From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  3 09:18:04 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D8DDA1065670
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Jun 2009 09:18:04 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F47F8FC15
	for <freebsd-questions@freebsd.org>;
	Wed,  3 Jun 2009 09:18:03 +0000 (UTC)
	(envelope-from cpghost@cordula.ws)
Received: from phenom.cordula.ws (phenom [192.168.254.60])
	by fw.farid-hajji.net (Postfix) with ESMTP id 13B502E363;
	Wed,  3 Jun 2009 11:18:00 +0200 (CEST)
Date: Wed, 3 Jun 2009 11:18:00 +0200
From: cpghost <cpghost@cordula.ws>
To: freebsd-questions@freebsd.org
Message-ID: <20090603091800.GA1177@phenom.cordula.ws>
References: <4d3f56c90906020812t40c5fcbv178bcd7f702356f@mail.gmail.com>
	<4ad871310906020843n3e7dc96ap28d5d622e844abf1@mail.gmail.com>
	<alpine.BSF.2.00.0906021757290.2065@wojtek.tensor.gdynia.pl>
	<20090603004914.73f40a60@gluon.draftnet>
	<alpine.BSF.2.00.0906030848330.49751@wojtek.tensor.gdynia.pl>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <alpine.BSF.2.00.0906030848330.49751@wojtek.tensor.gdynia.pl>
User-Agent: Mutt/1.5.19 (2009-01-05)
Subject: Re: Open_Source
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2009 09:18:05 -0000

On Wed, Jun 03, 2009 at 08:49:50AM +0200, Wojciech Puchar wrote:
> >>
> >> I mean things like sending private data to someone else, scanning for
> >> other programs i have on disk, my addressbook etc.
> >
> > Given enough incentive, it unfortunately seems even open source
> > developers will resort to sneaky tactics:
> > http://arstechnica.com/open-source/news/2009/05/mozilla-ponders-policy-change-after-firefox-extension-battle.ars
> 
> but it's at least much more difficult. And - my other rule fits very well 
> here. Avoid OVERCOMPLEX programs.
> 
> Unfortunately there are no well done WWW browsers for unix in the world.
> links -g is an exceptions, but in the same time it's quite limited.
> But have best fonts :)

You're right: browser code is overly complex, and a nightmare to audit
properly for security purposes.

That's why when working in a sensitive environment, I browse the web
primarily with elinks (with JavaScript disabled, of course), and
secondarily and only when absolutely necessary with the usual
firefox+noscript+abp...  both browsers running in a virtual box (qemu,
virtualbox) dedicated to this purpose and this purpose only.

Of course, I'm taking more precautions, as running in a box may still
not be 100% secure, if someone creative enough found a way to break
out of the guest OS into the host OS; but everything else is just
irresponsible and way too risky, from a security point of view.

Surely, not everyone has the same security requirements, and YMMV. ;-)

-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/