[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10280 [Firefox Patch Issues]: Torbrowser shouldn't load flash into the process space by default
#10280: Torbrowser shouldn't load flash into the process space by default
--------------------------------------+-----------------
Reporter: mikeperry | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Firefox Patch Issues | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------------------+-----------------
Comment (by mikeperry):
First, remember that TBB pulls in a *lot* of code from all over your
system. It is dependent on a ton of libraries, display manager code, and
interacts with other apps on your desktop all the time through X11 event
monitoring and other mechanisms.
Further, at the end of the day, I want the default experience to be
maximally usable, but of course not at the expense of any known proxy
bypass or deanonymization issues.. If there was a solid, known security
reason not to load Flash, I would be more convinced that it was worth
impeding UX. But the Firefox plugin blocker has shown no signs of being
incomplete, nor has flash shown any signs of being malicious in its
interaction with the Firefox address space.
*However*, it does sound like we're getting closer to a situation where we
can have both decent UX and satisfy this request. If we can touch up this
patch a bit to also add a button in the Addons->Plugins UI such that users
can enable plugins by clicking on that button (in addition to via the
Torbutton settings), this does seem like a reasonable user experience,
especially since it would appear to no longer require restarting the
browser to load+enable Flash (which was a key aspect of my initial
opposition).
The other thing we can (perhaps also?) do is make this part of one of the
positions on the security slider from #9837.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10280#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs