DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Packages and Ports

OpenBSD Packages and Ports Installation and upgrading of packages and ports on OpenBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th December 2019
stanl stanl is offline
Real Name: Stan
Package Pilot
 
Join Date: Jun 2019
Location: New York
Posts: 163
Default Chrome or Firefox

Froma security/privacy point of view, which does OpenBSD consider a better choice?

Thanks
Reply With Quote
  #2   (View Single Post)  
Old 26th December 2019
Head_on_a_Stick's Avatar
Head_on_a_Stick Head_on_a_Stick is offline
Real Name: Matthew
Bitchy Nerd Elitist
 
Join Date: Dec 2015
Location: London
Posts: 476
Default

For security use www/chromium, for privacy use www/lynx
__________________
Destruam et ædificabo
Reply With Quote
  #3   (View Single Post)  
Old 26th December 2019
shep shep is offline
Real Name: Scott
Arp Constable
 
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,516
Default

There is also www/iridium which is an ungoogled chromium. Some of chromium's security comes from reporting your browsing habits to Google. Unfortunately Google does more with that information than warn you about malicious web sites.
Iridium actively searches for code that contacts Google and disables it.

Presently there is a newer release available in -current that has not been back-ported to 6.6stable.
Reply With Quote
  #4   (View Single Post)  
Old 26th December 2019
stanl stanl is offline
Real Name: Stan
Package Pilot
 
Join Date: Jun 2019
Location: New York
Posts: 163
Default

Thanks to both of you for the information. I'll look into iridium.
Reply With Quote
  #5   (View Single Post)  
Old 27th December 2019
Prevet Prevet is offline
Shell Scout
 
Join Date: Oct 2017
Posts: 84
Default

Quote:
Originally Posted by stanl View Post
Froma security/privacy point of view, which does OpenBSD consider a better choice?

Thanks
For privacy: I use tor-browser for general surfing. For security: When I want to log in to a website or buy something, I use Chromium or Iridium if its updated.

Unfortunately tor-browser isn't available on OpenBSD at the moment, so if you want to use it you will have to use another OS. Tails is easy to put on pen drive so there is that.
Reply With Quote
  #6   (View Single Post)  
Old 27th December 2019
ibara ibara is offline
OpenBSD language porter
 
Join Date: Jan 2014
Posts: 783
Default

The tor-browser bundle just needs updating; all the infrastructure is there.
Reply With Quote
  #7   (View Single Post)  
Old 29th December 2019
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

In fact, it's not so easy.

- Chromium is the first delivered with pledge and unveil. OK, good point.
- But, the team works hard to build Firefox with both securities. (Complete for 6.7)?
- And, the new libfido, on -current (perhaps, for 6.7), run with only Firefox. (FIDO: to support 2FA)
- Google has rejected request for patch fido, with tags "WontFix" and "this plateform is not supported"!

Boo, for Google, and Chrome! And, up for FF…

Now, Tor-Browser is available as package: v8.0.9 on stable 6.6
Reply With Quote
  #8   (View Single Post)  
Old 31st December 2019
acampbell acampbell is offline
Real Name: Anthony Campbell
Shell Scout
 
Join Date: Sep 2014
Location: London, UK
Posts: 138
Default

Pledge and unveil in Firefox are a mixed blessing for me. I can't access any local files, including those in ~/Downloads and /tmp which are supposed to be available. Putting the unveil config files in /etc/firefox makes no difference.
Reply With Quote
  #9   (View Single Post)  
Old 31st December 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 8,025
Default

Are your $HOME/Downloads and /tmp directories symlinks? If so, that is why they are failing for you.
Reply With Quote
Old 4th January 2020
jak3b jak3b is offline
New User
 
Join Date: Nov 2017
Posts: 9
Default

Ive found Firefox-71 unuseable. I use Firefox-esr. but lately Ive been using Chromium more. Its really snappy these days.
Reply With Quote
Old 4th January 2020
acampbell acampbell is offline
Real Name: Anthony Campbell
Shell Scout
 
Join Date: Sep 2014
Location: London, UK
Posts: 138
Default

Quote:
Originally Posted by jggimi View Post
Are your $HOME/Downloads and /tmp directories symlinks? If so, that is why they are failing for you.
No, neither of these is a symlink.

Incidentally Chrome does provide access to these directories but it has its own problems, notably I can't increase the size of the (tiny) toolbar font.
Reply With Quote
Old 4th January 2020
gustaf gustaf is offline
Fdisk Soldier
 
Join Date: Dec 2016
Posts: 69
Default

I'm having the same problem with file access as acampbell (see post #8, above). I've started a new thread to address this issue.

