On 7/24/22 09:23, Anonymous wrote:
> Hiya, thanks for posting this.
>
> I downloaded the deb package and installed on a vm, here comes a quick
> feedback:
>
> -the app depends on gtk2.0, current version 4.0, methinks this should be
> fixed
> -however, the installation also finished with the current version of gtk
> -the gui is nice imo, easy handling
> -connection to an external tor instance did not work out of the box,
> maybe I did something wrong
> -at the moment I don't trust the app enough to let it handle the tor
> connections itself
>
> All in all, it seems to me like a nicer version of torchat, I will play
> more with that in the future.

I never trust ANY application that can connect to the network. I won't
even trust the applications distributed in Linux repositories.

You can sandbox any app with firejail, or run it in a container, or set
up KVM, or run it with Debian jailkit. I use these solutions depending
on what the application does.

Another thing I do is disable all clipboard access for almost
everything. This is especially important if you use a password manager
that copies to the clipboard. In jails it is best to have no clipboard
access and type the password manually for remote services.

You can run different configurations of a web browser in different jails
and containers.

Never trust anything! Package maintainers do not have time to vet every
line of code, and that is if you trust your package maintainer!

DarkMX is worthy of use if sandboxed. It does have a helluva slick UI.

--

Trust then Verify