Slashdot Mirror

← Back to Stories (view on slashdot.org)

Freaky Flash 6 Fishy Features

Posted by chrisd on from the what-are-they-thinking dept.

donpardo writes "I upgraded to Flash 6 last week (to patch a security hole). When I right clicked on a Flash ad at abcnews.com, and pulled down to Settings I got a tabbed dialogue box asking if I wanted to give them access to my cam and microphone. Clicking through on the tabs revealed that the microphone and the camera had already been detected and that the microphone was active. I doubt the camera or the microphone were sending information out but this still seems invasive. Here are Macromedia's statements about the mic and the camera. In addition there is a setting to ask how much information the site can store on your computer. The default value is 100K. According to the information statement "Data can be anything from your user name to your current score in an interactive game to a list of stocks in your portfolio ... The data is not public, but the privacy of this data depends on the policies of the web site where the movie is hosted."" I thought the first sentence of this submission was telling ...

12 of 284 comments (clear)

  1. Sounds like American Pie by Anonymous Coward · · Score: 5, Funny

    Just be sure to cover your webcam with your shirt before you start making out with the supermodel. You should be okay.

  2. Check again... by djrogers · · Score: 5, Informative

    The first tab is set to 'deny' access to both your mic and your cam by default. The fact that the mic is turned on or off has to do with your PC's settings, not flash players.

    Still, could be fun...

    --
    Think outside the... Hey, where'd the friggin' box go?
  3. Jesus by papasui · · Score: 5, Funny

    How can I make money selling my amateur porn if they can see it all without my permission?

  4. Internet Awareness Anyone? by Scotch+Game · · Score: 5, Insightful

    Okay, security's important, but come on people. The settings are configurable, the policy is easy to understand and what we're talking about in terms of the data being stored is essentially what amounts to Cookies for Flash. The camera and mic stuff can be turned off. If you don't like Flash this won't make you love it and if you love Flash this won't make you hate it. So people are posting about WHAT exactly?

    "I have to turn my camera off for Flash! Invasion of privacy! Invasion of privacy! Cookies are evil! The sun is disappearing, the dragons are coming! The dragons are coming!

    1. Re:Internet Awareness Anyone? by Anonymous Coward · · Score: 5, Informative

      They are turned off by default, and everytime a new domain tries to access them, the user is prompted to give permission.

      mike chambers

      mesh@macromedia.com

  5. Re:Hm. by Lardmonster · · Score: 4, Funny

    Oh, well. Good thing they never bothered making a Flash 6 for Linux.

    Yeah, I'll say! I do most of my surfing in the nude!

    I wouldn't wanna get hit with lawsuits from indavertantly traumatizing people!

    (ahem!)

    --
    The more advanced the technology, the more open it is to primitive attack
  6. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  7. Re:These features existed before by Aquaman616 · · Score: 5, Informative

    No, these features are new to the Flash 6 plugin.

    They got a custom video codec built by Sorenson built to do this. That's what Apple is suing Sorenson over.

    The thing is that it's a full video code and weighs in around 75k. Pretty impressive really. Audio is MP3 encoded.

    --
    A|Q|U|A
  8. Re:What business does a player by qslack · · Score: 4, Interesting
    Well someone might want to write a flash program that allows you to upload pictures of yourself, or sound clips.

    Honestly, if you're this paranoid you should be more concerned that your OS has control of your camera and microphone, since your OS was written by Microsoft!
    You mentioned something that reminded me of a pretty interesting find of mine. I think that most webcams have remote surveillance features requested by the FBI.

    I was hacking some code to interface with one of the Logitech cams, and there was a bit in the "take picture" command that seemed to serve no purpose. I couldn't find out why it was there, since flipping it did nothing.

    As the sun set, I began to notice what it was for. With the bit ON, it would notify the user that it took a picture with the blink of an LED. With it off, it wouldn't. The dark room made this much more evident.

    Just think of the possible uses for this one. If the FBI knows your IP, they can try to infect you with a virus that snaps a mugshot of you for them. When you are registering software, the installer can get a picture of the user and compare it against the DB of previous installations with that serial number. Your boss can see what you're doing without even opening the door.

    Scary, huh? It's made me always turn my cam towards the wall when I'm not using it.
    --
    qslack.com
  9. how about SVG? by stego · · Score: 4, Informative

    It does vector and is even a bit more open....

  10. Re:What business does a player by GoRK · · Score: 4, Insightful

    MOTHER OF GOD that is so SINISTER of them. Surely, the bit is there to serve SATAN!

    I mean, how could it serve a legitimate purpose if you were using your webcam for, say, security purposes - to watch your empty office or house while you were away, or you just didn't want the LED to blink when it took a picture for say - your robot vision app? Won't someone PLEASE get these hardware engineers to stop including useful features in their devices?

    The intel webcams have always had this nice little shutter on the front that you can close. A very nice feature.

  11. From the source by Anonymous Coward · · Score: 4, Informative

    OK, some people seem to have found info about what the camera and mic objects are for on the web but I'll post the link again for the people who skipped that posting before moving on: http://radio.weblogs.com/0106797/2002/04/30.html#a 24

    1. The default the the camera and mic is to DISALLOW a site to access them.

    2. The camera and mic objects are there for something MM has coming down the tubes for a communication server via the Flash player, and the player will PROMPT users before ever granting a site access to their mics and cameras...I've got the beta of the server for testing purposes and it asks me every time (since I never check the little box asking me if I want the player to remember my setting)

    3. As many people have pointed out, the Local Storage settings are essentially cookies for Flash. They work in pretty much the same fashion (can only be accessed by the domain that created them, etc.) as cookies, but are only consumable by Flash.

    Personally, I wish some of the folks here would give the "Flash is evil" stuff a rest and see more people looking at the GOOD things that can be done with Flash rather than just the worthless drivel that a lot of people have produced, but that's the opinion of someone who works for MM, so I don't have much of a prayer there.