Jump to: navigation, search

Complementos de navegador

This page is a translated version of the page Browser Plugins and the translation is 51% complete.

Other languages:
English • ‎español
Flash Leak Test SocksPort and TransPort
Flash Leak Test both TransPort

Introducción

We explain the risks of browser plugins (flash etc.), discuss some alternatives and finally explain how to use browser plugins anyway in the best possible secure manner.

Tor Browser

Para información general sobre Tor Browser, véase Tor Browser.

Warning not to use them

Quoted the Whonix Features page [1]: "Java / JavaScript / flash / browser plugins / Malware [2] / misconfigured applications cannot leak your real external IP." "This is still not recommended as they may decrease anonymity (e.g. flash cookies) and often have security vulnerabilities. Some popular plugins are closed source. See Real_World| Whonix Security in real world."

Although it's not recommended, we don't want to withhold the knowledge from you how to use browser plugins.

IP leaks are not easily possible.[3]

The concern against browser plugins can be broken down to:

1. Software no libre. Mira nuestra advertencia más arriba.

2. Linkability: browser plugins use can be probably correlated to the same pseudonym. [4]

3. Fingerprinting: browser plugins can probably leak lots of information about your (virtual) operating system (=Whonix-Workstation)

4. Security: some plugins have a history for remote exploits. More precise: the risk for your virtual operating system to get infected by trojan horses etc. is higher.

But anyway, of course you should look for alternatives first (see below), but if you insist on using browser plugins, an isolating/transparent proxy like Whonix is probably your best bet. [4]

Evitar complementos de navegador

Avoiding browser plugins and flash is better than using them.

Note that there are alternatives to browser plugins. Most of the workarounds aren't a 100% complete, perfect drop in replacement, but perhaps it works sufficient for you (for example, if you only need youtube). Alternatives are html5, gnash, flash video replacer, flash video download or using a flash video download and convert online service. There are also applications worth checking, such as youtuberipper, ClipGrab, minitube, Totem with totem-plugins-extra, etc. Discussing the flash alternatives in details is beyond the scope of Whonix.

Además, los amigos de Tails prepararon una buena lista de alternativas a Flash. Véase soporte de Flash en Tails.

Si aún quieres usar complementos de navegador o flash, lee lo que sigue.

Cómo usar Flash - FÁCIL

If you insist on using browser plugins anyway (read warnings above), you can install new software [5] in Whonix-Workstation. Your best bet may be using the Tor Browser.

Your IP/location will still be hidden. Consider the plugin usage pseudonymous rather than anonymous. This is the EASY chapter, which does not include all security considerations. For those, read the whole page.

If you are using any plugins such as Flash, it will be probably known to the exit relay, exit relay's ISP and website, that you are a Whonix user.

[6]

[7]

[8]

Instala Flash.

sudo apt-get install flashplugin-nonfree

(2) Adicionalmente, puede ser buena idea instalar el complemento BetterPrivacy BetterPrivacy para Firefox (Tor Browser), que puede configurarse para eliminar cookies de Flash.

(3) Activa complementos de navegador en Tor Browser.

To activate browser plugins in Tor Browser [9] right click on Tor Button -> Preferences... -> Security Settings -> uncheck: Disable Plugins during Tor usage. You have to restart Tor Browser.

(4) Actualizar Flash

Cada vez que haya una versión nueva de flash, deberías actualizar.

sudo update-flashplugin-nonfree --install --verbose

Cómo usar otros complementos de navegador

Nota que los desarrolladores de Tor Browser agregaron un parche [10], que bloquea todos los complementos excepto flash. Para usar otros complementos, lee más abajo la guía avanzada.

Cómo usar complementos de navegador - Avanzado

Si no quieres usar Tor Browser, puedes instalar los más conocidos Firefox, Chromium, Flash etc. Véase debajo la sección "Más seguridad" para una discusión sobre si es o no bueno para el anonimato.

Firefox.

