[PrivacyBadger] How should Privacy Badger deal with Flash supercookies?

Jonathan Mayer jmayer at stanford.edu
Tue Jul 29 12:48:45 PDT 2014


WebKit forces third-party Flash content to run in private browsing mode. I think that’s a pretty elegant solution, if it’s feasible from extension-land.  

https://bugs.webkit.org/show_bug.cgi?id=94888


On Tuesday, July 29, 2014 at 12:37 PM, Peter Eckersley wrote:

> r33lmm has offered to give us some advice/assistance in handling Flash in
> privacy badger, which is really about handling Flash LSO cookies.
>  
> Flash LSOs are going to be a bit tricky for us to detect and (when
> yellowlisted) block or 3rd-party-block in Privacy Badger, and especially
> Privacy Badger for Chrome. In Firefox we have extra browser API options,
> and the option of walking into the filesystem and messing with the Flash
> config file or the Flash cookies on disk, but even there LSOs will be
> tricky.
>  
> One strategy would be to inject a content script which runs some flash
> into every page, that goes in messes with LSOs in some clever way. But
> that seems horrible, and only worth considering if we can make our Flash
> run if and only if the page has some Flash of its own that's about to
> execute.
>  
> Another strategy would be to forcibly set click-to-play for Flash, which
> is sort of ducking the question but might be ok.
>  
> --  
> Peter Eckersley pde at eff.org (mailto:pde at eff.org)
> Technology Projects Director Tel +1 415 436 9333 x131
> Electronic Frontier Foundation Fax +1 415 436 9993
> _______________________________________________
> PrivacyBadger mailing list
> PrivacyBadger at eff.org (mailto:PrivacyBadger at eff.org)
> https://lists.eff.org/mailman/listinfo/privacybadger
>  
>  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/privacybadger/attachments/20140729/4b254b7e/attachment.html>


More information about the PrivacyBadger mailing list