Orweb flash vulnerability
|Status:||In Progress||Start date:||07/24/2013|
I just downloaded Orbot and Orweb via the Playstore with Android.
As I visited http://ip-check.info , a web page, which is testing anonymizer-techniques, the page found out my real IP via the flash plugin.
The Tor Browser Bundle deactivates the flash plugin by default.
Work around: Deinstall flash. Maybe this is also helpful, but I think this could not be working on Android:
Because "Adobe Flash Player 11" has 100.000.000+, I set the priority to immediate. I think it's easy to build a little flash app, which is logging the real ip.
I would suggest, that you remove the line "RESISTANT TO FLASH VULNERABILITIES: Orweb attempts to prevent Flash from loading on sites you visit, blocking many common security threats." from your Orweb page.