Novice browser questions

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Novice browser questions

Charles Blair-2
   Is the absence of a graphical browser from the base system
a statement that any attempt to do such things as look at
stuff on youtube is inherently unsafe?

   Is tor considered a safe way to do anonymous browsing, or
does openbsd recommend an alternative?

Reply | Threaded
Open this post in threaded view
|

Re: Novice browser questions

Otto Moerbeek
On Sun, May 01, 2011 at 11:35:04AM -0500, Charles Blair wrote:

>    Is the absence of a graphical browser from the base system
> a statement that any attempt to do such things as look at
> stuff on youtube is inherently unsafe?

There are various reasons why there is no graphical browser in base. I
don't think youtube has anything to do with that.

>
>    Is tor considered a safe way to do anonymous browsing, or
> does openbsd recommend an alternative?

We are not in a position to recommend anything. Use your own judgement
based on your requirements.

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: Novice browser questions

Kraktus
In reply to this post by Charles Blair-2
On 1 May 2011 12:35, Charles Blair <[hidden email]> wrote:
> B  Is the absence of a graphical browser from the base system
> a statement that any attempt to do such things as look at
> stuff on youtube is inherently unsafe?

Not speaking officially, but, as I understand it, the general idea is
that any unnecessary software is also an unnecessary security risk.
Therefore, you should only run necessary software, which results in
necessary security risks. What is necessary varies from one person to
another, so OpenBSD ships with very little enabled by default ("secure
be default") and you have to go install and enable the things that are
necessary to you personally.

I find it very empowering. Rather than being handed an insecure but
feature-rich operating system and having to try to lock down the
features I don't want, and ultimately fail because a) I'm not a good
enough security expert and b) it's not even possible to lock down most
operating systems as well as OpenBSD short of some major code
revisions and audits... I get to choose which security risks are worth
taking. Horray!

I doubt there are any graphical browsers under the BSD license, which
wouldn't help either. Things which are under a more restrictive
license than that are generally segregated to ports and packages and
not included in the main system.

> B  Is tor considered a safe way to do anonymous browsing, or
> does openbsd recommend an alternative?

I don't think the OpenBSD project offers any recommendations on that.
Anonymity is a different type of security than the type OpenBSD is
offering. (Of course, running OpenBSD will certainly foil many
attempts to break your anonymizing proxy by installing some kind of
spyware or something.)

I believe the three major ones are Tor, JonDo, and i2p. The last is
really only useful for accessing their own internal i2p network.
(There's also Mixminion, although I think it's more academic than
useful at this point.) However, they are all reputable open source
projects, each with different strengths and weaknesses. Each needs the
browser or other application to be configured properly for optimum
anonymity. However, a detailed discussion on all that is really
outside the scope of this mailing lists, especially given that those
projects have their own mailing lists and forums.
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
https://anonymous-proxy-servers.net/forum/viewforum.php?f=8
http://forum.i2p2.de/

Reply | Threaded
Open this post in threaded view
|

Re: Novice browser questions

Tomas Bodzar-4
On Mon, May 2, 2011 at 3:05 AM, Kraktus <[hidden email]> wrote:

> On 1 May 2011 12:35, Charles Blair <[hidden email]> wrote:
>> B B Is the absence of a graphical browser from the base system
>> a statement that any attempt to do such things as look at
>> stuff on youtube is inherently unsafe?
>
> Not speaking officially, but, as I understand it, the general idea is
> that any unnecessary software is also an unnecessary security risk.
> Therefore, you should only run necessary software, which results in
> necessary security risks. What is necessary varies from one person to
> another, so OpenBSD ships with very little enabled by default ("secure
> be default") and you have to go install and enable the things that are
> necessary to you personally.
>
> I find it very empowering. Rather than being handed an insecure but
> feature-rich operating system and having to try to lock down the
> features I don't want, and ultimately fail because a) I'm not a good
> enough security expert and b) it's not even possible to lock down most
> operating systems as well as OpenBSD short of some major code
> revisions and audits... I get to choose which security risks are worth
> taking. Horray!
>
> I doubt there are any graphical browsers under the BSD license, which
> wouldn't help either. Things which are under a more restrictive
> license than that are generally segregated to ports and packages and
> not included in the main system.

xxxterm works excellent with youtube html5

>
>> B B Is tor considered a safe way to do anonymous browsing, or
>> does openbsd recommend an alternative?
>
> I don't think the OpenBSD project offers any recommendations on that.
> Anonymity is a different type of security than the type OpenBSD is
> offering. (Of course, running OpenBSD will certainly foil many
> attempts to break your anonymizing proxy by installing some kind of
> spyware or something.)
>
> I believe the three major ones are Tor, JonDo, and i2p. The last is
> really only useful for accessing their own internal i2p network.
> (There's also Mixminion, although I think it's more academic than
> useful at this point.) However, they are all reputable open source
> projects, each with different strengths and weaknesses. Each needs the
> browser or other application to be configured properly for optimum
> anonymity. However, a detailed discussion on all that is really
> outside the scope of this mailing lists, especially given that those
> projects have their own mailing lists and forums.
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> https://anonymous-proxy-servers.net/forum/viewforum.php?f=8
> http://forum.i2p2.de/

Reply | Threaded
Open this post in threaded view
|

Re: Novice browser questions

LeviaComm Networks NOC
In reply to this post by Charles Blair-2
On 01-May-11 09:35, Charles Blair wrote:
>     Is the absence of a graphical browser from the base system
> a statement that any attempt to do such things as look at
> stuff on youtube is inherently unsafe?
>
Browsers take a lot of space on install media
We like choice, not everyone wants Firefox/Opera/Conqueror/whatever, so
we leave the choice to the user.

>     Is tor considered a safe way to do anonymous browsing, or
> does openbsd recommend an alternative?
>
Nothing on the internet is anonymous, you can obfuscate your session all
to hell, but it will never be anonymous.