[tor-commits] [tor-browser-spec/master] Describe our efforts against flash cookies.

mikeperry at torproject.org mikeperry at torproject.org
Mon Apr 28 15:18:47 UTC 2014

commit e0ba697476b6a8f8a67e72737a0e0fe23211c654
Author: Mike Perry <mikeperry-git at fscked.org>
Date:   Tue Oct 4 23:23:18 2011 -0700

    Describe our efforts against flash cookies.
 docs/design/design.xml |   20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/docs/design/design.xml b/docs/design/design.xml
index 244c9ab..2145751 100644
--- a/docs/design/design.xml
+++ b/docs/design/design.xml
@@ -912,6 +912,25 @@ origin, we entirely disable DOM storage as a stopgap to ensure unlinkability.
+    <listitem>Flash cookies
+     <para><command>Design Goal:</command>
+Users should be able to click-to-play flash objects from trusted sites. To
+make this behavior unlinkable, we wish to include a settings file for all platforms that disables flash
+cookies using the <ulink
+settings manager</ulink>.
+     </para>
+     <para><command>Implementation Status:</command>
+We are currently <ulink
+difficulties</ulink> causing Flash player to use this settings
+file on Windows.
+     </para>
+    </listitem>
     <listitem>TLS session resumption and HTTP Keep-Alive
 TLS session resumption and HTTP Keep-Alive MUST NOT allow third party origins
@@ -932,7 +951,6 @@ disable</ulink> TLS session resumption, and limit HTTP Keep-alive duration.
     <listitem>User confirmation for cross-origin redirects
     <para><command>Design Goal:</command>

More information about the tor-commits mailing list