[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Adobe Flash

On Sat, May 19, 2012 at 03:00:19PM -0700, Mike Perry wrote:
> Thus spake Joe Btfsplk (joebtfsplk@xxxxxxx):
> > Re:  Flash LSO cookies in Windows.  The Dec 28, 2011 design document
> > mentions,
> > >Flash cookies...
> >
> > >*...Implementation Status:* We are currently having difficulties
> > ><https://trac.torproject.org/projects/tor/ticket/3974> causing
> > >Flash player to use this settings file on Windows, so Flash
> > >remains difficult to enable.
> > >
> > If you can't get Flash to use a settings file - for now - maybe next
> > best thing is education.  I'm thinking there should be a prominent
> > file in TBB, containing a number of IMPORTANT changes that users
> > should make; name it something like "you better make these changes
> > or you may die.html," that opens w/ a new browser install.  The
> > storage settings for Flash are fairly straight forward, w/ a little
> > explanation, even though users must go to Adobe's site to change
> > them (tricky, huh?).  Even I could write / "borrow" instructions on
> > how to change settings in Windows Flash manager, for better privacy.
> > Cookies & disk storage can be prevented totally, but if you del the
> > "settings" cookie, all Flash settings revert to default.
> Well, that's also not the only issue with Flash. Flash has tons of
> fingerprinting and proxybypass issues hidden in its binary blob. We
> really need a full sandboxing technology to make it safe to uniformly
> enable.
> I think Steve Jobs was right on this one. Flash needs to be replaced
> with open technologies. 

Agreed but
does Gnash (Gnu Flash player) obey the proxy settings?
Has its code been audited or its behavior monitored?

tor-talk mailing list