Am 2015-05-18 um 01:12 schrieb Pedro Worcel:
Keep in mind that if you use a non-tor browser in order to browse
through Tor you would still be trackable to a degree.
I would guess that there is no anonymity with tor anyway unless you
use a virtual machine based solution like f.i. Whonix.
Otherwise one would have to restrict oneself to using torsocks
wget/lynx/w3m/elinks which I consider to be rather save
browsers/ downloaders. If you do not have lynx/w3m/elinks you could even
use wget + vim/mcedit/less in certain cases
as me lately when downloading Debian:
torsocks wget
http://cdimage.debian.org/debian-cd/8.0.0/amd64/jigdo-dlbd/SHA512SUMS
torsocks lynx http://atterer.org/jigdo/#download
or: torsocks wget
http://atterer.org/sites/atterer/files/2009-08/jigdo/jigdo-bin-0.7.3.tar.bz2
sha256sum jigdo-bin-0.7.3.tar.bz
58b8a6885822e55f365c99131c906f16ceaaf657c566e10f410d026704cad157
jigdo-bin-0.7.3.tar.bz2
torsocks wget
http://cdimage.debian.org/debian-cd/8.0.0/amd64/jigdo-dlbd/debian-8.0.0-amd64-DLBD-1.jigdo/.template
torsocks jigdo-bin-0.7.3/jigdo-lite debian-8.0.0-amd64-DLBD-1.jigdo
sha512sum debian-8.0.0-amd64-DLBD-1.iso
Shell sessions as above should usually not be necessary unless you
download two times with wrong SHA512 over plain http.
Both times jigdo had reported me a matching checksum; unfortunately the
SHA512 definitely did not match. Usually you should
be good with the first line applied on a plain http jigdo download (too
bad that it does not support https + DNSSEC/DANE).
I never leave a computer with preinstalled tor; I always boot from
read-only media like a DVD. However some of these media
are not entirely trustworthy: I always stop all unnecessary services
(netstat -atupn) and often disable network-manager before
going online. macchanger -a eth0 may also be helpful.
Unnecessary to mention that anonymity gets lost as soon as your host
operating system gets compromised. It is also well
known that the NSA and possibly other intelligence services attack tor
users on a regular basis if they are interested in what they
are doing.
Regards,
Elmar
Please see https://panopticlick.eff.org/
2015-05-08 16:18 GMT+12:00 Riley Baird
<bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch
<mailto:bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch>>:
I'm not from the iceweasel team, but I can assure you that most,
if not
all, of the bugs in Firefox have been accidental.
If you are concerned about privacy (which is a good thing!), then I
recommend that you use the Tor browser.
If you don't trust that because it's based on Firefox, then try to
find
a browser that you do trust and tunnel it through Tor.
If you don't trust Tor, then I don't know, maybe you could use someone
else's computing device :)
On Fri, 08 May 2015 03:47:01 +0200
Weber <kwebe...@gmx.de <mailto:kwebe...@gmx.de>> wrote:
> dear iceweasel team
>
>
> is it real that the bugs from mozilla and partners will never end?
> Dont you think there is a ns-agent at mozilla ? or even some at
debian ?
> producing bugs and bugs and bugs....
> more and more
> instead of less....
>
> yes man it is ! Mozilla is a bought IP tracker and sniffer .
> IPs going over Google Server,which Mozilla uses for own work.
>
> north korea has 1000 agents
> and the us about 5000 or more? china 10 000 ?
> Now guess...
>
> for this reason i will ask you to harden iceweasel
> and icedove with best sec settings and with best data privacy ,
> which i miss until today.
> no script is good, but it can be better.
>
> its not good to have a very fat browser changing every months
its basic
> features and get fatter and fatter, open for more fatter
> unsecure apps and modules.
> (which are now checked, ok , but not for privacy!
> mozilla does not give any possibility in the app store ,that
developers
> can / Must fill out with privacy and sec options/info.
> why? )
>
> privacy is not ,when firefox-Icew. opens any !!! TCP silly app
checker
> or else after i start it.
> and is not ,if google servers are standard in background,
> or any other social shit configs in the background users never
can read
> in front in an easy way,
>
> and is not , if any other soft is loaded while using it.
> and is not , if the code is getting a bubble to 80 MB
> and no one can find a sec hole in one day.
>
> security and privacy is lost in debian ,too
> and in mozilla for many years now.
> mozilla dont want to change this,because they are not free
> anymore .
> this must be changed!
> money for programmers is good, but not in this way.
>
> they are big enough to make 200 mio without google.
> but they will not. they are in a hidden project as snowden told us.
>
> mozilla adverts in a very unfair way on their website
> with privacy, they lie to users,who dont know how to protect
themselfs.
> mozilla does this special setting behind to hide it from normal
users!
> thats bad !
>
> and they dont tell the users,what they do with the meta date they
> send to THIRD paries!
> ask them !
> now!
> and send us the answer.!
> come on.
>
>
> bug is a program.! bugs ar bought/payed by third partners/agencies
> !
> fuck this shit.
>
> sorry thats a bad work you do,and i ask you ,why nobody
> works against it or nobody wants to get rid of the trackers and
> perhaps sniffers.!?
>
> this linux is not the vision of the founders of Linux/GNU for
> NON - sniffing , tracking tools !
>
> do it better now, please.
>
> reduce code, delete remote chat app video code ,
> reduce any code which is is not stable and we dont need for html
sites.
> we need no flash shit, no apps , we need
> a browser which is secure more than 2 days in the year!
>
>
> or:
> you create a second edition browser , which runs "lighter" and more
> secure / undependend as the original.
>
>
> if you can remember , as i dont know your age,
> firefox was working with 1 MB Code in version 1!
>
> it was good enough for the slowest flash/java/video site or other
> much badder websites.
>
>
> now we have 80 times more code!!
> and about 20-50 more bugs each year! and very much critical bugs
> which can froze a window or remote exploit a debian or windows.
>
>
> firefox was a very good browser for a starter team ! until they
startet
> the bug program ,
> infiltrating all people on earth as IE does ,as experts write in
blogs....
> sometimes with the help of adobe flash.
>
> if you dont want to do anything, please leave debian
> and let others do this work.
>
> ps.
> we know that google sponsors debian too.
> they sponsor even german newspapers
> to get more profit and rights on the www market !
>
> thats not a way you should copy to GNU Linux.
>
>
> dont believe , if you type ps -ef , that you see all services
> on debian.its infiltrated in many of the 20 000 apps.
>
> some directly work with localhost mozilla engine other web
services.
>
> some are called "buffer overflow" on bug lists.
>
>
> and now tell me how much you get that mozilla and google ist
> on debian nr 1.
> ?
>
>
> regards
> weber
>
>
> Am 01.04.2015 um 18:10 schrieb Salvatore Bonaccorso:
> >
-------------------------------------------------------------------------
> > Debian Security Advisory DSA-3211-1 secur...@debian.org
<mailto:secur...@debian.org>
> > http://www.debian.org/security/ Salvatore
Bonaccorso
> > April 01, 2015 http://www.debian.org/security/faq
> >
-------------------------------------------------------------------------
> >
> > Package : iceweasel
> > CVE ID : CVE-2015-0801 CVE-2015-0807 CVE-2015-0813
CVE-2015-0815
> > CVE-2015-0816
> >
> > Multiple security issues have been found in Iceweasel,
Debian's version
> > of the Mozilla Firefox web browser: Multiple memory safety errors,
> > use-after-frees and other implementation errors may lead to the
> > execution of arbitrary code, the bypass of security
restrictions, denial
> > of service or cross-site request forgery.
> >
> > For the stable distribution (wheezy), these problems have been
fixed in
> > version 31.6.0esr-1~deb7u1.
> >
> > For the unstable distribution (sid), these problems have been
fixed in
> > version 31.6.0esr-1.
> >
> > We recommend that you upgrade your iceweasel packages.
> >
> > Further information about Debian Security Advisories, how to apply
> > these updates to your system and frequently asked questions can be
> > found at: https://www.debian.org/security/
> >
> > Mailing list: debian-security-annou...@lists.debian.org
<mailto:debian-security-annou...@lists.debian.org>
> >
> >
>
>
