HTTP section - Privoxy install instructions about macos-security-and-privacy-guide HOT 11 CLOSED

Sourceforge is blocked by uBlock's default ruleset due to their recent badware policy, and the guide recommends uBlock, so it might be a bit contradictory to link to SF. Any alternative host for the installer?

from macos-security-and-privacy-guide.

Are you sure Homebrew leaves privoxy running as root? A quick test shows the launch agent is loaded and job is run as the primary user. This point was brought up in #38. Anyway, I'm glad to add instructions for a manual installation of privoxy as well.

Thank you

from macos-security-and-privacy-guide.

You're right, it runs as the installing user not root.

Still and all, my installer creates a non-privileged, non-interative user and group to run as, offering much better security isolation and audit; should that account be compromised the attacker has access to neither an end user account nor the UI. I figured since that was the driving aim of your guide that it'd be a worthwhile improvement to use the packaged installer instead of the Homebrew recipe.

It has the side benefit of course that I can offer better support to end users since I'm intimately familiar with the supported installation package.

I hope you'll consider these good reasons to update the guide.

Cheers,

Ian

On October 29, 2015 10:56:16 AM EDT, drduh [email protected] wrote:

Are you sure Homebrew leaves privoxy running as root? A quick test
shows the launch agent is loaded and job is run as the primary user.
This point was brought up in
#38.
Anyway, I'm glad to add instructions for a manual installation of
privoxy as well.

Thank you

---

Reply to this email directly or view it on GitHub:
#65 (comment)

from macos-security-and-privacy-guide.

Ha, ironic! How the mighty are fallen! I don't have an alternate location as yet; we have been considering a move to Github as it goes. I'll tell the other maintainers about uBlock's new rule and see if we can accelerate the process.

Thanks for the tip,

Ian

On October 29, 2015 11:30:44 AM EDT, Dominic Evans [email protected] wrote:

Sourceforge is blocked by uBlock's default ruleset due to their recent
badware
policy, and the guide recommends uBlock, so it might be a bit
contradictory to link to SF. Any alternative host for the installer?

---

Reply to this email directly or view it on GitHub:
#65 (comment)

from macos-security-and-privacy-guide.

Thank you for the suggestion, Ian. Let me know if you spot any other issues.

from macos-security-and-privacy-guide.

Hi again Dominic,

So there is now an alternative download URL for the official Privoxy OS
X installation packages. Please find them here:

http://silvester.org.uk/privoxy_installers/OSX/

Cheers,

Ian

On 2015-10-29 11:30, Dominic Evans wrote:

Sourceforge is blocked by uBlock's default ruleset due to their recent
badware https://duckduckgo.com/?q=sourceforge+installers+malware+mac
policy, and the guide recommends uBlock, so it might be a bit
contradictory to link to SF. Any alternative host for the installer?

—
Reply to this email directly or view it on GitHub
#65 (comment).

My PGP public key
http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc.

from macos-security-and-privacy-guide.

Hi once again!

I've now modified that URL to:

http://silvester.org.uk/privoxy/OSX/

Also, we're planning to start offering this as an official
non-Sourceforge mirror, so the official project page at www.privoxy.org
will shortly also point here, so you can point folks in this direction
with no worries ;o)

I do hope you decide to update your guide - like I say the supported
installer is a more secure option that Homebrew, and that's the guide's
aim after all!

Cheers,

Ian

On 2015-10-31 18:18, Ian Silvester wrote:

Hi again Dominic,

So there is now an alternative download URL for the official Privoxy
OS X installation packages. Please find them here:

http://silvester.org.uk/privoxy_installers/OSX/

Cheers,

Ian

On 2015-10-29 11:30, Dominic Evans wrote:

Sourceforge is blocked by uBlock's default ruleset due to their
recent badware
https://duckduckgo.com/?q=sourceforge+installers+malware+mac
policy, and the guide recommends uBlock, so it might be a bit
contradictory to link to SF. Any alternative host for the installer?

—
Reply to this email directly or view it on GitHub
#65 (comment).

My PGP public key
http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc.

My PGP public key
http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc.

from macos-security-and-privacy-guide.

Please have a look at the updated instructions at https://github.com/drduh/OS-X-Security-and-Privacy-Guide#http and let me know if there's any issues.

from macos-security-and-privacy-guide.

Hi Dominic,

Thanks for going ahead with the change, it's much appreciated. The only
alteration I'd suggest, for the sake of full disclosure, is to state
that the installation created by the signed package is more secure than
the Homebrew one and attracts full support from the Privoxy project.

Cheers,

Ian

On 2015-11-04 16:42, drduh wrote:

Please have a look at the updated instructions at
https://github.com/drduh/OS-X-Security-and-Privacy-Guide#http and let
me know if there's any issues.

—
Reply to this email directly or view it on GitHub
#65 (comment).

My PGP public key
http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc.

from macos-security-and-privacy-guide.

I'm not Dominic, but have gone ahead and made your suggested clarification.

from macos-security-and-privacy-guide.

Sorry! Didn't realise there were multiple folks involved on the project.
The clarification is perfect.

Thanks again,

Ian

On 2015-11-04 16:52, drduh wrote:

I'm not Dominic, but have gone ahead and made your suggested
clarification.

—
Reply to this email directly or view it on GitHub
#65 (comment).

My PGP public key
http://diem.serveftp.net:8080/IanSilvesterPGPPublicKey.asc.

from macos-security-and-privacy-guide.