[tor-commits] [tor-browser-spec/master] Describe our efforts against flash cookies.

[mikeperry at torproject.org]

commit e0ba697476b6a8f8a67e72737a0e0fe23211c654
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Tue Oct 4 23:23:18 2011 -0700

    Describe our efforts against flash cookies.
---
 docs/design/design.xml |   20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/docs/design/design.xml b/docs/design/design.xml
index 244c9ab..2145751 100644
--- a/docs/design/design.xml
+++ b/docs/design/design.xml
@@ -912,6 +912,25 @@ origin, we entirely disable DOM storage as a stopgap to ensure unlinkability.
 
      </para>
      </listitem>
+    <listitem>Flash cookies
+     <para><command>Design Goal:</command>
+
+Users should be able to click-to-play flash objects from trusted sites. To
+make this behavior unlinkable, we wish to include a settings file for all platforms that disables flash
+cookies using the <ulink
+url="http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html">Flash
+settings manager</ulink>.
+
+     </para>
+     <para><command>Implementation Status:</command>
+
+We are currently <ulink
+url="https://trac.torproject.org/projects/tor/ticket/3974">having
+difficulties</ulink> causing Flash player to use this settings
+file on Windows.
+
+     </para>
+    </listitem>
     <listitem>TLS session resumption and HTTP Keep-Alive
      <para>
 TLS session resumption and HTTP Keep-Alive MUST NOT allow third party origins
@@ -932,7 +951,6 @@ disable</ulink> TLS session resumption, and limit HTTP Keep-alive duration.
 
      </para>
     </listitem>
-
     <listitem>User confirmation for cross-origin redirects
     <para><command>Design Goal:</command>