[tor-talk] Help with Tor and Flash Player plugin struggle

[Matt Joyce]

On 12/10/12 18:43, Kamtarin Sorood wrote:
> Yes , you are right , But in some cases the anonymity is not the main goal
> of using tor.
> For exam. in my country Youtube is filtered and i use Tor to overcome and
> bypassing filtering system only.
> Furthermore the important issue of using Flash player and proxifiers
> concurrently is a vulnerability
> known as "DNS leakage" . The configuration file of TBB has been modified to
> prevent this issue.
> You can modify related configuration in normal FireFox installed on your
> system manually.
> For this open a new tab and type a local url about:config ,Accept the
> FireFox warning and next
> type remote in search bar.Some lines included "remote" keyword will appear.
> Select the line which says : "network.proxy.socks_remote_dns" ,default
> value for this variable is False
> double click on it and change the value to "True".
>  From now all DNS requests will be passed through Tor and not directly.
> Although you should be aware about some programs like GoogleTalk and other
> messengers
> which are tending to obtain ip using DNS lookup directly.
>
>
>
> On Fri, Oct 12, 2012 at 3:58 AM, Joe Btfsplk <joebtfsplk at gmx.com> wrote:
>
>> On 10/11/2012 3:07 PM, Kamtarin Sorood wrote:
>>
>>> *
>>>
>>> Hello
>>> I don't know what is the reason for your insistence on using FireFox
>>> bundled into Tor browser package
>>> while privacy and maximum security is not the case.
>>> After lunching bundled FireFox and showing welcome screen you can minimize
>>> that
>>> and lunch your normal FireFox then set its Socks section of proxy settings
>>> to
>>> 127.0.0.1 port 9050 and see and play all restricted medias such as flash
>>> videos.
>>> This is my shortest and easiest method to resolve that problem
>>>
>>> *
>>>
>>> On Fri, Oct 5, 2012 at 7:30 AM, k e bera <keb at cyblings.on.ca> wrote:
>>>
>>>   On Thu, 4 Oct 2012 16:37:00 -0700
>>>> numetro <numetro at live.com> wrote:
>>>>
>>>>   I've now tried everything and I cannot get ANY Flash content to play in
>>>>> this Tor-Firefox ESR web browser, even though I've tried installing the
>>>>> Flash player plugin that this browser asks for when I'm on a YouTube
>>>>> page (and even though this computer already had a current Flash Player
>>>>> plugin installed previously).
>>>>>
>>>>> Let me make it clear that privacy is not important to me _/*right now*/_
>>>>> during this quest to make the Flash Player plugin work with this Tor
>>>>> browser... I can reset any settings for maximum privacy later when I go
>>>>> back to that purpose for using Tor... right now, I'm just trying to make
>>>>> the Tor browser play Flash content.
>>>>>
>>>> i have gotten Flash content to play on Youtube with the Gnash player
>>>> plugin (using RequestPolicy to restrict who gets to see my requests) but
>>>> it
>>>> is necessary to enable plugins and 3rd party cookies for the session.
>>>>   even
>>>> then it doesnt work for all videos.  you can bypass Flash on Youtube if
>>>> you
>>>> enable HTML5 enabled or manually add &webm=1 to the url, but it doesnt
>>>> work
>>>> for all videos especially for those that interact with doubleclick.net(i
>>>> wouldnt be sad if someone nuked those parasites).
>>>>
>>>>   So even though I've /*UNCHECKED*/ the /*Torbutton>Preferences>**
>>>>> Security
>>>>> Settings>Disable plugin during Tor usage*/ box, and I installed a new
>>>>> Flash player plugin /*THROUGH*/ this browser, and I even set it to allow
>>>>> all scripts because I thought maybe that was complicating things, /*IT
>>>>> STILL WILL NOT PLAY FLASH CONTENT OF ANY TYPE*/.
>>>>>
>>>>> /*Now, this, explained below, could be part of the problem that I'd like
>>>>> to ask for your help with...*/
>>>>>
>>>>> If I go to the Tor Browser folder on my hard drive at /*C:>Tor
>>>>> Browser>FirefoxPortable>Data>**plugins*/ there are NO Flash plugin
>>>>> files
>>>>> that show up in that folder even after I install a new Flash Player
>>>>> plugin THROUGH this browser... I believe that is why it will not play
>>>>> Flash content.
>>>>>
>>>>   Yes, you CAN run unmodified Fx & the Tor proxy, but NO, it won't have
>> the settings & modifications of TBB, that provide extra anonymity.  TBB is
>> modified & Flash content (Flash Player) disabled for a reason.  It can leak
>> your identity or make it easier to identify you.  If you don't care so much
>> about that, maybe Tor isn't needed at all.
>>
>> Don't know if there are apps / addons that allow d/l a flash video to
>> disk, w/o playing the video - at same time capturing it.  Even if, extra
>> apps / addons can present anonymity problems.  NoScript also blocks Flash,
>> by default - for a reason.
>> The purpose of TBB isn't really to watch flash vids anonymously.
>>
>> ______________________________**_________________
>> tor-talk mailing list
>> tor-talk at lists.torproject.org
>> https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talk<https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
>>
> _______________________________________________
> tor-talk mailing list
> tor-talk at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Were I setting it up for everything to use tor and as such planning for 
no direct DNS requests from my system I personally would be inclined to 
firewall all outgoing traffic to any address TCP & UDP to port 53 note 
that even doing such as configuring the DNS server settings in network 
settings is not always enough to guarantee some program wont attempt a 
resolution itself.  While many client applications do rely on having a 
DNS forwarder and would promptly just fail without one if there is 
software with full resolver capability it can always go for the fallback 
of a traversal from .

Another option is to use tor as your DNS forwarder in your network 
settings which would make sure that any application relying on the OS to 
provide that information used tor for DNS.  If I understand the manual 
correctly this is possible by setting the options DNSPort and 
DNSListenAddress using the standard port 53 listening on 127.0.0.1 would 
probably be about easiest to configure, then it would just be a matter 
of changing your network properties to use the same, usually this is 
possible while still having IP addresses etc come from DHCP.

Only issue you might have with doing that is that DNS timeouts are 
typically pretty short, I could see it being likely that for uncached 
addresses you might get a DNS fail first try though a reload a second or 
two later should work.

Of course firewalling off other traffic going out to 53 still wouldn't 
be a bad idea in case some application has other ideas about where to 
resolve names.