FTC Is In Talks With Adobe About the 'Flash Problem'

jamie links to news that the FTC is talking with Adobe about persistent Flash cookies. "Flash isn't actually necessary to watch YouTube videos, but the rest of this article is interesting."

What if the local storage is made zero?

[140Mandak262Jamuna]

Flash player settings has an option to set the amount of local storage permitted for the player. What happens if I set that amount to zero and mark it permanent (i.e. check box remember)? Would it remove the ability of the flash player to set cookies?

Re:What if the local storage is made zero?

[characterZer0]

I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?

Re:What if the local storage is made zero?

[MobileTatsu-NJG]

No. None of us really uses Linux. We just say that to look cool.

Re:What if the local storage is made zero?

From experience, 50/50 it will hang the flash as it waits for the storage write to finish, or fails to send a tracking ID to the server.

Even better, if you let it prompt you, third party local storage requests usually appear multiple times yet there is a 1 second lockout on the deny button between requests.

Re:What if the local storage is made zero?

[IrrepressibleMonkey]

Not sure, but experience shows that most Flash sites will stop working when you deny storage rights.

Re:What if the local storage is made zero?

I actually use Linux, what scares me is that the ONLY closed source piece of software on my computer is flash.
I think Adobe knows, or hopes, that they will one day be providing massive amounts of video content from actual television channels and Cable Company's and the only way to build some kind of content protection system, DRM, or paid service model would be to keep Flash closed.

Re:What if the local storage is made zero?

[jawtheshark]

Probably would work... Well, I'd simply do "rm ~/.adobe/*; chmod 500 ~/.adobe/*", which would be shorter and keep read/access rights to said directory.

That said, if Flash expects to be able to write to that directory, it might crash when it tries to utilize it. So it really isn't a foolproof method.

As per this moment, under .adobe in my home directory exists the following structure: "~/.adobe/Flash_Player/AssetCache/VSUUJTSX/". The directory is probably randomly generated just like profile directories in Mozilla (harder to predict in case of a flaw in the plugin/browser). In there are just files with the extensions .swz and .heu and one file called "cacheSize.txt". None of these files seems to be human readable (well, okay cacheSize.txt makes somehow sense). Oddly enough, the oldest file is from 25th September 2010. As I use my browser daily and don't mind youtube or the odd flash game, this is strange indeed. I would nearly say that they stopped using it.

Re:What if the local storage is made zero?

I had tried something similar a while (~year?) ago. I had made the directory mode 555 owned by root instead. But browsing some pages caused flash to loop endlessly for some reason, chewing up 100% of one core. Had to kill the browser to stop it. It's been a while ago and can't remember which page it was, but it was something pretty common like cnn or youtube. I don't currently have flash installed to try the specific suggestion given in the parent.

Re:What if the local storage is made zero?

[noidentity]

Flash player settings has an option to set the amount of local storage permitted for the player. What happens if I set that amount to zero and mark it permanent (i.e. check box remember)?

pIt probably still stores locally a flag that says you don't want it to store any data locally. Nuking it from orbit is probably the only way to be sure (it doesn't store data locally).

Re:What if the local storage is made zero?

[Cylix]

You are mad...

I use linux all of the time and even when I'm not.

Just this morning I was using chmad to change some files. Then I was like, "I need to kat these files to my pipe."

It's not like I installed from floppies and just said I was using. I like to keep my systems up to date as well. I'm going to go grab the new version 4 kernel in a minute. Maybe later I'll sit down and write some scripts in Rattler.

It's not just an operating system... it's a way of life.

Re:What if the local storage is made zero?

[symbolset]

If the site requires the ability to store flash evercookies as a cost of viewing the site, I'm OK with not being able to see their content. It's too much to pay.

Re:What if the local storage is made zero?

[rubycodez]

Have an experiment going at my house, swfc-gnash seems to be working ok for my wife on her PowerPC laptop with Ubuntu 10.04. Bought that G4 used but the osx filesystem started to have that particular problem Apple's fsck can't fix (but a few commercial disk repair wares can, wtf Jobs?) I'm still a flash weenie on my x86-64 Ubuntu, but I have to study for stupid certifications for my job where the exam simulators are in Flash that the swfc can't do yet.

Re:What if the local storage is made zero?

From experience, 50/50 it will hang the flash as it waits for the storage write to finish

Should be fixable by symlinking to /dev/null.

Or /dev/random.

Re:What if the local storage is made zero?

[John+Hasler]

I've had good luck letting them read and write /dev/null.

Re:What if the local storage is made zero?

[ilikejam]

Flash player also creates a ~/.macromedia directory...

Re:What if the local storage is made zero?

[beakerMeep]

Flash's behavior when disable cookies is really terrible, mostly due to developers that don't care about such a situation. However, this is pretty much the same with any given HTML/javascript web app. From my perspective simply blaming Flash isn't constructive.

The real problem is having multiple locations to store local data and no single place to clear it. I'd say the browsers and W3C should be the solution to this. They should really put their collective foot down and set a standard by which plugins are allowed to store data and integrate with the browser. This would go a long way towards solving a lot of the privacy concerns of Flash and HTML5. There would still be some tricks to identify a user (font list, user agent string, plugin versions, etc) but again the solution is the same.

Re:What if the local storage is made zero?

Whoosh...

Re:What if the local storage is made zero?

[mswhippingboy]

This sounds an episode of CSI...

http://www.youtube.com/watch?v=hkDD03yeLnU

Re:What if the local storage is made zero?

[jhoegl]

Hehehe... chmad

Re:What if the local storage is made zero?

I would nearly say they stopped using it.

Would that I had mod points... jawtheshark has done the science on this that everybody else just expects others to do. Applause, good sir.

Re:What if the local storage is made zero?

[rrohbeck]

I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?

Looks reasonable. I did
rm -rf ~/.adobe;touch ~/.adobe;rm -rf ~/.macromedia;touch ~/.macromedia;

Re:What if the local storage is made zero?

[M.+Baranczak]

We're already part of the way there: HTML 5 includes its own local storage scheme. If this was around (and widely supported) when Flash was first being developed, I'm sure they wouldn't have bothered to concoct their own local storage, because there'd be no need.

All we need to do is encourage Adobe and other plugin developers to use the new standard instead of making up their own custom schemes. Which shouldn't be that hard, since in the long run it makes the developers' jobs easier.

Re:What if the local storage is made zero?

For Linux systems, a python script called s2x allows editing of the Flash configuration:

http://osflash.org/s2x

Use it to disable flash cookies on a Linux system.

Re:What if the local storage is made zero?

For many programs, setting such storage to "0" means not limiting it at all: it's the flag for "don't check this".

Re:What if the local storage is made zero?

[scdeimos]

Bought that G4 used but the osx filesystem started to have that particular problem Apple's fsck can't fix (but a few commercial disk repair wares can, wtf Jobs?)

It's called planned obsolescence. Jobs mustn't have counted on third parties fixing the issue.

Re:What if the local storage is made zero?

[WrongSizeGlass]

Just this morning I was using chmad to change some files. Then I was like, "I need to kat these files to my pipe."

Dude, you can't just talk the talk, you gotta type the type.

Re:What if the local storage is made zero?

[anton_kg]

it should, but there is a legal way of doing it. Just edit /etc/adobe/mms.cfg file and deny everything.

Re:What if the local storage is made zero?

[mrmeval]

Volume control problems. One of my extensions deletes LSOs so I'm good.

Re:What if the local storage is made zero?

[fishexe]

I use linux all of the time and even when I'm not.

I see you got the new cranial implant with embedded Linux too, eh?

Re:What if the local storage is made zero?

We're already part of the way there: HTML 5 includes its own local storage scheme. If this was around (and widely supported) when Flash was first being developed, I'm sure they wouldn't have bothered to concoct their own local storage, because there'd be no need.

All we need to do is encourage Adobe and other plugin developers to use the new standard instead of making up their own custom schemes. Which shouldn't be that hard, since in the long run it makes the developers' jobs easier.

Local storage is a bad idea.

Evercookie is an excellent example of that.

Re:What if the local storage is made zero?

[MichaelJ]

On some websites, presumably due to poor coding on the part of the Flash applet developer, a storage amount of 0 will simply cause the Flash applet to fail. This is the experience I had when I tried this a year or two ago.

Re:What if the local storage is made zero?

I actually did this and it does not work. Many sites are broken (hypem.com to name one of them). An alternative that works fine for me, is rm -rf ~/.adobe ~/.macromedia ; ln -s /tmp ~/.adobe ; ln -s /tmp ~/.macromedia. Since /tmp is cleared at every reboot, I get "session" cookies but never persistent ones. Yay.

Re:What if the local storage is made zero?

[littlewink]

I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?

That's not enough on Ubuntu: copies of the same "cookies" are kept also in two other directories:

• .macromedia.flashplayer.(macromedia.com).support.flashplayer.sys
• .macromedia.flashplayer.#SharedObjects.xxxxxx

where xxxxxx is a hashed string.

Re:What if the local storage is made zero?

[hairyfeet]

Well there are a couple of other choices, at least if you are on Windows. One you can use a third party tool like CCleaner (which I prefer this link as it is a fully automated install that doesn't ask to install Chrome and will install CCleaner to the right click of the recycle bin) that has a nice little checkbox for cleaning out Flash crap, or Two if you don't mind spending some money for some cool extras you can pick up SuperSpeed RAMDisk and set your temp folders to a RAMDisk which will be wiped on reboot. This also gives you the advantage of having much faster RAM for temp and if you have more than 4GB on Windows x86 it will even let you use the RAM above the 4GB limit for a RAMDisk. Nice for those of us that dual boot with Windows XP for older apps.

So while I agree that the evercookie asshattery needs to DIAF, it isn't like there aren't easy ways around it.

Re:What if the local storage is made zero?

[Windowser]

You mean, you actually reboot ?

Re:What if the local storage is made zero?

I don't know what the .heu files are, but the .swz files are probably a digitally-signed cache for the Flex framework (and maybe their Text Layout Framework). Flex is a UI library made by Adobe for enterprise-level Flash apps. Since Flex is not part of Flash Player itself, Flex apps always used to embed any part of the framework that the developers needed. You'd download the same extra 200K (or more, depending on required features) every time you loaded one. Adobe implemented this caching to reduce file size. Nothing sinister there.

Re:What if the local storage is made zero?

[MobileTatsu-NJG]

It's not just an operating system... it's a way of life.

Yeah but the oath of celibacy is a deal breaker for me...

Re:What if the local storage is made zero?

[Eskarel]

The problem is that the browser vendors are in bed with the advertisers. Google is the advertisers, Firefox is funded by Google who is the advertisers, Opera is trying to do things that make Facebook seem private, Safari on anything but Mac sucks, and Microsoft hasn't released a browser that didn't suck in 10 years.

The unfortunate reality of a world in which all sorts of things are free is that the end user is no longer the customer and therefor no longer right. If we still paid for web browsers I suppose we could complain that we were getting screwed, but I'm not sure if the modern web would exist. Maybe someday micro payments will solve this issue, but the banks seem to be in no hurry to allow that sort of thing to work, so we may never know.

Re:What if the local storage is made zero?

Well- I'm not doing that and yet I AM using GNU/Linux! I don't own a copy of MS Windows nor does anybody in my household.

Re:What if the local storage is made zero?

Have an experiment going at my house, swfc-gnash seems to be working ok for my wife on her PowerPC laptop with Ubuntu 10.04

By the time Gnash runs Flash v10 apps, Adobe will have released Adobe Flash v22

Re:What if the local storage is made zero?

The real problem is idiot web browser developers, website developers, and web application developers insisting that the client side be used for the local storage. If some state needs to be remembered, do it all server side only, please. If the technology doesn't exist, then guess what? Invent it.

Who will be the first to put an end to web servers and web applications storing persistent data on the client side, now and forever?

Re:What if the local storage is made zero?

[Psicopatico]

I linked the directory ~/.adobe to /dev/null and the writing permissions are there.
Obviously nothing gets really written.

Re:What if the local storage is made zero?

[C0vardeAn0nim0]

it doesn't crash. i did this in my work PC and it works like a charm. no flash crap on my $HOME after i made .adobe read only and owned by a diferent user.

Re:What if the local storage is made zero?

[Skapare]

mount -t tmpfs tmpfs /home/${user}/.adobe

Re:What if the local storage is made zero?

[drinkypoo]

I just have a .macromedia/ directory, not .macromedia.whatever

Re:What if the local storage is made zero?

What happens is youtube gets fucked. I've found several video sites have a hard time loading if you disable that space.

Re:What if the local storage is made zero?

Hey that's not fair, his command works fine on my MacBook Air.

Re:What if the local storage is made zero?

(Score:5, Funny because its true)

Re:What if the local storage is made zero?

[tepples]

You mean, you actually reboot ?

I reboot my laptop once a day or more because suspend still drains the battery.

Re:What if the local storage is made zero?

[symbolset]

A site that would store evercookies would do other things I don't approve of. They have gone from providing information to furtive tracking. For someone who's gone that far, a phone-home BHO is just one logical step away.

Re:What if the local storage is made zero?

[Stooshie]

Sometimes client side storage is needed when writing an online app. (e.g. if the user goes out of range of a wireless network). Google gears is an excellent example of this.

Re:What if the local storage is made zero?

[Stooshie]

It's not bad coding. Most browser apps I have been involved in writing involve local storage for some data, rather than going back and forth to the DB every time the user needs something. Certainly there should be a check to see if it is set to zero and then a message saying, "How do you expect any app to work without local storage, dolt?".

Re:What if the local storage is made zero?

[profplump]

Have you considered finding a laptop manufactured after 1984? Mine runs for more than a week in suspend mode.

Re:What if the local storage is made zero?

[ultranova]

Yeah but the oath of celibacy is a deal breaker for me...

Don't worry, watching hentai doesn't count.

Re:What if the local storage is made zero?

[ultranova]

That said, if Flash expects to be able to write to that directory, it might crash when it tries to utilize it. So it really isn't a foolproof method.

Simply put into your crontab "rm -Rf ~/.adobe/*" to be executed once per minute.

Re:What if the local storage is made zero?

[ultranova]

It's not bad coding.

Yes it is.

Most browser apps I have been involved in writing involve local storage for some data, rather than going back and forth to the DB every time the user needs something.

That's what variables are for. There's a huge difference between storing something per-session and permanently.

Certainly there should be a check to see if it is set to zero and then a message saying, "How do you expect any app to work without local storage, dolt?".

Easily: you store whatever data you need to into local variables, and the rest on the database on the server.

Re:What if the local storage is made zero?

[Stooshie]

Most browser apps should store store data locally to support offline browsing in case the user goes out of range of the network. If it doesn't then that is bad programming.

Re:What if the local storage is made zero?

[tepples]

Have you considered finding a laptop manufactured after 1984?

