On Fri, 17 Jul 2015 13:46:50 -0400, lukefro...@hushmail.com wrote: >When it really counts, I bring out the big guns by firing up >Torbrowser.
2 humans = 2² opinions Regarding TOR a message from the Arch general mailing list from today and regarding browser security in general, 2 mails from the Kubuntu users mailing list, also from today. Begin forwarded message: Date: Fri, 17 Jul 2015 13:00:30 -0400 To: arch-gene...@archlinux.org Subject: Re: [arch-general] current flash vulnerabilities - what to do? On 17/07/15 12:35 PM, Ralf Mardorf wrote: > On Fri, 17 Jul 2015 11:30:05 -0400, Daniel Micay wrote: >> The Tor browser is quite insecure. It's nearly the same thing as >> Firefox, so it falls near the bottom of the list when it comes to >> browser security, i.e. below even Internet Explorer, which has a >> basic sandbox (but not nearly on par with Chromium, especially on >> Linux) and other JIT / allocator hardening features not present at >> all in Firefox. What the Tor browser *does* have that's unique are >> tweaks to significantly reduce the browser's unique fingerprint. >> >> https://blog.torproject.org/blog/isec-partners-conducts-tor-browser-hardening-study >> >> Tor would be a fork of Chromium if they were starting again today >> with a large team. They don't have the resources to switch browsers. >> That would only change if they can get Google to implement most of >> the features they need. > > Vivaldi is based on Chromium. How does Vivaldi compare regarding > security and privacy to IceCat, Pale Moon, Firefox, QupZilla, Opera? > > https://aur4.archlinux.org/packages/?O=0&K=vivaldi > https://aur.archlinux.org/packages/?O=0&K=vivaldi It's a proprietary browser built on Chromium. It's not interesting from a security / privacy perspective. If you want Chromium without Google integration then you can use Iridium. It doesn't remove any tracking / spying code though. There wasn't any to remove. Their redefinition of tracking just means support for any service hosted by Google (like adding a warning message when a dictionary would be downloaded from them). Most of what it does is changing the the default settings to be more privacy conscious. https://git.iridiumbrowser.de/cgit.cgi/iridium-browser/log/ Begin forwarded message: Date: Fri, 17 Jul 2015 14:49:01 +0200 To: Kubuntu user technical support <kubuntu-us...@lists.ubuntu.com> Subject: Re: Any alternative for the Firefox plug-in 'Adobe Flash Player'? Hi all, On Fri, Jul 17, 2015 at 12:21 AM, Ralf Mardorf <kde.li...@yahoo.com> wrote: > On Thu, 16 Jul 2015 21:06:09 +0200, Bas G. Roufs wrote: >>However, for WIndows users, this problem might be far more dangerous. > > Why should it be more dangerous for Windows users? > For the very obvious reason that a 0-day exploit is inherently more dangerous on a less secure system, and Windows is by design less secure compared to the *nix-based systems like Mac OS or Linux. 0-day exploits can very very diverse, and the most obvious risk is getting malware through such an exploit. Regards, Myriam Begin forwarded message: Date: Fri, 17 Jul 2015 18:13:28 +0200 From: Ralf Mardorf To: kubuntu-us...@lists.ubuntu.com Subject: Re: Any alternative for the Firefox plug-in 'Adobe Flash Player'? On Fri, 17 Jul 2015 14:49:01 +0200, Myriam Schweingruber wrote: >For the very obvious reason that a 0-day exploit is inherently more >dangerous on a less secure system, and Windows is by design less >secure compared to the *nix-based systems like Mac OS or Linux. 0-day >exploits can very very diverse, and the most obvious risk is getting >malware through such an exploit. The main issue with bloated browsers and crappy extensions such as the one from Adobe is unrelated to the operating system. Most people already offend their own privacy by simply typing something into e.g. a Google search, already without confirming the search by pressing the enter key. They should start Firefox with e.g. Google, then launch Wireshark. As soon as Wireshark hopefully only displays "Keep-Alive", they should type and watch what Wireshark shows. As soon as very risky extensions are used or very risky features provided by a web browser and/or add-ons, the operating system isn't much involved. The risk is more on a level compared to the risk of a phishing website. I guess everybody understands that it doesn't matter what operating system is used, when sending your banking password to a phishing website. This is similar for a lot of security and privacy issues caused by web browsers and their extensions. -- ubuntu-studio-devel mailing list ubuntu-studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel
