Slashdot Mirror
Freaky Flash 6 Fishy Features
donpardo writes "I upgraded to Flash 6 last week (to patch a security hole). When I right clicked on a Flash ad at abcnews.com, and pulled down to Settings I got a tabbed dialogue box asking if I wanted to give them access to my cam and microphone. Clicking through on the tabs revealed that the microphone and the camera had already been detected and that the microphone was active. I doubt the camera or the microphone were sending information out but this still seems invasive. Here are Macromedia's statements about the mic and the camera. In addition there is a setting to ask how much information the site can store on your computer. The default value is 100K. According to the information statement "Data can be anything from your user name to your current score in an interactive game to a list of stocks in your portfolio ... The data is not public, but the privacy of this data depends on the policies of the web site where the movie is hosted."" I thought the first sentence of this submission was telling ...
Now im actually glad to have dial up
"The United States has no right, no desire, and no intention to impose our form of government on anyone else." - Bush 05
At work we have been blocking flash on and off for a while now and it now looks like that it will get blocked and stay that way. Its a shame too since cisco has finaly started using it for the only thing it was good for -- vector drawings.
Just be sure to cover your webcam with your shirt before you start making out with the supermodel. You should be okay.
Using IO and local storage; looks like they want to create a "web within the web" - except here they control the client and all the content. No more pesky 'open standards'. And, of course, if you want to create content, you'll have to pay the man...
I'm getting sick of this.
/Janne
Trust the Computer. The Computer is your friend.
Ok, I understand that the technology is here and that it is possible. I understand that some people want to know what your working on in your computer or the sites you are visiting for advertising purposes and what not.
What I cannot fathom, is how could anyone purposely write a program to spy into my room, listening to me or watching what I am doing? Doesn't anyone have a conscious anymore? Come on. This is my house, my life, stay the f@#k out!
Oh, well. Good thing they never bothered making a Flash 6 for Linux.
- A.P. (is the sky still falling, slashdot?)
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
The first tab is set to 'deny' access to both your mic and your cam by default. The fact that the mic is turned on or off has to do with your PC's settings, not flash players.
Still, could be fun...
Think outside the... Hey, where'd the friggin' box go?
How can I make money selling my amateur porn if they can see it all without my permission?
Okay, security's important, but come on people. The settings are configurable, the policy is easy to understand and what we're talking about in terms of the data being stored is essentially what amounts to Cookies for Flash. The camera and mic stuff can be turned off. If you don't like Flash this won't make you love it and if you love Flash this won't make you hate it. So people are posting about WHAT exactly?
"I have to turn my camera off for Flash! Invasion of privacy! Invasion of privacy! Cookies are evil! The sun is disappearing, the dragons are coming! The dragons are coming!
Is it just me, or does this sound like domain-limited cookies?
It says: "This data may be accessed by the Flash movie that is running or by another Flash movie on the same web site."
My impression is that the data it collects is not data sitting on your hard drive, it is data that relates to the flash application you are using.
-Zordok
Well someone might want to write a flash program that allows you to upload pictures of yourself, or sound clips.
Honestly, if you're this paranoid you should be more concerned that your OS has control of your camera and microphone, since your OS was written by Microsoft!
graspee
IIRC, access to cameras and mics (if present) was also a feature of Flash 5 certainly, and maybe Flash 4 as well -- the feature was just a little bit more buried then, and perhaps the detection built into the OS at the time wasn't as good.
I remember wondering what on earth a website would do with data from my microphone. Count the number of obscenities I muttered as I waited for the stupid flash-enabled splash screen to go away?
Ok, it's good to be concerned, but if you read the description, it's simply a method for a Flash movie to store information on your computer in a similar fashion as a web page stores information through a cookie.
This info is only available to other Flash movies from THE SAME SITE, similar to the protection provided for cookies.
It's simply a way to provide persistance from session to session at the same web site. I still wouldn't trust it with my credit card numbers, but Macromedia isn't Hitler reincarnated.
Calm down. This has only been a test.
q:]
MadCow.
I used to have a sig, but I set it free and it never came back.
The porn banner industry will just LOVE this.
Sounds like yet another loophole unscrupulous crackers could exploit.
Video Game cheats, hints a
In 100Kb, you've said "Damn, it's another bl**dy flash site". No more room for video, unless they get lucky, and get a 1-frame shot of your appalled face to go with it.
Now don't get me wrong, this is an invasion of privacy, especially if they have full control of a machine (say, Windows). I could think of a few things I'd grab, though, if I was feeling malicious. And I'm a pretty honest guy.
Author, Shell Scripting : Expert Re
If by default your options are turned off, then is there really any large amount of harm?
Storing information on your computer is an old practice (cookies), and contrary to popular belief, isn't all that bad.
How many of you stay logged in on slashdot when come back to the site? That wouldn't be possible without "maintaining state" between visits.
Personally I commend Macromedia for giving developers access to such important features (stored variables) and trying to get others into the mainstream (integrating video and mic).
If you think this is an underhanded deed, then why don't you check your cookie files, you'll see quite a few, 90% are there solely to help you (10% could be tracking information, which in the end, just gives the user more relevant information).
you can read what the camera and microphone settings are for here:
a 24
http://radio.weblogs.com/0106797/2002/04/30.html#
they are going to be used in a forthcoming flash communications server that will allow you to stream audio and video.
whats the big deal?
Hey, at least they aren't as bad as Real, and its' software.
Sig (appended to the end of comments you post, 120 chars)
All these scumwares that check for updates or send my browser history, bookmarks, cookies, registry keys, and directory trees to various sites keep freezing my ssh sessions. If they started to broadcast my mike, I'd be screwed. My dialup bandwidth isn't a resource any program can use at anytime, it's my precious property and I'm pissed off everyone is abusing it.
Comment removed based on user account deletion
First off if you are concerned about Flash security, read the whitepaper about it before spouting off about it:i tepap ers/security.pdf
http://www.macromedia.com/desdev/mx/flash/wh
Everything is set to deny by default. The plugin can see your mic and camera because its on your computer! It can't send that information unless you give it permission to. Again, read the security white paper.
The new camera and mic abilities of Flash allow you to do some really powerful things that you simply can't do any other way. In fact there was a story about someone trying to build custom web conferencing software last week and I told them to wait a couple months for the server that uses these features of the Flash plugin... I was modded up to 4!
This kind of thing is going to push the web to new places. Technology is driven by innovation which later turn into standards, not the other way around.
A|Q|U|A
Tomorrow's InBox:
From: xxxx
Subj: Come see My Hot WebCam!
From: xxxx
Subj: We're waiting for you!
From: xxxx
Subj: Flash Installed, See Bubba pick at his ass-crack
It's not even security as an application poking its head where it does not belong. Is there any good/common reason for flash to do anything with anyone's webcam/microphone? I think not.
Though I also think it's reasonable to at least muse the posibility that this was all just setup by the X10 camera people to setup a world wide voyeur web =]
I was hacking some code to interface with one of the Logitech cams, and there was a bit in the "take picture" command that seemed to serve no purpose. I couldn't find out why it was there, since flipping it did nothing.
As the sun set, I began to notice what it was for. With the bit ON, it would notify the user that it took a picture with the blink of an LED. With it off, it wouldn't. The dark room made this much more evident.
Just think of the possible uses for this one. If the FBI knows your IP, they can try to infect you with a virus that snaps a mugshot of you for them. When you are registering software, the installer can get a picture of the user and compare it against the DB of previous installations with that serial number. Your boss can see what you're doing without even opening the door.
Scary, huh? It's made me always turn my cam towards the wall when I'm not using it.
qslack.com
What happens if I do nothing?
The Macromedia Flash Player automatically detects any default microphone or other audio recorder on your computer, and sets microphone sensitivity to a medium value.
....
What happens if I do nothing?
The Flash Player automatically detects any video cameras on your computer and displays the name of the default camera it will use. If you do not select another camera from the pop-up menu, the Flash Player uses the default camera. To see a live display of the image being detected by the default camera, click the video preview area.
Now this is scary.
But picture this-- a virus that takes your picture, records you for a minute, compresses into
I think Back Orifice already has this in as a plugin, but man, a viral version of this... What's the best way to disable a laptop mic?
W
-------------------
This is my SIG. There are many like it, but this one is mine.
Ever since they made it so that play, loop and other right clickable consumer controls could be made unavaliable, I made the program unavaliable on my machine. Unlike IE past Win 98, it is still removable. The worst case I saw before I pulled the plug was a right click put the dialog box on the other side of the screen and not where you were trying to stop an annimation and where a right click brought up only one option "about Macromedia" I contacted the company concerning these trends in loss of control. I received no reply. I prefer Netscape over IE, because any page with flash content brings up a dialog box in IE, "do you want to install......" There is no option in IE "do not ask me again". I got tired of telling it "NO NO NO NO NO!" I would suspect MS and Macromedia have the same agenda to have your computer skip ads the same way your DVD player skips the FBI warning. Somebody is paying bucks to have the content delivered like it or not.
Since most flash is used for forced advertising and not for content, my main machine is flash and IE disabled by choice. At the rare site with actual flash content, my standby machine still has it, but it's rare I fire up that antique.
The truth shall set you free!
You can find information on how to uninstall Flash here: http://www.macromedia.com/support/flash/ts/documen ts/remove_player.htm
Prevent email address forgery. Publish SPF records for y
Then, at long last, the TV is watching YOU!
The good and new comes from no quarter where it is looked for, and is always something different from what is expected.
....register with us by giving us your life history along with your request for privacy.
We need your life history to make sure it you.
Let me get this straight. You are afraid of spyware running on an insecure OS and trust another app running on the same insecure platform to be able to detect it? Firewalls running on Windows are nothing but a joke. I'm just waiting for a well publicized exploit that ignores the major Windows 'Firewall' products to cause the clue by four to hit people.
Democrat delenda est
Thanks on the information to stop MS browser from begging me to install Macromedia flash. I almost stopped using the IE browser completely because of that persistant nagging.
The truth shall set you free!
Enjoy.
It does vector and is even a bit more open....
If the FBI knows your IP, they can try to infect you with a virus that snaps a mugshot of you for them
it's called Sub7, it advertising it's infections in an IRC channel and then anyone with a sub7 client can take webcams pics, desktop screenies, read files, run apps whatever
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Mine has a hard power switch and a real honest to god power indicator led. Wouldn't have considered anything else.
Anything else is asking for trouble someday. If not today's spyware, who knows what somebody will come up with next year. But if you have to reach up and flip the camera on you are in control.
Democrat delenda est
Yes, I have thought about some great ways of using this technology and I'll be speaking about them with another developer at SIGGRAPH this year. :-) (No, I'm not kidding)
A|Q|U|A
All the functionality of Back Orifice, now with animations!
[1]
[2]
At the risk of stating the obvious, if you value your privacy, you should probably have your web cam covered and your microphone unplugged whenever you aren't using them. It wouldn't be hard to write a virus/trojan/etc that activates them and eavesdrops without your being aware of it -- flash or no flash. The only way to be sure that doesn't happen is to physically disable the sensors.
I don't care if it's 90,000 hectares. That lake was not my doing.
This tech is pimarily focused on Video conferencing and tech/customer support. Imagine going to an online store and being greeted by a 'live' salesperson who can answer your questions in person.
Obviously there is room to abuse as in any tech. As long as the features are turned off by default and always, always give you the choice of whether to use them or not, I don't see any problems.
In the meanwhile if you don't like flash, pick a browser and plugin set that you can live with.
IE isn't the only one out there. Mozilla works very well for me.
A fool throws a stone into a well and a thousand sages can not remove it.
Scary, huh? It's made me always turn my cam towards the wall when I'm not using it.
Interesting solution...
Me, I just deleted my FAT32 partition and switched completely to Linux. Yeah, the FBI *could* try to slip some malicious code into the driver, but since it would found, they'd never do it - after all, they couldn't possibly deny it.
The Free desktop that Just Works
How can Flash be removed from 1) Windows, and 2) Linux?
Reasons not to run Flash:
Flash presents unknown security risks. Sometimes Flash and other Macromedia products have been the point of entry of trojans and viruses, as mentioned in this documentation of a very serious bug, Macromedia Flash Activex Buffer overflow.
Flash on a website advertises Flash. There must always be some notice that says "Download Flash if you don't have it", and a link to Macromedia, so that web site viewers can get the latest version. This forced added content distracts from the intended content.
Flash is nearly always used to provide images that are irrelevant to the content. Except for those who care about bright, shiny things more than content, Flash gets in the way. Flash authors are seldom qualified to provide moving picture content, and, even if they were, Flash is a very limited cinematic tool.
Flash often causes long load times. Long load times communicate that the website viewer's time is less important than the website creator's love of movement. Flash often causes Website viewers to wait for "Loading..." messages.
For website viewers who do not want to run Flash and other Macromedia software, or cannot, web sites using it are broken.
By using Flash, authors of Flash content may cause the URL of their customers to be transmitted to Macromedia. If some disloyal Macromedia employee, or Macromedia itself, thought of some profitable reason to approach those customers directly, Flash content authors could lose business.
Flash content is proprietary content. It is the money-making scheme of one company. This tends to undermine web standards like HTML. The Internet is a public utility for all of us to use. Proprietary methods go against that spirit.
MOTHER OF GOD that is so SINISTER of them. Surely, the bit is there to serve SATAN!
I mean, how could it serve a legitimate purpose if you were using your webcam for, say, security purposes - to watch your empty office or house while you were away, or you just didn't want the LED to blink when it took a picture for say - your robot vision app? Won't someone PLEASE get these hardware engineers to stop including useful features in their devices?
The intel webcams have always had this nice little shutter on the front that you can close. A very nice feature.
I advocate tough love. If this behavior continues, one of the following three things will happen.
All of these are acceptable in my opinion, so I'm not going to sweat it.
Karma: Good (despite my invention of the Karma: sig)
Flash started off as a very interesting technology about 6 years ago, and gained popularity amongst users because it was small (142k download or so), relatively innocuous (Only two exploits so far AFAIK) and it brought those things to the web that java applets had promised but failed to do. There was a huge demand for Flash coders in the middle of the Dotcom boom, especially when Flash 4 hit the scene with scripting abilities, allowing developers to make fancy interactive sites, and even more so when Flash 5 came around which improved the scripting and performance yet still remained small and relatively safe.
What happened?
Thousands of dotcommers made enormous flash intro animations to their sites (about half of them forgetting to make a "skip intro" link), which rapidly irritated many many visitors to said sites (a study on the irritation factor of flash intros and banners would be *very* interessting). At the same time as the dotcom scene started crashing around everyone's ears, desperate internet marketing whizzes decided that flash would be a brilliant vehicle for advertising, pushed along by an equally desperate Macromedia, whose products were no longer selling like hot cakes. The results of those ideas can be seen on almost every portal on the web (ZDNet is my favourite with slashdot also not doing too badly), and visitors reactions are known to everybody it seems except for the mindless marketing people who push it. In this way it is very similar to spam.
Macromedia spent a fortune on making Flash a tool that would liven up the web and make colourful, interactive, animated, dynamic sites possible especially in conjunction with macromedia's backend flash application server, generator. Apart from a host of sites early on this trend has died out almost completely, because what macromedia didn't realise is that just like web designers/coders have to cope with different browsers, they also have to cope with users who haven't and won't use the plugin, and therefore go for the lowest common denominator in websites:html with one or two pics etc. Flash didn't save a single dotbomb from going under.
Now, just like any other large company (ahem), they need to add "features" in order to carry on making money with their product. Flash 6(MX) now has built in video, microphone and cookies. I very much doubt this is suddenly going to improve the content of all the Flash we've been getting, although it may kill one or two other companies' media players(Quicktime, WMP, Real) but, in moving out of the traditional small player that they've had, it will fast become larger, and someone is sooner or later going to find some hole in their player (actionscript getting access to the drive while ostensibly looking for cookies? Exploiting a hardware driver(keylogger)?). For all my irritation with Sun's Applet saga and java on windows, Sun worked very hard to make the language and VM design secure (and the fact that of the few exploits with browser JVM's being mostly in MS' JVM does show this). Macromedia doesn't AFAIK have that much experience in security wrt clientside technologies and time will tell what will happen with this player.
I used to be a Director programmer and with Director you could pretty much do anything on the client machine with no checks and shockwave, director's browser plugin went in the same direction as flash is going: first a straight player and then with laetr versions you could download all sort's of xtras onto the client machine. I once, as a security test, wrote a screensaver with shockwave, that everybody in the company loved (it even won an award for design). What no one realised until we tald them, was that the screensaver had been merrily scanning people's drives in the background and uploading filelists to us.
You see, they had this wonderful insight:
Of course, protocols for network transparent graphics, sound et cetera already exist, but they have that nasty four letter word in them (open).
Sarcasm aside, I am sure the intent of this is to allow Flash 6 to provide Video conferencing type applications - just click on the link and there you go.
I saw a most interesting article in InfoHurl about this - the funny thing was they showed apps being remoted to Windows, Mac-OS, and Linux. Yeah, I'll believe MacroMedia will be supporting Linux with a good Flash 6 player about the same time as BillG tongue-kisses RMS - the current Flash 5 player is MUCH slower than the Windows player on the same hardware (while strangely NOT taking all available CPU!), fails to sync video and audio, and generally is unstable (Heaven forfend somebody ELSE might want to access
www.eFax.com are spammers
http://www.zombo.com/
How's that for a nice flash intro?
OK, some people seem to have found info about what the camera and mic objects are for on the web but I'll post the link again for the people who skipped that posting before moving on: http://radio.weblogs.com/0106797/2002/04/30.html#a 24
1. The default the the camera and mic is to DISALLOW a site to access them.
2. The camera and mic objects are there for something MM has coming down the tubes for a communication server via the Flash player, and the player will PROMPT users before ever granting a site access to their mics and cameras...I've got the beta of the server for testing purposes and it asks me every time (since I never check the little box asking me if I want the player to remember my setting)
3. As many people have pointed out, the Local Storage settings are essentially cookies for Flash. They work in pretty much the same fashion (can only be accessed by the domain that created them, etc.) as cookies, but are only consumable by Flash.
Personally, I wish some of the folks here would give the "Flash is evil" stuff a rest and see more people looking at the GOOD things that can be done with Flash rather than just the worthless drivel that a lot of people have produced, but that's the opinion of someone who works for MM, so I don't have much of a prayer there.
for anyone using voice recognition, or any other application where keeping your mike at the CORRECT
level is important. What right do they have to change my settings?!
According to 'the boys from Brazil'
even Hitler reincarnated isn't Hitler reincarnated
___
It's the end of my comment as I know it and I feel fine.
I have never been a big fan of Flash. Not that it is a bad technology, but just like anything else that is remotely cool people use, abuse, and misuse it to the point where the cons outweigh the pros.
I guess my biggest beef with Flash is that people make IT the content as opposed to using it to accent the content. Ever been to a site where you can't bookmark shit and none of the browser navigation does shit because hitting back only restarts the whole thing? That is the kind of stuff that drives me nuts...
Just my $.02...
--Jon
Can we discuss this?
Reasons not to run Flash:
Flash presents unknown security risks. Sometimes Flash and other Macromedia products have been the point of entry of trojans and viruses, as mentioned in this documentation of a very serious bug, Macromedia Flash Activex Buffer overflow [eeye.com].
So, ok, _ONE_ security notice. No known exploits of this hole. Company acknowledgement and fix in less than a day.
What other risks? WHat other holes or past vulnerables? Any known exploits? Name them. I think the case can be made that Macromedia is more diligent with security than many in this business, and more worthy of trust.
Maybe the problem is with using a browser that requires Activex?
Flash on a website advertises Flash. There must always be some notice that says "Download Flash if you don't have it", and a link to Macromedia, so that web site viewers can get the latest version. This forced added content distracts from the intended content.
The Flash plug-in is just about default on most browser installs, so few see that download message. The plug-in's truly free, and not nagware like QuickTime or Real. And most people aren't developers, so not a very targeted campaign, is it? The real ad value is that the plugin works well for the majority of users.
Flash is nearly always used to provide images that are irrelevant to the content. Except for those who care about bright, shiny things more than content, Flash gets in the way. Flash authors are seldom qualified to provide moving picture content, and, even if they were, Flash is a very limited cinematic tool.
Those comments are more often applied to television.
So should Flash have a taste filter to prohibit the creation of tacky content?
Flash is just a tool, not an artistic movement.
Flash often causes long load times. Long load times communicate that the website viewer's time is less important than the website creator's love of movement. Flash often causes Website viewers to wait for "Loading..." messages.
Flash is currently one of the most eficient and reliable formats for delivering dynamic interactive content. It's success comes from the fact that there's not really any other interactive animated format that competes with it yet.
Download time is a contract between author and viewer; if the content is good, they'll accept the delay. With broadband, the majority of Flash pieces download in a few seconds.
For website viewers who do not want to run Flash and other Macromedia software, or cannot, web sites using it are broken.
Sites are broken because the author didn't care enough to put in detection for the plug-in, and didn't include alternate non-Flash content. By the way, the Flash plugin (presence and version) is VERY easy to detect via javascript or other means (unlike Quicktime)
By using Flash, authors of Flash content may cause the URL of their customers to be transmitted to Macromedia. If some disloyal Macromedia employee, or Macromedia itself, thought of some profitable reason to approach those customers directly, Flash content authors could lose business.
Uh huh.... right. Big software company secretly wants to run tiny boutique webshop in converted factory loft making way kewl Flash pieces.
Flash content is proprietary content.
No more or less than ANY content.
It is the money-making scheme of one company. This tends to undermine web standards like HTML. The Internet is a public utility for all of us to use. Proprietary methods go against that spirit.
The Flash movie format SWF is an open format. Write your own authoring tool. Others have.
It must be Slushdot instead.
News for Luddites. FUD that matters.
To everyone worried about security holes that have never been exploited, the added bandwidth of streaming images and (god forbid) sound, and the thought that your microphone will be used to spy on you, here's a hint.
INSTALL LYNX YOU LUDDITES!
Thank you.
No Zen is good zen
"So, ok, _ONE_ security notice. No known exploits of this hole. Company acknowledgement and fix in less than a day."
Flash has caused several very serious security breaches, and the company acknowledges this. A computer under my supervision was totally owned by someone exploiting a bug in a Macromedia product.
"The Flash plug-in is just about default on most browser installs, so few see that download message."
You forgot something very important. Sometimes there has been more than one upgrade to Flash within a month. If a web site uses a later version of Flash than is installed, you see the message.
"Sites are broken because the author didn't care enough to put in detection for the plug-in, and didn't include alternate non-Flash content. By the way, the Flash plugin (presence and version) is VERY easy to detect via javascript or other means (unlike Quicktime)"
Your answer to this extremely serious problem can be shortened to "Sites are broken..." It is VERY bad advertising if a user gets an error message instead of a web page. That happens a lot with Flash sites, for many reasons. For example, the user may have Javascript disabled, or it may be an imperfect implementation of Javascript, such as with version 5 of Opera.
"Uh huh.... right. Big software company secretly wants to run tiny boutique webshop in converted factory loft making way kewl Flash pieces."
Your answer is an attempt to influence by innuendo, not logic. Several years ago I was getting about 40 pieces of spam a day. Many seemed to have a connection with AOL. It just happened that someone from AOL called, trying to sell me something. I complained about the spam. Immediately it stopped. Was AOL doing the spamming? Maybe not; maybe it was someone who worked for the company who was making some money on the side. Would someone wanting to make money try to breach your computer security? Here is a small list of attempts to do so: The Spyware Infested Software List
The fact remains, when you use Flash, you are giving your customer list to Macromedia, and to whomever has access to Macromedia computers.
"Download time is a contract between author and viewer; if the content is good, they'll accept the delay. With broadband, the majority of Flash pieces download in a few seconds."
The viewer is not aware of any contract. The viewer is aware that he or she must wait. Again, this is extremely bad advertising.
This Slashdot story continues an impression of Macromedia. The company is like Microsoft in that they tend to push the limits of what people will accept so that they can make more money. Would you have a friend who continued to test your limits? No? Then don't have a business association that tests people's limits.
Thanks.
I've been following Macromedia since they started. This Slashdot story was the last straw for me. If something goes wrong with my customer's computers, it will be me who is blamed. Deleting Flash is a sensible precaution on a business network.
what security breaches?
