Skip to content

Why the TorBrowserBundle doesn’t contain Flash!

9. Feb 2013

This isn’t just about the TorBrowerBundle. It’s about why Tor and Flash don’t get together like toast and marmalade (jam).

I mentioned Flash in the previous post and to avoid confusion and answer the question that some people have and had.

The goal of the Tor project is to give you control about your anonymity online. Flash works just fine over Tor, but it could potentially reveal your IP address. Tor aims to anonymize the origin of the traffic, it can not and does even try to anonymize the traffic itself. If some Flash code sends your IP address over Tor than you “shot yourself in the foot”. Flash itself is not open source therefore it can not be inspected nor can it be modified.

For the same reason you shouldn’t open documents that you downloaded over Tor, while being online. Documents can contain resources which are hosted on servers and document viewers and editors try to download the images or what ever is linked, but not embedded, in the document and therefore revealing your IP if the software isn’t aware of Tor and connects to the Internet directly, bypassing Tor and undermining your anonymity.

There are attempts to put Flash in a sandbox to prevent such leaks, but until this is ready to use Tor and Flash aren’t a good idea if you use Tor to stay private and maintain your anonymity.

You can read that in Tor’s FAQ. And you may remember the warnings you read as you downloaded your Tor package.

From → General

One Comment
  1. Hallo,
    This is for you, for being kind to others and me : )
    Pick it up here if you want to

    Sweet greetings, Summer

Comments are closed.

%d bloggers like this: