Firefox and Tor? Forget about it!!
nnnnnnnnnnnn at Safe-mail.net
nnnnnnnnnnnn at Safe-mail.net
Mon Dec 21 05:12:07 UTC 2009
With mounting security problems I'm finally saying, "Firefox and Tor? Forget about it!!"
http://secunia.com/advisories/37699/
I want something less bloated like Dillo:
http://www.dillo.org.
I haven't tried the old & outdated distro called ELE:
http://northernsecurity.net/download/ele/
"What is ELE?
ELE is a bootable Live CD Linux distribution with focus on privacy related software. It is based on Damn Small Linux and aims to be (obviously) as small as possible. The first release was 65M, the current one 61M.
What does it include?
Irssi, Gaim, Dillo, Firefox, SSH, VNCviewer, Xpdf, most of the standard Linux apps like wget and vi. It uses the Fluxbox window manager. Everything, except VNCviewer at the moment, passes thrugh Tor. When using Dillo or Firefox scrubbing is done by Privoxy and the Google search engine has been replaced by Scroogle."
but it sounds sweet. I've decided to go in this direction, using Dillo and Privoxy on a personally rolled together Linux LiveCD or USB. I'll try basing it off of Damn Small Linux
http://www.damnsmalllinux.org
first to see how well it works.
When using Firefox and Torbutton* along with Noscript* and Privoxy* (or other extensions), It feels like I'm riding on an elephant or whale of a creature who is open to anything with its seedy downtown brothel breath fogging up my glasses. Firefox doesn't feel safe to use anymore, especially in a tor environment where hostile injections are a growing concern. (* No offense to Torbutton, Noscript and Privoxy developers you make fine software and I'll continue to use Privoxy with another browser, but how many more combinations will we continue to need to plug Firefox's issues with tor usage and how many soft spots could be considered possible or future vectors in each piece we plaster on top?)
Please tell me what you think of all of this and whether or not this is a proper direction to go on or if Dillo's audience is limited and doesn't receive enough testing to warrant switching to Dillo.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list