[tor-talk] Adobe Flash
krishna e bera
keb at cyblings.on.ca
Sat May 19 22:12:25 UTC 2012
On Sat, May 19, 2012 at 03:00:19PM -0700, Mike Perry wrote:
> Thus spake Joe Btfsplk (joebtfsplk at gmx.com):
> > Re: Flash LSO cookies in Windows. The Dec 28, 2011 design document
> > mentions,
> > >Flash cookies...
> > >*...Implementation Status:* We are currently having difficulties
> > ><https://trac.torproject.org/projects/tor/ticket/3974> causing
> > >Flash player to use this settings file on Windows, so Flash
> > >remains difficult to enable.
> > >
> > If you can't get Flash to use a settings file - for now - maybe next
> > best thing is education. I'm thinking there should be a prominent
> > file in TBB, containing a number of IMPORTANT changes that users
> > should make; name it something like "you better make these changes
> > or you may die.html," that opens w/ a new browser install. The
> > storage settings for Flash are fairly straight forward, w/ a little
> > explanation, even though users must go to Adobe's site to change
> > them (tricky, huh?). Even I could write / "borrow" instructions on
> > how to change settings in Windows Flash manager, for better privacy.
> > Cookies & disk storage can be prevented totally, but if you del the
> > "settings" cookie, all Flash settings revert to default.
> Well, that's also not the only issue with Flash. Flash has tons of
> fingerprinting and proxybypass issues hidden in its binary blob. We
> really need a full sandboxing technology to make it safe to uniformly
> I think Steve Jobs was right on this one. Flash needs to be replaced
> with open technologies.
does Gnash (Gnu Flash player) obey the proxy settings?
Has its code been audited or its behavior monitored?
More information about the tor-talk