Dell Mini 10, manufactured in 2010, won't hold a charge in suspend for more than a couple days.

Re:What if the local storage is made zero?

[Ahnteis]

It's annoying because either some sites won't work ("never ask me again") or it'll pop up 300 times asking for more storage.

However, if you use Firefox, you can download the "BetterPrivacy" addon and just wipe them every time you start (or close?) the browser. No more tracking. (Whitelist, etc available)

Re:What if the local storage is made zero?

[Jim+Hall]

I took a similar tactic. I run Linux (Fedora 14) and simply created a Startup entry that deleted my local Adobe Flash storage whenever I login to GNOME. Since I logout at the end of the day, this effectively clears out my Flash cache. Flash can keep what data it likes, but it can only keep it for a day.

In GNOME, click System - Preferences - Startup Applications. Then click Add to add a new entry. For the command, I just typed rm -rf /home/jhall/.adobe

Re:What if the local storage is made zero?

[GameboyRMH]

I just use BetterPrivacy. It clears your flash cookies whenever Firefox launches or closes, and causes no issues.

Re:What if the local storage is made zero?

[GameboyRMH]

HTML5 storage is particularly nasty because the data isn't (necessarily) stored in separate files, they're stored in a database, so different browsers will store them in different ways. And HTML5 storage is already being exploited by marketing companies. There needs to be a BetterPrivacy-style plugin for HTML5 storage, but the only Firefox plugin I've seen so far that touches HTML5 storage at all is Nevercookie, and it only does that to kill Evercookies.

Re:What if the local storage is made zero?

[GameboyRMH]

Google is actually deprecating Gears and replacing it with HTML5.

Re:What if the local storage is made zero?

[asvravi]

BetterPrivacy addon in Firefox solves the issue - it can delete all LSOs every time you quit the browser or ever x minutes.

Re:What if the local storage is made zero?

As a Flash developer, I say yes. But keep in mind it's based on per-domain (I think, unless there's an option to never ask you regardless of domain).

Thing is calling them "cookies" is misleading because the main purpose is to save data locally for usability rather than to send data to a server or third party. Everyone hears "cookie" and thinks of nefarious marketing companies collecting personal information.

I like the Local Shared Object (correct terminology for a Flash "cookie"). eg: Say you're playing a game, it can save your high score, your option preferences, your progress in the game, etc, etc. So if you turn off that ability, every time you come back to the game, you'd be starting from scratch with default settings. Why would you want that??

Re:What if the local storage is made zero?

If you use firefox, go in the privacy preferences and enable the always-on private browsing mode. This prevents flash from storing cookies (but sites still work and empty .macromedia and .adobe folders are created in ~).

RTFA ??

[Janek+Kozicki]

what do you think? That I have time to read that fine article? Are you crazy? I like reading slashdot because of all those short summaries. And now, you didn't bother to even write a summary. So why do you bother to submit it?

Because you are glad, that adobe needs to provide a way to remove their stupid cookies?

Re:RTFA ??

[larry+bagina]

Simple: this is slashdot and we hate flash and want to eliminate it. Except on the iPhone. We don't use the iPhone and don't know anybody that does, but it needs to support flash for some reason.

Re:RTFA ??

No no no, you have misunderstood. Not Flash Gordon, it should be Flesh Gordon. We want porn on the iPhone!

Re:RTFA ??

[jc42]

We don't use the iPhone and don't know anybody that does, but it needs to support flash for some reason.

My wife has an iPhone (which we frequently compare with my G1). She watches a fair number of videos on it, including youtube, and she hasn't expressed any problems with this. She has noticed the lack of flash ads in a lot of sites' pages, but she doesn't consider that a problem, either.

If she's any example of the typical Apple fanperson, Apple just might do well to continue to block flash. Maybe they should make this an option for Macs, too.

Re:RTFA ??

And you've got porn on the iPhone. Porny apps are now in the "top 25" free apps. Probably, they should've thought about what would happen to those top 25 lists when they started letting adult type stuff exist in the app store...

Re:RTFA ??

[schnikies79]

Many Slashdotters use an iPhone, myself included.

Re:RTFA ??

[serviscope_minor]

Or, you know there are at least 561269 on shashdot and some of them hae different opinions.

Re:RTFA ??

[RulerOf]

Simple: this is slashdot and we hate flash and want to eliminate it

No no no... we hate flash because it sucks. We want flash to die to a better technology or for Adobe to get off their asses and fix it.

If you'll excuse me, I'll be turning up the volume so I can hear the YouTube video over my computer's fans.

Re:RTFA ??

[beakerMeep]

You realize you can uninstall it, right? You dont need Steve Jobs to do that for you, although I think he wants to. :)

Re:RTFA ??

what do you think? That I have time to read that fine article? Are you crazy? I like reading slashdot because of all those short summaries. And now, you didn't bother to even write a summary. So why do you bother to submit it?

See, that's the beauty of this approach: you can just read the summary, and it's as if you read the article and formed an opinion (specifically, that Flash isn't necessary to watch YouTube, but that the rest of the article is interesting). All without having to read more than two sentences. Now that's a time-saver!

