View Single Post
  #2  
Old December 28th 17, 01:22 AM posted to alt.windows7.general,alt.comp.os.windows-10
Chaya Eve
external usenet poster
 
Posts: 202
Default For Windows experts only: How to find the unique Opera device_id associated with my setup?

On Wed, 27 Dec 2017 15:53:27 -0600, VanguardLH wrote:

find the unique Opera browser "device-id"?


Are you using the app-specified pseudo-VPN incorporated into Opera?


Thank you for looking into this problem, whose answer will benefit all.
Yes. Everything is stock.

The only thing I do differently from most people is my start page is set to
the following (and everything is checked):
opera://settings/clearBrowserData

That is when the device ID gets used (when connecting to SurfEasy VPN
server, owned by Opera).


My understanding is similar in that the local browser requests and receives
a "semi-permanent" new device_id the *first* time you connect to the
SurfEasy VPN.

From what I read (using a simple Google search, no super-wizard
expertise required), you can clear the device ID but a new one gets
created (when you next connect to their VPN server): Opera menu - More
tools - Clear browsing data - Third party services data.


It's my understanding, from the descriptions, that if you clear the browser
settings, the unique device_id is reset the next time you connect to VPN.

Since I'm not sure whether that works differently when the enable-vpn
button is checked, I generally uncheck the enable-vpn button before
clearing the "third party services data".

If you look, there are probably extensions that include purging
this local data.


Every once in a while I wipe out the two locations in the User hierarchy:
C:\Users\whoami\AppData\Local\Opera Software\
C:\Users\whoami\AppData\Roaming\Opera Software\
But I don't know whether the device_id is kept in any of those files.

You don't need the unique/device ID sent in the encrypted traffic only when
connecting to Opera's SurfEasy VPN server. You can change it anytime.


Other than when I am clearing the device_id, I keep the SurfEasy proxy on
all the time.

https://www.surfeasy.com/privacy_policy/
"For the VPN in Opera Browser for Desktop, we create a subscriber ID
(generated in sequential order across all subscribers) that allows us to
manage that user on our system. If that user clears their browser
cache/history, they+IBk-re assigned a new generated subscriber ID."


I have never been sure if the "subscriber ID" is the same or different from
the "device_id". Do you think they're the same thing? Or different?

I'm not on Linux but I think you are (are you?) where they have a file in
~/.config/opera called "Local State" which has two fields at the top, which
are called: uid and credentials

According to archived reports from Marek Novotny on the net, "uid appears
to stay constant as does credentials. If I clear history but do not clear
the VPN, then uid and credentials both remain constant. If I clear vpn then
uid stays constant, but credentials is wiped out. Upon a new vpn
connection, credentials returns and with a new credential.

This appears to mimic the actions described in the privacy policy."

But that "Local State" file does not appear in that location on Windows so
I am unable to confirm whether that works to just wipe out the file.

In Windows, there is C:\Users\whoami\AppData\Local\Opera Software\
..\Cache\
..\Certificate Revocation Info\
..\Media Cache\

Each of which seems to have the following files with the same timestamp:
..\data_0
..\data_1
..\data_2
..\data_3
..\index

It may be that the device_id (or subscriber id) is in these files but they
are scrambled eggs inside a Windows text editor.

Opera has their own newsgroups where your inquiry would be on-topic.
Probably opera.general is a good place to start.


I didn't realize that there was an opera newsgroup. There is also
opera.tech now that I look.

I tried Wireshark and Telerik Fiddler, but the amount of data is
overwhelming so I need to better filter out to see what's being
transmitted.


Since the traffic is encrypted, you won't be able to read it when
intercepting the web traffic from that web browser.


Thanks for explaining why both Wireshark and Fiddler4 didn't seem to show
the device_id being passed back and forth.

The information I was looking for was this, but I never found it with
Wireshark or Fiddler4 on Windows:
When the Opera browser with enabled VPN loads a page, it sends
many requests to de0.opera-proxy.net with a Proxy-Authorization
request header.
The Proxy-Authorization header decoded:
CC68FE24C34B5B2414FB1DC116342EADA7D5C46B:9B9BE3FAE 67
4A33D1820315F4CC94372926C8210B6AEC0B662EC7CAD611D8 6A3

What I noted above was found in a Google search on "opera web browser
device id".


I think our search results match, which is that nobody has ever asked this
question of how to obtain our unique device_id in our traffic with the
Opera SurfEasy servers.

Hence, the specific answer doesn't exist on the net except in generalities.

Well, until you purge the local browsing data to force a newly generated
device ID *when* you next connect to their SurfEasy VPN server.


I just want to check the efficacy of my "purging process" where I'd like to
see "device_id=xxx" in my traffic before the purge, and "device_id=yyy" in
my traffic after the purge.

Nobody has ever checked that, to my knowledge, on the net.
But shouldn't it be possible on Windows?

I've scoured the net for a Windows-expert method to identify the exact
device-id used. I can't find a method.


Since it can be cleared and a new one generated, what's the point of
knowing an old one?


See above.

Mainly I want to know if my purging worked.
Also we're both hazarding a *lot* of *assumptions* that the device_id is
actually cleared.
And, we're not clarifying whether it's cleared if you clear third-party
cookies with or without the VPN button checked.

In general, it's a bad idea to make so many cascaded assumptions without
the ability to check any of them.

Hence, if I could 'see' the device_id (even in encrypted form), I could
tell if it's *different* after running the above clearing actions.

I could also simplify the clearing process to only one step instead of four
steps, which would make clearing the device_id easier and safer for
everyone.

The device ID is unique to your instance of the Opera web browser (only
for the desktop version) and can be changed. It allows use of their
SurfEasy VPN server only by their web client. They probably don't want
to release details of how the ID is generated to prevent non-Opera web
clients from using/abusing their VPN server.


I agree with you that there is zero specific information on how to "see"
the device_id being transmitted between you and the SurfEasy server.

What's surprising is that everyone is taking this on pure trust based on
very loose wording in the privacy policy.

I just want to *see* the device_id.
That's why this isn't really an opera question. Or a proxy question.
Or even a security question.

It's simply a Windows networking question.

You could try an HTTPS MITM (man-in-the-middle) attack using a local
self-signed certificate to see if you could then dig out the unique ID
the Opera web client happened to generate (after it got past your local
MITM proxy and connected to their SurfEasy VPN server).


I don't know how to do that.

Here is an example of an archived key (unique ID) found at
http://deb.opera.com/archive.key:


That's beyond my comprehension level.

In the end, maybe it's just that pulling the unique device_id out of our
initial (and subsequent) communications with SurfEasy might be impossible
for a Windows user?

I hope not.

It seemed to me it should be this simple (but I don't hear that from you).
1. You turn on a network sniffer and capture the desired port traffic
2. You connect for the first time to the SurfEasy VPN
3. It hands you back a device_id (or subscriber_id)?
4. You disconnect and reconnect to the SurfEasy server.
5. You capture that device_id being handed *to* the SurfEasy server.

Would it take extreme Windows skills for us to be able to do that?
Ads