Avyd said:Is the bird encrypted lol?
It's just IP, if you encrypt your payloads with IPSec, yes. You will however need to trust the remote party with a pre-shared key, or trust that they protect their certificate if you use certificate based auth.
re: Konqueror, my bad. However, apple did contribute to KHTML before they forked it into webkit if I recall correctly.
Do you trust Trolltech? They wrote QT and KDE (thus, Konqueror) uses QT.
Avyd said:Proof-of-concepts and the percent of occurrences are different. Chance for that is low and even after escaping the VM, with right priveleges set what can an automated software do? And what's more you can have extra security with hardening like grsecurity or similiar (on FreeBSD there should be an alternative).
Depending on how paranoid you are - proving an occurrence may be extremely difficult if your hardware lies to you. If your CPU microcode is subverted (and it is far more "closed" than FreeBSD), all bets are off. I would argue that the chances of FreeBSD being tainted by Apple are "low" but in your book it is cause for concern. VM escape is of similar level of risk, if not more so, in my opinion. People have actually demonstrated exploits for it in the past - no one has demonstrated that FreeBSD is compromised yet. If I was the NSA, I'd be getting Intel and AMD on board to subvert the CPU, and I'm sure the NSA has far more devious people than me on board who are paid in full-time employment to think up ways to do this sort of thing.
My machine adapter, my router, my firewall..etc - I don't think all of them would hide connections. Chances for that are low. Combining devices/software helps.
Don't think? Why not? You can't be sure. If you're paranoid enough to not trust open source software because Apple has contributed (even though the source is available for you to analyze and compile yourself), then I don't think you're being sufficiently paranoid enough (i.e., paranoid to the same level) here.
Why would I use IPSec? Mostly companies use that. Home hosts, private servers, company server..etc are different in many ways and shouldn't be treated the same way
You'd use IPSec so that only the intended party can see the contents of your packets. Otherwise, you can take all the precautions you like on your own computer and your own network, but as soon as the packets hit the internet, they can be intercepted and analyzed.
All that said - this level of paranoia is just not something you can mitigate. What you CAN do is to run open source software, encrypt your data, don't trust any sort of "encryption" where you didn't personally generate and hold the private key(s) and consider what you expose to the internet. Beyond that, unfortunately it's simply too hard.