I was at this other place and an administrator had given the following warning:
?There's obviously a very serious security hole in all versions of Opera browser. In spite of safe browser settings it's possible for a trap site to circumvent any proxy. The real IP address of the user will be revealed just by visiting a web site. The local name check of hostnames still fails and establishes a direct connection to arbitrary IP addresses when accessing a forged URL. Applied to a prepared web page it'll effectively circumvent a proxy and reveal the real IP address of the user. The URL of a web page doesn't have to be forged. It's sufficient for the webmaster to insert web bugs with forged URLs. Opera will load them automatically in the background. For people who rely on anonymity this is absolutely unacceptable. A hot fix surfaced on some sites. When "Use proxy for local servers" in "Tools-Preferences-Advanced-Network-Proxy Servers" is checked most probably the security hole will be closed, but even with this ?hot-fix?, it's unclear if Opera actually behaves correctly under any circumstances.?
The administrator who supplied this info recommended the primitive OffByOne Browser (that, as far as I can tell, is not able to disable Java, Java Script, and other plug-ins), the obsolete Netscape Browser, and Firefox ? as alternatives. I could use Firefox with a Proxy + NoScript, but I would much prefer using Firefox as my everyday browser. So I just downloaded the Avant Browser, configured it with a proxy, and disabled Java, Java Script, Etc. I am now using Avant as my anonymous browser ? but I don?t actually know if it doesn?t, perhaps, have the same security hole as Opera. (Assuming this statement about Opera is true or even makes sense!)
How could a browser connect to anything directly after it has been configured to connect to the internet through a proxy (With no Java Script or other plug-ins to throw things off)? (I always had "Use proxy for local servers" selected in Opera. It makes sense to me that having this selected would make Opera safe.) When he says ?The local name check of hostnames still fails and [Opera] establishes a direct connection to arbitrary IP addresses when accessing a forged URL.? - he is talking over my head. That is over my head so I hope that someone here understands this terminology and would be in a position to evaluate this person?s statement. I, personally, don?t see how ANY browser could POSSIBLY check ALL hostnames [to determine if it?s a forged URL] because no browser could possibly have all the info necessary to RELIABLY make this sort of determination.
I just found out that I can hook up CometBird (a browser based upon Firefox) to a proxy and use NoScript with it, but I can?t back-up bookmarks like I can with Avant. So I am now not too sure what to do.
Will someone please shed some light on this situation?
Note: Avant does some things that Opera doesn?t, so I would rather stick with Avant unless I find out I should use CometBird/NoScript as my anonymous browser instead.
