By default in TBB (Tor Browser Bundle): - noscript active, no scripts allowed - no plugins activated
Even if advised against, users might install and use flash anyway. A quick research told me there are three possible ways to cloak the users IP while using flash. - if flash had proxy settings (no research on that) - transparent proxy (https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) - turning off plugin container in firefox (I read, flash won't get get it's own process and would therefore use same settings as firefox. Source http://wiki.kairaven.de/open/app/firefox (in German, search for 'flash') I have not verified this information.) Personally, I wouldn't use any of these methods. Even if IP would be still cloaked flash is still closed source and had in past way to many security holes. The problem with flashcookies is that users can be tracked even after they deleted all their cookies using the firefox built in cleaner. Anyway, I'd to hear if it would make sense to kill flashcookies with TBB or TorButton. This could be implemented either by using one of the existing firefox addons (such as BetterPrivacy) or by adding this feature into TorButton. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
