[tor-talk] TBB / TorButton - kill flashcookies

proper at tormail.net proper at tormail.net
Thu Jan 19 20:11:08 UTC 2012


By default in TBB (Tor Browser Bundle):
- noscript active, no scripts allowed
- no plugins activated

Even if advised against, users might install and use flash anyway. A quick
research told me there are three possible ways to cloak the users IP while
using flash.
- if flash had proxy settings (no research on that)
- transparent proxy
(https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy)
- turning off plugin container in firefox (I read, flash won't get get
it's own process and would therefore use same settings as firefox. Source
http://wiki.kairaven.de/open/app/firefox (in German, search for 'flash') I
have not verified this information.)

Personally, I wouldn't use any of these methods. Even if IP would be still
cloaked flash is still closed source and had in past way to many security
holes.

The problem with flashcookies is that users can be tracked even after they
deleted all their cookies using the firefox built in cleaner.

Anyway, I'd to hear if it would make sense to kill flashcookies with TBB
or TorButton. This could be implemented either by using one of the
existing firefox addons (such as BetterPrivacy) or by adding this feature
into TorButton.



More information about the tor-talk mailing list