You forgot something very important. Sometimes there has been more than one upgrade to Flash within a month. If a web site uses a later version of Flash than is installed, you see the message.
afaik, there are flash versions 3 thru 6, with about 2 years between the version steps. there is no flash 5.2.
The fact remains, when you use Flash, you are giving your customer list to Macromedia, and to whomever has access to Macromedia computers.
you are providing them with the urls of companies that have an swf on their site. this could have been any authoring tool that generates swf. but you're right, they probably do this so they don't have to search the web for swfs.
The viewer is not aware of any contract. The viewer is aware that he or she must wait. Again, this is extremely bad advertising.
the viewer doesn't have to do anything. either he or she waits, or decides that it wouldn't be worth it. swfs are small. you can make big swfs, and you can make swfs that really suck. you also can make pretty shitty html sites. if you have that sort of talent.
The company is like Microsoft in that they tend to push the limits of what people will accept so that they can make more money.
they opened up the standart. i don't know what you mean by pushing the limits of what people will accept. but as a company, macromedia wants to make money. just like any other company.
--
making up good sigs is a hard thing to do.
Thanks for your reply.
"i don't know what you mean by pushing the limits of what people will accept."
I consider this Slashdot story is an example of pushing the limits. They are taking more control of the user's computer without making it clear in advance what they are doing. That's abusive, in my opinion. Your computer is your property. You wouldn't feel good about someone using your car without permission. You shouldn't feel comfortable having someone use your computer without permission.
What you are saying strikes me as sensible. However, if Macromedia can make this change without warning users, it can make other changes.
I corresponded with someone at Macromedia about problems of this nature. It is possible that the company just appears to be sneaky, and in fact they are only ignorant of proper marketing.
This Slashdot story, "Freaky Flash 6 Fishy Features", has certainly done the company a huge amount of damage. The story was motivated by the surprise at what Macromedia has done. That is terrible marketing. For a full realization of the depth of the damage, reflect upon the fact that Slashdot readers are a significant percentage of all the people who make technical policy about computer use at their companies. That is terrible marketing; it's so bad that it makes me wonder about the ability of the company managers to make any decision.
Also, look at this quote (2nd paragraph), from the Macromedia web site: "The data is not public, but the privacy of this data depends on the policies of the web site where the movie is hosted."
Translation: "We have arranged a situation in which the privacy of your computer is out of your control and is dependent on someone else." That is becoming very close to the exact purpose of spyware and malware.
Translation 2: "We are moving toward a way of making money in which we make it possible for web sites to control a user's computer, without the user's understanding or knowledgeable permission."
What is also VERY scary about this is that Macromedia has made programming mistakes in the past, and will no doubt make mistakes again. When you use Flash, you are allowing non-standard ways of communicating which have not been reviewed by a standards committee (such as with the upgrade and install process). As this shows, and the Slashdot story implies, Macromedia is willing to make your computer less secure as a result of their money-making schemes. This gives the strong impression that the user's security is not their priority.
I agree with the Open BSD team: Security is a primary concern. I don't like the direction Macromedia wants to take us, and I don't like their ideas of what is acceptable behavior. But Macromedia is worse than sneaky, the company has bad judgement, and that is even more frightening.
That is entirely upto the programmer. If he does it right load times can be as small as 30 seconds for a really rich flash document, as Flash MX now supports streaming audio and images that can be loaded from the server directly. MX also has new support for video (Sorenson) and is now at a very exciting stage. Btw a basic (text) flash document wil actually be smaller in size than a similar HTML document, and security for the content is also better than basic HTML..
Why not make it interesting? Modify that virus so that it detects when the user is surfing lots of pr0n sites, waits 5 minutes, then captures a short video clip from the user's webcam and emails that snippet to everyone in the user's address book...
Because on average, 5 minutes is more than enough for majority geeks.
The setting to disallow stored data defaults to 100k per website. Even if you check the "never" box that only applies to the the current website! It's still 100k for the next site you visit. #@$$@%#@!
-
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
You're a bit naive.
So you're saying that no one would want to see a CEO's webcam that has confidential papers in view of the picture? Papers that could give a competitor an advantage? (or anyone--such information could make a person very rich in the stock market) ...or how about a credit card in view of the cam. Maybe those items would be hard to read, but someone could get lucky, and the mic wouldn't even have this sort of problem if any of this info is spoken aloud. In fact the mic could probably catch information that is even more sensitive...
Maybe they don't really want to look at your webcam pics, but use them to embarass you. Ever use your computer in your underwear? Ever change in front of your webcam? Ever pick your nose? Those events could be posted all over the internet.
So it is off by default. That doesn't guarantee that the plugin doesn't have a bug somewhere that'll allow a webmaster to get access to the webcam or mic anyway. It's another possible way some wacko can access your system. Granted that the most used browsers have known security holes that are much worse, so to some degree you have a point, but it is still a concern.
Cookies are not a problem in themselves, but when they are used by determined organizations to cross-reference computer use, can be used to discover information far more extensive than any one cookie stores.
Most people are honest, and have difficulty thinking like the crooks, and don't have the technical knowledge to understand the issues. So, they have difficulty imagining the way that cookies are actually used sometimes.
100 Kilobytes is a lot just to "save the state of the user's computer". There is indeed something fishy in the story Slashdot calls "Freaky Flash 6 Fishy Features". If you are a programmer, it is easy to guess that something is being planned that is not being discussed on the Macromedia web site.
You aren't taking a view different than yours sufficiently seriously, in my opinion.
You said, "I would give you a list of names, many of whom you would know if you had a life - but I won't, because I don't think your even qualified to make judgement on them."
I make the statements I make because I have been following the issues, not because I haven't. If I had not been following the issues, I would not know enough to care.
I have, for example, followed the careers of Roger Black (DaniloBlack.com) and Hillman Curtis (HillmanCurtis.com). Both of them have used Flash in a way that I think were poor marketing.
One of the biggest problems with Flash is not Flash itself, but the poor abilities of people who try to author motion pictures for the first time.
Here is an example of some fairly good work in Flash by Hillman Curtis: HP Ad The biggest problem with Flash is that people use it for unncessary motion. In this case Hillman Curtis made a fairly good movie. But it still looks amateur compared to the images we see on television every day. That's a huge problem: Customers unconsciously compare Flash moving pictures with regular moving pictures, and Flash often looks, comparatively, dorky.
You said, "Thats makes complete business sense doesnt it. Good thinking sherlock ! Macromedia realy wants to piss off its developmet comunities - the comunitys that use and are passionate about they're products. You realy do have so little understanding of the web. "
You are missing the point. Macromedia is collecting your customer's web site addresses for some reason. What is the reason? What would the company do if it fell in financial hard times, and the survival of the company depended on selling the web addresses? The sale could be hidden. AOL had disloyal employees who sold AOL customer information and company proprietary information. This could happen at Macromedia. The fact that they collect this information suggests that they can conceive of using it.
I agree. One problem with Flash is that web designers are rarely good cinemetographers.
Another is that web designers rarely take the time to consider all the programming issues of making Flash actually work in the real world.
A third problem is that, even if a web designer is an extremely knowledgeable programmer, and a great cinematographer, there are browsers that deliberately mis-identify themselves. Opera can be one of them. There is a menu option to identify Opera as anything you like. And Opera is arguably the world's most convenient browser.
The excellent free ad removal tool, The Proxomitron (or here, The Proxomitron), identifies whatever browser you use as "Space Bison". It is a woolly world out there, and we should not pretend that we are ready for a particular technology when we aren't.
This is the issue: Do you want some of your customers to get error messages, or bad displays? If you don't want to make this sacrifice, then Flash technology is not quite there yet.
Yep, they tell you, we will be very careful about turning you camera on and won't let anyone else do it, honest!
Give me one good reason I should ever let Macromedia look through my camera.
Microsoft has been very careful with your privacy for years. I doubt these advert pushing clowns will do any better than this: Ha-Ha
That's why I won't run anything but free software. Macromedia, fuck off!
DMCA, Hollings, Palladium. What might have sounded like paranoia is now common sense.
Right away I found one possibility in Flash MX:
What happens if you crack a router and spoof Macromedia?