[PrivacyBadger] How should Privacy Badger deal with Flash supercookies?

Peter Eckersley pde at eff.org
Tue Jul 29 13:49:06 PDT 2014


Looks like that patch was possibly pulled out of blink, though:

https://chromium.googlesource.com/chromium/blink/+/8f5ad6de796d108bf8b83b33811e407d253770da

On Tue, Jul 29, 2014 at 12:48:45PM -0700, Jonathan Mayer wrote:
> WebKit forces third-party Flash content to run in private browsing mode. I think that’s a pretty elegant solution, if it’s feasible from extension-land.  
> 
> https://bugs.webkit.org/show_bug.cgi?id=94888
> 
> 
> On Tuesday, July 29, 2014 at 12:37 PM, Peter Eckersley wrote:
> 
> > r33lmm has offered to give us some advice/assistance in handling Flash in
> > privacy badger, which is really about handling Flash LSO cookies.
> >  
> > Flash LSOs are going to be a bit tricky for us to detect and (when
> > yellowlisted) block or 3rd-party-block in Privacy Badger, and especially
> > Privacy Badger for Chrome. In Firefox we have extra browser API options,
> > and the option of walking into the filesystem and messing with the Flash
> > config file or the Flash cookies on disk, but even there LSOs will be
> > tricky.
> >  
> > One strategy would be to inject a content script which runs some flash
> > into every page, that goes in messes with LSOs in some clever way. But
> > that seems horrible, and only worth considering if we can make our Flash
> > run if and only if the page has some Flash of its own that's about to
> > execute.
> >  
> > Another strategy would be to forcibly set click-to-play for Flash, which
> > is sort of ducking the question but might be ok.
> >  
> > --  
> > Peter Eckersley pde at eff.org (mailto:pde at eff.org)
> > Technology Projects Director Tel +1 415 436 9333 x131
> > Electronic Frontier Foundation Fax +1 415 436 9993
> > _______________________________________________
> > PrivacyBadger mailing list
> > PrivacyBadger at eff.org (mailto:PrivacyBadger at eff.org)
> > https://lists.eff.org/mailman/listinfo/privacybadger
> >  
> >  
> 
> 

-- 
Peter Eckersley                            pde at eff.org
Technology Projects Director      Tel  +1 415 436 9333 x131
Electronic Frontier Foundation    Fax  +1 415 436 9993


More information about the PrivacyBadger mailing list