Because you are glad, that adobe needs to provide a way to remove their stupid cookies?

Hmmm, needs more commas.

Re:RTFA ??

[PNutts]

I like reading slashdot because of all those short summaries. And now, you didn't bother to even write a summary.

It looks like someone got their twitter ~ /. accounts confused.

Re:RTFA ??

+1 for cutting insight.

Re:RTFA ??

[icebraining]

We don't want to install Flash on the iPhone, we want the possibility of doing so without Apple choosing it for us. Flash is just a notorious example of the iP* platform restrictions any geek/hacker should loath.

Re:RTFA ??

Many Slashdotters use an iPhone, myself included.

That's good for you but... for everybody else... so fucking what?!

If you refuse to use a platform-neutral system why should the rest of us be bothered with your non-neutral platform preference?

Re:RTFA ??

[DMUTPeregrine]

No, no, we want the ability to run the applications we want on the devices we own. If that happens to be flash on an iPhone, then Apple should not be able to say "no." We also want flash to be eliminated, because it's a bloated, slow piece of garbage with more security flaws than a mouse prison made of swiss cheese.

Re:RTFA ??

[N0Man74]

It's not so much about a burning desire to have Flash on an iPhone, but rather resentment that Apple tells us that we aren't allowed to have Flash on our iPhone. We want freedom more than flash content, which is why some of us have indeed skipped the iPhone entirely.

However, not knowing anyone that uses an iPhone? Really? The number of iPhone users I know is double the number of Blackberry or Android users combined.. It's hard to throw a stone without hitting an iPhone user.

Re:RTFA ??

It's hard to throw a stone without hitting an iPhone user.

This sounds like a hilarious idea for an Android game...

Re:RTFA ??

[Civil_Disobedient]

We want flash to die to a better technology or for Adobe to get off their asses and fix it.

Yeah, like HTML5, which supports TrueType font embedding, animated vector graphics, MP3 sound and MP4 video all right out-of-the-box. And has continued to do so for the past decade.

Oh, wait.

Steve may have been right

[alvinrod]

More and more, its looking like Steve Jobs was right (albeit for the wrong reasons) about Flash. HTML 5 is capable of replacing Flash in 95% of cases and in almost all of those cases provides better performance and accessibility. Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

Re:Steve may have been right

More and more, its looking like Steve Jobs was right (albeit for the wrong reasons) about Flash. HTML 5 is capable of replacing Flash in 95% of cases and in almost all of those cases provides better performance and accessibility.

He changed the universe by making an observation.

Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

Might be the same thing, actually, given how much power Flash drains.

Re:Steve may have been right

[causality]

Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

1. It's a really good idea. 2. It's well within our ability to do it. 3. There are a million excuses for why no one is seriously committed to making it happen.

I think you've come up with an excellent analogy.

Re:Steve may have been right

95% eh - you guys keep spamming sites with your ludicrous nonsense but somehow i get the feeling that other 98 percent of the computing world will just carry on using Flash- however much you moan about it.

Most of the developers i know are waking up to what html5 actually means - a return of the days of 'this site is best viewed with [insert browser] and that 'just won't do.'

If you step back and have a look at the stats it becomes clear what a laughable proposition it really is - even to the most deluded fanatic(...?...)

  98% of Internet connected PCs have Flash Player
  85% of the top 100 websites use Flash Player (Alexa)
  75% of web video is viewed using Flash Player (Comscore)
  98% of enterprises rely on Flash Player (Forrester)
  70% of web games are delivered using Flash Player (Evans Data Corp.)
  3.5 million developers use the Flash Platform
  19 of the top 20 device manufacturers worldwide have committed to shipping Flash technology on their devices

Re:Steve may have been right

[JackAxe]

Let's see some proof to back up your claims about HTML 5.

Re:Steve may have been right

[hedwards]

So, basically what you're saying is that we need the DoJ to come in and break up the monopoly which is harming competition.

Re:Steve may have been right

[jhoegl]

But but but... Silverlight!!!

Re:Steve may have been right

Er no, what I'm saying is the competition is crap and doesn't stand a cat in hells chance of getting anywhere.

HTML has been stretched way beyond its original intent - to deliver static, stateless text-based documents. It's not fit for purpose anymore.

The truth is that Flash is ten times more open than any of the walled gardens that Apple imprisons its poor users in. And while html5 likes to pretend that it is the product of open development its easy enough to see now that that in reality most of the work is done by a few companies - the browser vendors, and they just are writing down whatever they want anyway.

Re:Steve may have been right

and java applets and java fx... and quicktime.

Re:Steve may have been right

[icebraining]

HTML is simply a document markup language. It hasn't been "stretched" in any way. What are all those extensions that distorted HTML?

And just because many people use Flash, doesn't mean it's better. It was for a long time, if the current share is a reflection of its current quality or just a reflection of its history, it's not clear.

And who exactly do you think should written the HTML specs? What's the problem with browser vendors writing it? This isn't like the Netscape/IE wars, where each vendor wrote their own spec; this is a single, open spec for everyone.

