfEasy Inc
It's cleared on Windows using:
Opera: Menu More tools - Clear browsing data
[+]Third party services data

2. The Subscriber-ID sequential connection to Opera itself.
It's cleared on Windows using:
Opera: Menu More tools - Clear browsing data
[+]Browsing history
[+]Cached images and files

What I'm basically asking is, once we do this, does anyone on this
newsgroup know Windows well enough to say how one could tell whether those
steps actually work?

Essentially, what you're asking is:
1. What are the two unique IDs and where are they stored?
2. Can they be manipulated to gain more privacy?

That's almost correct; but not quite correct - but you do show an adept
understanding that the previous poster was clearly clueless about.

What I'm asking is:
1. Where is the unique SurfEasy-generated device_id & Opera-generated
sequential subscriber-id stored on Windows?
2. How can we prove using Windows tools that deleting them as per the
stated steps above actually worked?

For #2, it's difficult because they are in an encrypted session. You
don't have the right certificate that would allow you to decrypt the
session to see the values. I'm specifically referring to the one that's
supposedly generated on the fly by the Surfeasy site. The behavior of
that ID is similar to a session cookie in that it's generated by the
server on the first request, then sent to the client with the
expectation that the client will return it on each subsequent request.
It's stored in memory, but likely not on disk.

I admit I don't understand this public-key/private-key encryption sequence
but I'm hopeful that there is a way to at least *watch* it in action.

That is, we do the following using Windows tools:
1. We clear the device_id and subscriber-id as shown above.
2. We watch a session to see what happens.
3. We run enough sessions to see that these two numbers remain the same.
....
Then we repeat step 1 and 2 above.
From that, we should be able to tell (I hope) whether our manual clearing
of the device_id and subscriber-id was actually successful.

For #1, you might have seen examples back in July/August when you were
asking the same questions in alt.os.linux.

Marek Novotny helped immensely in finding out the process of clearing the
device_id and the subscriber-id.

It seems the process is sort of like this (as best I can tell).
a. You install Opera & use it on Windows
b. At some point unknown to me, Opera generates a sequential subscriber-id.
c. At some future point, you check the box to use the SurfEasy VPN.
d. That causes Opera to send the sequential subscriber id to SurfEasy
e. And it causes SurfEasy to generate a unique device_id.

These subscriber-id and device_id numbers remain the same until you clear
them using the methods described above.

So I clear them with each session, but I am using a multi-step method
because I don't know if they're cleared with the VPN turned on or off.

Mainly ... that's all I want to know, assuming that the clearing process
actually works. How will I know? Nobody knows the answer.

Do both get cleared if the vpn is off?
Do both get cleared if the vpn is on?

Basically, that's the question I'm trying to answer because *efficiency*
and privacy have to go together.

It's a valid question.
I knew only an expert could answer it as it requires knowledge of Windows
networking that I don't have.