[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Adobe Flash

Thus spake krishna e bera (keb@xxxxxxxxxxxxxx):

> > > If you can't get Flash to use a settings file - for now - maybe next
> > > best thing is education.  I'm thinking there should be a prominent
> > > file in TBB, containing a number of IMPORTANT changes that users
> > > should make; name it something like "you better make these changes
> > > or you may die.html," that opens w/ a new browser install.  The
> > > storage settings for Flash are fairly straight forward, w/ a little
> > > explanation, even though users must go to Adobe's site to change
> > > them (tricky, huh?).  Even I could write / "borrow" instructions on
> > > how to change settings in Windows Flash manager, for better privacy.
> > > Cookies & disk storage can be prevented totally, but if you del the
> > > "settings" cookie, all Flash settings revert to default.
> > 
> > Well, that's also not the only issue with Flash. Flash has tons of
> > fingerprinting and proxybypass issues hidden in its binary blob. We
> > really need a full sandboxing technology to make it safe to uniformly
> > enable.
> > 
> > I think Steve Jobs was right on this one. Flash needs to be replaced
> > with open technologies. 
> Agreed but
> does Gnash (Gnu Flash player) obey the proxy settings?
> Has its code been audited or its behavior monitored?

Gnash is not a fully open replacement; it's a reimplementation of a
proprietary technology. It will always be subject to keeping up with the
whims of Adobe (who has a vested interested in ensuring that its own
proprietary media server works best with its own proprietary client
software). This means on at least some level, Adobe has an interest in
actively sabotaging projects like Gnash.

Moreover, the Gnash effort has slowed tremendously in recent years.
Developer-wise, the project hangs on by a thread. Can it even play major
video sites (like Youtube and Hulu) reliably these days?

Admittedly, we're in a similar position with Mozilla (which is one of
the reasons I prefer them over Google for a fork base). However, because
Firefox is fully open source, our job is much easier. I may have a hard
time keeping up with bugs, but I pretty much *can* do it by myself at
the moment, so long as we're able to accept a significant lag time on
rather serious issues being fixed, and able to accept that almost
nothing other than violations of our privacy and security requirements
will *ever* get fixed.

Sadly, this will lead to a shitty user experience with the browser, due
to most of that being "normal" level bugs, but at least it will be a
phenomenally better experience than one with JS, cache, fonts, and image
rendering disabled.

Mike Perry

Attachment: signature.asc
Description: Digital signature

tor-talk mailing list