[PrivacyBadger] How should Privacy Badger deal with Flash supercookies?

[Peter Eckersley]

r33lmm has offered to give us some advice/assistance in handling Flash in
privacy badger, which is really about handling Flash LSO cookies.

Flash LSOs are going to be a bit tricky for us to detect and (when
yellowlisted) block or 3rd-party-block in Privacy Badger, and especially
Privacy Badger for Chrome.  In Firefox we have extra browser API options,
and the option of walking into the filesystem and messing with the Flash
config file or the Flash cookies on disk, but even there LSOs will be
tricky.

One strategy would be to inject a content script which runs some flash
into every page, that goes in messes with LSOs in some clever way.  But
that seems horrible, and only worth considering if we can make our Flash
run if and only if the page has some Flash of its own that's about to
execute.

Another strategy would be to forcibly set click-to-play for Flash, which
is sort of ducking the question but might be ok.

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993