Re:Steve may have been right

[dbIII]

He basicly just said that flash is shit instead of delivering a two page bullet point list of exactly why. Many have said that but he was just in a position where he does not need to support it.

Re:Steve may have been right

[SideshowBob]

Weren't those exactly the reasons Jobs gave?

Re:Steve may have been right

Would you care to provide some proof that HTML has better performance or accessibility? The comparisons I've seen show the opposite.

Re:Steve may have been right

[walshy007]

and ten years ago like 60% of the browser market used IE6, your point? things change, they only change if we recognize the flaws with the existing system.

Re:Steve may have been right

GrooveShark just ditched their Flash UI for a new HTML5 one. It uses much less CPU and loads much faster. Proof enough?

Re:Steve may have been right

[yuhong]

Not that it don't have it's own storage, though.

Re:Steve may have been right

[yuhong]

At least it is built into the browser.

Re:Steve may have been right

[uninformedLuddite]

Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

You mean it'll never happen?

Re:Steve may have been right

[aztracker1]

It isn't about accessibility or to an extent, performance... if you release an application toolset similar to Flex/Flash or Silverlight (VS/Blend) that produce outut as readily, while targetting HTML5, that might be true,,, if you could package html5 apps into a single package to download like SWF or XAP (in the browsers), that might be true as welll. I really enjoy web application development, but those two points are what will hold broader HTML5 support in the wild back... Server-side prorammers prefer a comfortable toolset to develop with, and front end designers don't want to program. I think what is needed is great tooling, and a good standard package system (similar to office docments, or other application packages, xap, odf, etc)

Re:Steve may have been right

[Leon+Buijs]

"Ending the web's dependence on Flash is a lot like ending dependence on foreign energy" Yeah. And we all know how well that is working out.

Re:Steve may have been right

[tepples]

But but but... Silverlight!!!

Flash runs on platforms where Silverlight doesn't. Moonlight, as I understand it, is only good for showing "This application requires a newer version of Silverlight" notices.

Re:Steve may have been right

[Stooshie]

Java applets, are you serious? Give me flash any day. And definitely not HTML5

Re:Steve may have been right

[Stooshie]

HTML5 will be like every other HTML spec. Poorly implemented across the board. "Hacks" all over the place for different browsers. Flash overcame all this a long time ago. With Flex, it has a fully working development environment that will run on all browsers and all OS's and where, with not much more than the click a checkbox you can compile your app for desktop ot browser. It is also relatively secure (compare it to Java browser plugins, for instance).

Re:Steve may have been right

[GameboyRMH]

Yeah 50 years from now a guy on a tech news/comedy show (which will ironically be one of the best tech news sources) will probably make a montage of people talking about ending the web's dependence on Flash over the last 50 years :-(

Re:Steve may have been right

[GameboyRMH]

He changed the universe by making an observation.

No, he drummed up popular support for a years-old idea by being Steve Jobs.

Re:Steve may have been right

[icebraining]

HTML + JS runs in more OSes and browsers (iOS, for example, but many others). It also doesn't need to be compiled at all.

As for security, Flash has a terrible track record. Who cares if it's better that Java? We were talking about HTML, not Java. And since you need an HTML browser to access Flash websites, you're just adding more vulnerabilities by having it running.

Re:Steve may have been right

[Stooshie]

HTML + JS runs in more OSes and browsers.

Apart from iOS (which was a business decision by SJ, not a technical one), there are very few browsers that don't implement flash (users may choose not to, but that is a different matter).

If there is a security glitch in flash it is noticed and gets fixed. If there is a security glitch in JS, who knows which browsers will be fixed and when?

It is fairly obvious that you don't remember the bad old days of IE5.5 on Windows 98. There were really only 2 browsers worth speaking about then, Netscape and IE. They had massive security glitches (particularly IE) and implementing HTML for the different browsers was a massive headache and took up a good 60-70% development time (and the main problems were making IE5 and 6 look the same).

I would rather have one way of implementing things that can be fixed at one source rather than loads of different implementations.

Old School Flash Problem:

[macraig]

Naked guys wearing trench coats hanging out near schools?

THIS is a summary?

[Rorschach1]

Seriously, WTF? How about a sentence telling us what the 'flash problem' is, and maybe a bit about WHY the article is interesting?

Re:THIS is a summary?

Oh come on, it's interesting because the summary submitter says so. It's like reading a blog!

Re:THIS is a summary?

[Daniel+Dvorkin]

I believe the problem may have something to do with persistent cookies. I'm not sure why I have this impression ... it's just some idea that came to me out of nowhere ... oh, wait, I know where that idea came from! I read the first goddamn sentence of the summary.

Re:THIS is a summary?

FTS:

FTC is in talks with Adobe about persistent Flash cookies.

Can't you read?

Re:THIS is a summary?

[drolli]

It was meant to be a tweet.

x@x:~$ wc
FTC Is In Talks With Adobe About the 'Flash Problem'; "Flash isn't actually necessary to watch YouTube videos, but the rest of this article is interesting."
            1 26 157

Re:THIS is a summary?

