Does the TunnelVision vulnerability affect Opera’s free VPN?


You may have heard recently about a new type of vulnerability called TunnelVision that makes it possible for a malicious actor to bypass VPN protection. So you will be happy to know that Opera’s free browser VPN is not affected by it!

The research conducted by the Leviathan Security Group states that TunnelVision can cause a leak of VPN traffic when browsing under a very specific set of circumstances. Leviathan states that this issue affects all VPN providers and VPN protocols that support such routes.

Here at Opera, we investigated to determine how our users can protect themselves from this potential threat. We have concluded that users of our free browser VPN are, in fact, not at risk from TunnelVision.

What is the problem with TunnelVision?

TunnelVision is an exploit that takes advantage of DHCP – the protocol that configures the right settings in your device to allow it to connect to the internet. It enables an attacker to see where your internet traffic is going and even position themselves as a man in the middle. 

Typically, networks at risk from an adversary using TunnelVision would be public networks where VPNs are commonly used, such as coffee shops, airports, or hotels. By being able to take over a public network or set up their own, the attacker can redirect traffic outside the VPN to a specific destination of their choosing, exposing your browsing activity.

Why is Opera’s free VPN not affected by TunnelVision?

Good news: Opera’s free browser VPN users, whether on Desktop (including Opera One and Opera GX) or on Android, are not affected by this vulnerability.

On Desktop, this is down to the way that Opera’s free VPN encrypts and directs your browser traffic to Opera’s servers and from there to the internet. Unlike a full VPN, which protects the entire device, Opera’s free VPN only protects your activity within the browser. Your device’s DHCP configuration is not involved in the free browser VPN’s functionality, and so the TunnelVision exploit does not work in this case.

On Android, the operating system is not subject to the vulnerability at all, and so the VPN service in Opera for Android is not affected either.

The free VPN on Opera for iOS works differently to the other versions due to limitations placed by Apple on the iOS platform. We are currently evaluating whether the iOS version of our free VPN is at risk by TunnelVision.

Bottom line, while TunnelVision seems to be a concerning vulnerability for VPN users under very specific circumstances, Opera’s free browser VPN for Desktop and Android is not affected by it.

Keep browsing safely by tapping the VPN button on your browser! Learn more about our VPN services here.

User comments


You deserve a better browser

Opera's free VPN, Ad blocker, and Flow file sharing. Just a few of the must-have features built into Opera for faster, smoother and distraction-free browsing designed to improve your online experience.

Download now