Jump to: navigation, search

Dev/Flash Proxy

< Dev

Flash Proxy[edit]

Flashproxy has been removed from TBB. Therefore it can be considered deprecated.

Credits: anonym on tails-dev wrote some things about Flash Proxy. These have been adapted for Whonix. [1]

  • Each flashproxy client requires a listening port on the open Internet. That's something we've never had in Whonix before, neither by default or through some options (our firewall even blocks it). That enables fingerprintability when scanning the ports of a Whonix host.
  • Listening on a port like that also increases the attack surface dramatically; before this, no random host could try to attack Whonix by connecting to it -- the Whonix host had to (some how) connect to them first. So, yeah, these two things are quite contradictory.
  • The above point also raises some practical issues: in order to listen on an Internet-exposed port, the user must either use IPv6 (which isn't served by all ISPs, and is unsupported/disabled by default in many routers in use) or, in the case of IPv4, set up port-forwarding (since most people are behind NAT). This limits the usefulness of flashproxy.
  • The flashproxy client requires a direct connection to gmail.com, which I feel a bit uncomfortable with for a number of reasons. Currently Whonix only "speaks Tor" outwards, i.e. it communicates directly only with the Tor network or Tor bridges (exceptions: unsafe user on Whonix-Gateawy (e.g. for physical isolation users and captive portal login).
  • Bridges#flashproxy
  • forum discussion


Soon to replace flashproxy. It uses WebRTC peers to solve NAT connection problems.


  1. https://mailman.boum.org/pipermail/tails-dev/2013-June/003127.html

Random News:

Know iptables? Want to contribute? Check out possible iptables improvements. Say hello in development forum.

Impressum | Datenschutz | Haftungsausschluss

https | (forcing) onion
Share: Twitter | Facebook | Google+
This is a wiki. Want to improve this page? Help welcome, volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation. Whonix (g+) is a licensee of the Open Invention Network. Unless otherwise noted above, content of this page is copyrighted and licensed under the same Free (as in speech) license as Whonix itself.