Last edited by gustaf; 4th January 2020 at 09:28 AM. Reason: clarity
Reply With Quote
Old 4th January 2020
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 408
Default

Chromium for me, until it crashes and don't wanna relaunch.
Then, Firefox
__________________
ThinkPad W500 P8700 6GB HD3650 - faultry
ThinkStation P700 2x2695v3 32GB 1050ti 3xSSD 1xHDD
Reply With Quote
Old 4th January 2020
newtowndaemon's Avatar
newtowndaemon newtowndaemon is offline
New User
 
Join Date: Nov 2017
Posts: 3
Default

Both for me. Also lynx for those times when all I've got is a text console. It's the usual problem: some sites won't render properly in firefox but do in chromium and vice versa.

For the most part, I find the browser wars pretty much an OK thing these days as the browsers are cross-platform and open source. I can remember a time in the browser wars when sites would only work properly on the Windows version of IE (ie and not the Mac version of IE) so having choice and the opportunity to run 2 different browsers is OK with me.

I suppose you do need to weigh in how much you worry about the Google tracking. I've heard others say they can block Chromium phoning home completely but I've never seen any evidence of that. Iridium is probably the only way but lags behind Chromium with security updates etc. Last I checked it was some weeks but if it got down to a couple of days then it might be worth a spin.

Simon
Reply With Quote
Old 5th January 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

FYI: The patch to Chromium for libfido is upstream on current!

Quote:
Fixes: https://bugs.chromium.org/p/chromium...tail?id=451248

Uses /dev/fido via libfido2 bundled with the system. Due to an
abstraction level mismatch only the discovery phase is done via
libfido2.

The port was verified to work with demo.yubico.com, google.com,
github.com on amd64 6.6-current. 4 different devices from Yubico
and a couple other manufacturers work fine.

Known limitations:
* the u2f device needs to be plugged into the USB port before
starting authentication as the devices aren't discovered dynamically;
* kernel crashes are possible without patching a problem showing up
in filt_uhidrdetach https://marc.info/?l=openbsd-tech&m=157812352913919
Reply With Quote
Old 18th January 2020
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 632
Default

I think one of the most important thing is decent anti-tracker and ad-blocker such as uBlock Origin (general purpse content blocker). Unfortunately Chrome (with exception for enterprise customers) and Chromium will remove Web Request API which is required for this.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 18th January 2020
CiotBSD CiotBSD is offline
c107:b5d::
 
Join Date: Jun 2019
Location: Under /
Posts: 175
Default

or, better : one liste managed by un(bou|wi)nd which handles all network requests and not just the web browser.
Because, just on the web browser, just gives you the illusion of being "protected", when only requests from the web browser are "filtered"... not all others network requests.
Reply With Quote
Old 19th January 2020
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 632
Default

Quote:
Originally Posted by CiotBSD View Post
or, better : one liste managed by un(bou|wi)nd which handles all network requests and not just the web browser.
Because, just on the web browser, just gives you the illusion of being "protected", when only requests from the web browser are "filtered"... not all others network requests.
It depends whether other programs in the system or system itself tracks you or shows ads.
Browser extension also allows for the most fine-grained filtering. Some domain may host both tracking script and content you want to see. There may be page which you want to support by turning off ad-blocker or be forced to disable it by anti-ad-blocking measures.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 3rd August 2021
bradley bradley is offline
Fdisk Soldier
 
Join Date: Jul 2020
Posts: 53
Default

Quote:
Originally Posted by newtowndaemon View Post
I suppose you do need to weigh in how much you worry about the Google tracking. I've heard others say they can block Chromium phoning home completely but I've never seen any evidence of that.
Simon
How?

Well, that's a short question but others mentioned uBlock Origin in the thread - it's possible to block connections via this extension but it will NOT block the connections to evil G (meaning the connections by the browser to the mothership).

This is why I'm wondering what might be the best way to block the browser's connections (if someone knows which IPs to block). One way is using the hosts file (but this will not work for me because of the setup here). The other way might be via firewall I suppose. Or maybe using a proxy, which makes it possible to block certain connections.
Reply With Quote
Old 4th August 2021
IdOp's Avatar
IdOp IdOp is offline
Too dumb for a smartphone
 
Join Date: May 2008
Location: twisting on the daemon's fork(2)
Posts: 1,027
Default

I can't say about best, but one other approach is to use a DNS server that purposely tries not to resolve any google hosts properly. An example is DeCloudUs. I once tried their free DNScrypt server for a few days. It was OK but I didn't like being completely unable to use Google search, e.g., with lynx. So I stopped using it.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites amphibious News 6 20th April 2017 12:33 PM
Firefox/Chrome Core dumps shep OpenBSD Packages and Ports 8 21st August 2014 03:43 AM
wine installing firefox, chrome maxrussell General software and network 3 7th December 2009 03:32 AM
Google Chrome browser drhowarddrfine General software and network 63 15th September 2008 11:09 PM
Upgrading firefox to firefox 3 -keeping plugins+bookmarks kasse FreeBSD Ports and Packages 11 5th July 2008 01:34 PM


All times are GMT. The time now is 02:54 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick