Opera Unite service opens a door to the PC
But is it too open? The sharing and collaboration service, still in the early stages of development, lacks adequate security measures, experts say.
Opera has released an early version of a browser-based sharing and collaboration service called Unite, which has been criticized by some security experts as having a level of protection that is too low.
Opera Unite, an application platform that turns the user's PC into a Web server, was unveiled in an alpha version by the Norwegian company on Tuesday. Components of the browser-based service include file sharing, photo sharing, a shared media player, a chat lounge, and the ability to run Web sites hosted on the user's PC.
While the user hosting the content needs to be running a particular version of Opera 10 for Windows, Mac, and Linux, those viewing the content can do so from within any browser, including Internet Explorer or Firefox.
Opera is trying to encourage developers to create new applications that use Opera Unite. "It all happens through the browser, so no additional software has to be downloaded, and it will work wherever Opera works (Windows, Mac, Linux and later mobile phones and other devices)," Opera product analyst Lawrence Eng wrote in a blog post on Tuesday. "Opera provides the platform and you provide the applications -- what you create is limited only by your imagination."
Eng referred to the initial Opera Unite applications as "just simple demos" and said the platform would allow for "a whole new class of social software on the Web ... [where] people can all connect directly without needing middlemen who control third-party servers." He also said the service will, in time, work on mobile phones and other devices, as well as on desktop computers.
The content is shared via Opera Unite by people sending other people URLs, and the security for protecting access to the content relies entirely on passwords. However, there are two ways to do this, and one method has been criticized by analysts as potentially posing a security risk.
When a person (the host) wants to share content, there are two options: either send a URL that leads to the host's personal landing page on Opera Unite, or send a URL that links to the application within Opera Unite that relates to the content they want to share.
With the first option, the host must send the viewer a password generated by Opera Unite for them to access the application. With the second option, the URL includes the password at the end, so it is in plain view if the URL is inadvertently shared. Also, with the second option, anyone who sees the URL does not need any further details to view the content, as clicking on the link will take them directly there.
"Be a bit cautious"
A spokeswoman for Opera confirmed to ZDNet UK on Tuesday that there is no encryption involved in the Opera Unite.
Asked whether the platform could be used by someone to access data on the host's PC that the host had not chosen to share, the spokeswoman said: "Definitely not -- unless they're a hacker."
"Opera Unite has been tested by a number of people within Opera, so the more people we have using the service, the more we'll know about the service itself," the spokeswoman added. "At this point, [you should] be a bit cautious in the files you're sharing -- only share amongst people you trust."
Greg Day, a McAfee principal security analyst, said Opera Unite was a "smart idea, going back to people self-hosting," and said there was "some value [from a security perspective], insofar as you are in control of your own data." However, he said there are also security risks associated with the approach.
"The [negative] is you have to have enough security integrated into the technology, or have the personal knowledge to put that security in around the technology," Day warned. "The logical evolution of services like Facebook was about simplifying the process, so you rely on a third party who, in theory, has the expertise to host on your behalf and keep it secure."
Andy Buss, a senior analyst at Canalys, said security based on the distribution of passwords was "an avenue to disaster."
"If there is no transport-layer security, it is easy to intercept the information being transported," Buss said. "This will need to be looked at as an option."
Another potential problem is related to intellectual-property violations, where hosts might illegally store copyrighted content on their PC and then distribute this via Opera Unite. Buss predicted that security and copyright issues will be a challenge for the next generation of internet applications, which will move a lot of activity now done on PCs to cloud-based services. "These services are required and useful, but they have to be as secure as possible," Buss said.
Asked about the copyright issue, Opera's spokeswoman said that if a user was found to be distributing copyrighted material, Opera would ask the user to remove the content and, if the person did not comply, would block the account. "This would only happen if the matter was brought to Opera's attention, as Opera does not monitor your data," the spokeswoman added.
Related story:
David Meyer of ZDNet UK reported from London.