## In Debian, Firefox is called Iceweasel.
sudo apt-get install iceweasel

Or Chromium.

sudo apt-get install chromium-browser chromium-browser-l10n

Cómo usar complementos de navegador - Más seguridad

Primero lee el capítulo FÁCIL más arriba

Primero lee el capítulo FÁCIL más arriba

Desactivar complementos de navegador innecesarios

It's recommended to activate only plugins, you really use. On most browsers their is a pseudo URL 'about:plugins' to check which are activated. Go to Tor Browser -> Tools -> Plugins and deactivate all plugins, which you don't need, or even better, uninstall them.

Separate Tor Browser or Separate Whonix-Workstation dedicated to browser plugins

For best security use More than one Tor Browser behind an transparent or isolating proxy or even better, multiple VM snapshots] or Multiple Whonix-Workstations.

SocksPort vs TransPort

Using the easy instructions above will cause Tor Browser to go through SocksPort and browser plugins such as Flash to go through TransPort. It may or may not make sense to either force both through a SocksPort (difficult) or to force both through the TransPort, see footnotes.

[6]

[7]

[8]

Descarga Flash directamente de Adobe

If you insist on using it... For better security [11] or if Flash from the Debian repository does not work for you, Flash can be downloaded directly from Adobe.

(1) Ve a https://get.adobe.com/flashplayer/otherversions/

(2) elije Linux (32-bit)

(3) choose 11.2 for other Linux (.tar.gz) 32-bit

(4) haz clic en el botón Descargar ahora

(5) verás

An external application is needed to handle:

https://fpdownload.macromedia.com/get/flashplayer/pdc/11.2.202.270/install_flash_player_11_linux.i386.tar.gz

[...]

Verifica que descargas desde https.

(6) Descarga.

(7) Unpack.

(8) Sigue las instrucciones de instalación en readme.txt.

Notas

  1. Features
  2. https://en.wikipedia.org/wiki/Malware
  3. Read Attack on Whonix and/or Design for details on how much effort would be needed.
  4. 4.0 4.1 For an overview about Flash Tracking Techniques and why Whonix users are much better off than users who run Tor and proxifiers and/or custom firewall rules, see chapter Flash / Browser Plugin Security
  5. Read Software| Software Installation on Whonix-Workstation
  6. 6.0 6.1 Most "plugins over Tor" users probably use Mozilla Firefox and Flash on Microsoft Windows with a socksifier. They can be easily browser fingerprinted and probably even linked, see TorifyHOWTO/WebBrowsers and Tor Button FAQ.
  7. 7.0 7.1 That is because very few people use Tor Browser with plugins, which are routed through Tor. Also because Tor Browser was at Whonix build time manually configured to use a Tor's SocksPort (for stream isolation), while user-installed plugins will will be automatically routed Tor's TransPort. The SocksPort and the TransPort will go through different circuits and most times through different exit relays. That probably differs from the rest of the "Plugins over Tor" users group. For demonstration, see screenshot:
    Flash Leak Test SocksPort and TransPort
    you'll see, that the Tor Browser and Flash have different Tor exit IP's. It's questionable if that particular difference could and should be fixed and if situation had improved afterwards. Cite error: Invalid <ref> tag; name "five" defined multiple times with different content
  8. 8.0 8.1 See Change/Remove Proxy Settings for how to route Tor Browser through Tor's TransPort. Then both, Tor Browser and plugins would go through Tor's TransPort. This has been tested, see screenshot
    Flash leak test both transport.png
    . The question would be, if that would actually improve the situation talked about in earlier footnotes. There are probably only a very few using Tor Browser and plugins through the same circuit. (In a earlier footnote, it was mentioned, that they are still using Mozilla Firefox, even though that's even more discouraged.)
  9. Note that Tor Button in Tor Browser disables all plugins by the default settings. That decision is made by the Tor Browser developers, not by the Whonix developers. (Of course, the Whonix developers second their decision.)
  10. https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/src/current-patches/firefox/0005-Block-all-plugins-except-flash.patch
  11. http://lists.debian.org/debian-security/2012/12/msg00025.html

Licencia

Thanks to JonDos (Permission). The "Restrict Flash Settings" chapter of the Whonix BrowserPlugins wiki page contains content from the JonDonym documentation How to anonymize Flash videos and applets page.


Random News:

Please Contribute by answering questions.


Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.