Re: Supercookies

[Eugen Leitl <eugen@xxxxxxxxx>]

On Thu, Aug 20, 2009 at 09:54:59AM -0400, Praedor Atrebates wrote:

> No need to go extreme and lose most functionality by going 10000% free/open software.  

The issue is security only. Some features are intrinsically exploitable, and
it matters little how it's implemented.

> You simply lose a lot of nice, desireable web functionality if you do.  At the end 

When I use Tor, I have all shields up anyway. I don't want any "nice, desireable
web functionality" swiss cheese, thank you very much. When I see web designers 
braindead enough to require JavaScript and/or Flash to render the site I'd rather have
to make the final decision whether I trust them enough to let them run
their code on my system. 

> of the above article is a quick write about Gnash, the open/free flashplayer (though 
> lacking a lot of functionality/compatibility) and how it handles flash cookies.

I think if you use flash with Tor you should be using a hardened virtual appliance.
Preferrably, reverting to a clean snapshot thereof when you're done.

-- 
Eugen* Leitl <a href="http://leitl.org";>leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE