[arch-general] current flash vulnerabilities - what to do?

Florian Pelz pelzflorian at pelzflorian.de
Fri Jul 17 06:07:17 UTC 2015


On 07/17/2015 01:01 AM, Natu wrote:
> On 07/16/2015 02:55 PM, Ralf Mardorf wrote:
>> On Thu, 16 Jul 2015 13:43:25 -0700, Natu wrote:
>>> And yes, you have to turn off features in firefox to avoid
>>> similar spying behavior, but it can be done without maintaining your
>>> own version of the source code.
>> But we need to monitor Firefox. A minute ago I deleted 7 Yahoo entries
>> in about:config. Using Wireshark I noticed connections to a Yahoo
>> thingy. If you clean about:config from all unwanted entries, you might
>> automagically get new unwanted entries after a while. I consider my
>> machine as a digital audio workstation with less security and less
>> privacy. Pale Moon seems not to be (much) better. Maybe QupZilla is a
>> little bit better, at least the history is better usable :D.
> 
> Tor browser, or Jondofox are another possibility.  I'm pretty sure
> jondofox can be easily configured to go directly out to the internet
> without using their network (not that TOR or Jondo network's are bad,
> just too slow for many uses.  I do use both TOR and Jondo networks at
> times) and the browsers (both Tor and Jondofox are based on firefox)
> have been modifed  and hopefully spy features have been removed.
> 

There's also GNU Icecat in AUR and Parabola's libre repositories. I
don't think it has spyware, but it's probably not better security-wise.
The releases seem to lag slightly behind the Firefox ESR releases it is
based on.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20150717/5fe0eb01/attachment-0001.asc>


More information about the arch-general mailing list