Thus spake krishna e bera (keb@xxxxxxxxxxxxxx): > > > If you can't get Flash to use a settings file - for now - maybe next > > > best thing is education. I'm thinking there should be a prominent > > > file in TBB, containing a number of IMPORTANT changes that users > > > should make; name it something like "you better make these changes > > > or you may die.html," that opens w/ a new browser install. The > > > storage settings for Flash are fairly straight forward, w/ a little > > > explanation, even though users must go to Adobe's site to change > > > them (tricky, huh?). Even I could write / "borrow" instructions on > > > how to change settings in Windows Flash manager, for better privacy. > > > Cookies & disk storage can be prevented totally, but if you del the > > > "settings" cookie, all Flash settings revert to default. > > > > Well, that's also not the only issue with Flash. Flash has tons of > > fingerprinting and proxybypass issues hidden in its binary blob. We > > really need a full sandboxing technology to make it safe to uniformly > > enable. > > > > I think Steve Jobs was right on this one. Flash needs to be replaced > > with open technologies. > > Agreed but > does Gnash (Gnu Flash player) obey the proxy settings? > Has its code been audited or its behavior monitored? Gnash is not a fully open replacement; it's a reimplementation of a proprietary technology. It will always be subject to keeping up with the whims of Adobe (who has a vested interested in ensuring that its own proprietary media server works best with its own proprietary client software). This means on at least some level, Adobe has an interest in actively sabotaging projects like Gnash. Moreover, the Gnash effort has slowed tremendously in recent years. Developer-wise, the project hangs on by a thread. Can it even play major video sites (like Youtube and Hulu) reliably these days? Admittedly, we're in a similar position with Mozilla (which is one of the reasons I prefer them over Google for a fork base). However, because Firefox is fully open source, our job is much easier. I may have a hard time keeping up with bugs, but I pretty much *can* do it by myself at the moment, so long as we're able to accept a significant lag time on rather serious issues being fixed, and able to accept that almost nothing other than violations of our privacy and security requirements will *ever* get fixed. Sadly, this will lead to a shitty user experience with the browser, due to most of that being "normal" level bugs, but at least it will be a phenomenally better experience than one with JS, cache, fonts, and image rendering disabled. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk