nnnnnnnnn...@safe-mail.net wrote: > With mounting security problems I'm finally saying, "Firefox and Tor? Forget > about it!!" > > http://secunia.com/advisories/37699/ > > I want something less bloated like Dillo: > > http://www.dillo.org. > > I haven't tried the old & outdated distro called ELE: > > http://northernsecurity.net/download/ele/ > > "What is ELE? > ELE is a bootable Live CD Linux distribution with focus on privacy related > software. It is based on Damn Small Linux and aims to be (obviously) as small > as possible. The first release was 65M, the current one 61M. > > What does it include? > Irssi, Gaim, Dillo, Firefox, SSH, VNCviewer, Xpdf, most of the standard Linux > apps like wget and vi. It uses the Fluxbox window manager. Everything, except > VNCviewer at the moment, passes thrugh Tor. When using Dillo or Firefox > scrubbing is done by Privoxy and the Google search engine has been replaced > by Scroogle." > > but it sounds sweet. I've decided to go in this direction, using Dillo and > Privoxy on a personally rolled together Linux LiveCD or USB. I'll try basing > it off of Damn Small Linux > > http://www.damnsmalllinux.org > > first to see how well it works. > > When using Firefox and Torbutton* along with Noscript* and Privoxy* (or other > extensions), It feels like I'm riding on an elephant or whale of a creature > who is open to anything with its seedy downtown brothel breath fogging up my > glasses. Firefox doesn't feel safe to use anymore, especially in a tor > environment where hostile injections are a growing concern. (* No offense to > Torbutton, Noscript and Privoxy developers you make fine software and I'll > continue to use Privoxy with another browser, but how many more combinations > will we continue to need to plug Firefox's issues with tor usage and how many > soft spots could be considered possible or future vectors in each piece we > plaster on top?) > > Please tell me what you think of all of this and whether or not this is a > proper direction to go on or if Dillo's audience is limited and doesn't > receive enough testing to warrant switching to Dillo. > *********************************************************************** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > You may want to look at the Chromium Browser VM. It's beta, but functional and supports Tor. It's also 3x faster (inside a VM) than Firefox running natively on the host OS.
http://www.janusvm.com/chromium_vm/index.html " WHAT IS Chromium Browser VM? The Chromium Browser VM is what the name says, the Chromium web browser <http://dev.chromium.org/> running inside a virtual machine <http://en.wikipedia.org/wiki/Virtual_Machine>. The primary difference from other VMs is that the browser window is being exported back to the host OS using the X Window System <http://en.wikipedia.org/wiki/X11> (or X11) protocol. By running Chromium inside a VM, we are protected from unknown malicious exploits, vulnerabilities, and side channel attacks <http://www.deanonymizer.com> that could compromise our security, privacy, and anonymity. By exporting the browser window back to the host OS, we get a look and feel as though it's just another application on our system, even though it's running from inside the VM. This creates a secure environment in which we can now run Javascript, Flash, and Java in a browser without having to worry about compromising the host OS if we get exploited. " Side note, the ISO can also be burned to a CD-ROM and used as a boot CD. It may or may not be what you're looking for, but I thought I would throw it out there. *********************************************************************** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/