On Fri, 28 Sep 2012 13:51:26 +0200 esolve esolve <esolvepol...@gmail.com> wrote:
> but I used tcpdump to capture packets and noticed that the video > packets are sent through tor nodes, not directly to the web site > so for the website, it should regard the connection is from an IP of > exit node. > what you meant is the adobe flash will also use the real IP to > connect to that website by bypassing tor? Adobe Flash apps can be written to ignore proxy settings of the operating system and applications and stream data back to anywhere. They have access to your hard drive, so they can read data from anywhere on your system. The keyword here is "can". Most flash apps work as expected and honor proxy settings and will dutifully stream/work over Tor. The user has no easy way of knowing if the app is recording their IP address locally or from their ISP and sending it back to some site, or just connecting back to a site without using the proxy. For the majority of people, flash is a black box doing unknown things. This isn't even addressing the exploits and vulnerabilities in the flash vm (called a player). It may be playing funny dog videos for you while it is ex-filtrating sensitive data. Because of these reasons, we determined flash is too risky to allow by default in tor browser. See #1 in https://www.torproject.org/projects/torbrowser/design/#adversary -- Andrew http://tpo.is/contact pgp 0x6B4D6475 _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