[eL-gring0]

From TFA: "While a browser can remove “normal” HTTP cookies, the privacy controls in a web browser like Mozilla Firefox or Microsoft (NSDQ: MSFT) Internet Explorer can’t remove Flash cookies, which can only be removed by using two separate services available on Adobe’s web site."

Also: "At least one browser, Google Chrome, now allows users to control the Flash cookies from within their browser’s privacy controls."

I'm ignorant of other browsers' features, being relatively happy with my Firefox/Adblock/Noscript bubble of sanity, but it seems that Mozilla and other developers might push to clean up after more of their plugins' messes. If the plugin makers don't care, at least Google's team seems to. Why can't Firefox by default? Opera? Even IE? I saw no mention of Silverlight in that blurb, but I imagine it can be used for tracking too. Of course, people would actually have to use Silverlight for that to happen.

Re:THIS is a summary?

[Osgeld]

did you RTFA? its not much more

Re:THIS is a summary?

In general, a browser plugin can do anything it wants, as is it just a normal piece of native code that gets control over part of a webpage. There is no way to know what a browser plugin is doing without wrapping in some kind of sandbox/VM, which could break the functionality of the plugin. Chrome does a lot of work to special case Flash. Mozilla only special cases Flash in that it complains about out dated Flash versions. Mozilla really do not wan to spend a lot of effort to get Flash working better because they don't want people using Flash at all. Google is taking a more pragmatic approach... especially as they are presently the main reason why Flash is being used so much (YouTube).

There is a Firefox plugin called BetterPrivacy which handles Flash cookies, but it does it by having knowledge about where they are stored, not by interacting with the Flash plugin directly.

Re:THIS is a summary?

[frosty_tsm]

Oh come on, it's interesting because the summary submitter says so. It's like reading a blog!

Or a tweet.

Re:THIS is a summary?

[Arker]

Everyone knows Firefox is useless without plugins. "Objection" handles LSOs.

Re:THIS is a summary?

Don't be a knob. Over 80% of all browsers now have Silverlight installed. My company produces SL apps and they sell like crazy.

Furthermore, SL has very visible and accessible options to allow you to clear your SL persistent storage area, or remove the ability for a site to use it. Very easy to use.

But I forgot. SL was made by Microsoft and is therefore evil without even looking at its merits.
Sigh.

Re:THIS is a summary?

[Will.Woodhull]

...being relatively happy with my Firefox/Adblock/Noscript bubble of sanity...

You might want to look at the BetterPrivacy Add-on as well as the above. It is a whitelist based manager of Flash cookies. Which are used by a surprising number of sites that don't use Flash in any obvious way, including Gmail.com (whose Flash cookie I allow).

BetterPrivacy for Firefox. The developer's site, with links to reviews of BetterPrivacy in half a dozen big name magazines.

Re:THIS is a summary?

[Will.Woodhull]

But I forgot. SL was made by Microsoft and is therefore clearly and obviously evil.

There. Now it's fixed.

Microsoft has spent the last 30 years polishing its reputation as the world's greatest institution of evil genius. It has definitely earned that reputation, and fully deserves everything that goes along with it.

Don't try to take away from Microsoft what it has worked so damned hard to obtain.

Re:THIS is a summary?

[Stooshie]

Which is interesting as anything that is said on slashdot AND is about flash AND is true would probably fit in a tweet.

Re:THIS is a summary?

[GameboyRMH]

Good thing you pointed that out. The article is talking specifically about the privacy issues of Flash cookies.

The "Flash problem" as geeks know it is that a full browsing experience depends on a closed-source plugin (with a terrible security history), compatible only with select browsers and platforms (with vastly different release schedules for the plugin on different OSes), made by a single company for the display of in-page video and complex interactive content. When I saw the article title I thought the FTC might be looking at addressing this problem.

Re:THIS is a summary?

[GameboyRMH]

But I forgot. SL is another Flash-like proprietary technology vying to make the web dependent on a single vendor and is therefore evil without even looking at its merits.
Sigh.

FTFY.

Flash *is* necessary.

What's this horseshit about Flash not being necessary to watch YouTube videos? What chain of fifteen broken beta plugins are you going to tell me to install that will let me browse & watch YouTube not as well as everybody else that does use Flash? Specifics, or you are full of shit.

Re:Flash *is* necessary.

well lets have a quick look at the full-o-shit meter shall we...?

oh dear - it's not looking good timothy...

Re:Flash *is* necessary.

1. A browser that supports HTML5 video
2. Clicking the link on the bottom of this page: http://www.youtube.com/html5
3. Profit!!!!!

CBG

Worst summary EVER! - CBG

One Cookie Spot by forced Error

[muindaur]

I would love to not need CCleaner(or whatever third party cleaner that grabs flash files) to clean out the cookies. Easy removal of Flash cookies is not the only thing. Microsoft, Mozilla, etc should force ALL cookies into one folder, and cause an error if a javascript(or any script) or flash attempts to place a cookie outside that one specific location.

Websitest that do this will be forced to comply or not get the data they need. An argument that they will hold customers hostage by not allowing the cookies at all is not valid. Those sites would cave rather than lose the money waiting for MS etc to change their minds.

Re:One Cookie Spot by forced Error

I don't think so, Tim.

Here's why:

M$ doesn't need you money. Or my money. Or your mom's money. They need $MegaCorp's money. M$ does not work for your mom.

As long as $MegaCorp needs cookies, M$ will be glad to service them day and night, for a fee.

If M$ were to stop cookies, something like this might happen...

The $VP of $MegaCorp and a $VP of M$ are on the golf range one fine, sunny weekday morning. And the $MegaCorp d00d is like all, "DOOD!!! we need c00kies but M$ doe snot have them. BillG you really set us up the bomb!!! We will have to buy from Google now."

And the M$ dood will be all like, "OH NO!!! Me so sorry! Me so sorry! We put cookies back. Please don't call Sergy."

And the two corp's lived happily ever after. The end.

Re:One Cookie Spot by forced Error

[muindaur]

You also realize I specified Firefox, etc. That means I was speaking of all browsers. I would be happy with just firefox doing that.

Also, you can completely block cookies now if you want to, and that was not my intent. It was simply to have them placed in a single location for easier management.

Re:One Cookie Spot by forced Error

[icebraining]

Javascript could never choose the cookies' location, there was never any JS API to do it.

Flash, on the other hand, it's a binary blob outside of the browser's control, unless it uses a sandbox like Chromium is doing.

Re:One Cookie Spot by forced Error

[muindaur]

With firefox I normally see a plugin container running under processes, so it should be possible to make the container a sandbox that does that. I'm not sure if IE has a process that manages addons.

I would imagine it tells flash it's storing the cookie where it wants to, but uses a pointer to the address of the firefox cookie folder; then tells flash it grabbed it from the location flash said it was stored?

Re:One Cookie Spot by forced Error

[icebraining]

I would imagine it tells flash it's storing the cookie where it wants to, but uses a pointer to the address of the firefox cookie folder; then tells flash it grabbed it from the location flash said it was stored?

In theory you could do that, using hooks on certain calls, but the Chromium doesn't; they just use Windows' permission system to disallow writing to any directory except authorized ones, so if the plugin tries to write anywhere else it'll get an authorization error, so many of the current plugins crash on Chromium with the sandbox enabled.
It seems they got Adobe to release a version of Flash that actually does the right thing, so Flash will probably be sandboxed soon enough, but other plugins might take a while.

What Problem?

#/bin/sh

#Firefox Launcher
firefox
rm -R $HOME/.macromedia/Flash_Player/#SharedObjects/*

Flash

[DaMattster]

Flash has seen its day come and go. With Webm and HTML5, Flash will be killed off!

Re:Flash

Exactly, with HTML5 comes the dawn of a new age, an age in which innovation will no longer be required! The industry will happily hold itself to the rate of progress afforded by a standards committee and the whims of each individual browser maker for implementing new capabilities. Software companies everywhere will happily turn away from tools that provide innovations for making their lives easier or giving them opportunities to reach more customers at less cost with competitive features.

Thank goodness we finally see the light!!!

Re:Flash

With Webm and HTML5, Flash will be killed off!

Sure, just as soon as there's a usable IDE with a built-in time-line and all the other features Flash provides for content creators.

Don't get me wrong; I look forward to the day I don't have any Adobe products installed on my machine (well, maybe Fireworks), but Flash provides a great platform to build things with.

Java, HTML4, Silverlight, LiquidMotion, VRML, QuickTimeVR have all been displaced by Flash, I think it'll be a while (if ever) for HTML5 to overtake Flash.

Re:Flash

h264 will beat webm. It has powerful companies behind it, eager to promote a technology they hold the patents to. Including Microsoft. They'll just have IE support h264 videos out the box, while it needs a plugin downloaded for webm. Kill it off just like they killed realplayer.

Re:Flash

[GameboyRMH]

Microsoft/IE doesn't have that kind of power over the web any more, for one thing, and next, consider that IE doesn't come with Flash right now, and it didn't seem to stop or even slightly slow down Flash adoption. If MS ignored HTML5 entirely, they'd just be creating a space for the Adobe of HTML5 plugins - in fact in that case it would be a smart move for Adobe to add HTML5 rendering into their Flash plugin for IE.

And the site is slashdotted...

So even those of us who do RTFA must engage in uninformed postulation and speculation

Proof?

Are you new here? We don't need proof. We need a car analogy. A BAD car analogy.

Re:Flash Problem?

You have absolutely no clue what you're talking about if you think actionscript is like javascript. Any experienced AS3 coder has a far easier time jumping into C# or Java than javascript.

Someone has already brought this up, but

[rickb928]

What the FTC or whatever needs to do is not to build some Do-Not-Call system for Internet tracking. It's pointless to fine them insignificantly, and they never delete the data. Besides, they share it everywhere, and it's gone and done in minutes. Scattered everywher.

No, the FTC or whatever should build a Do-Not-TRY system. Internet sites should be required to not even try to track us, and honor a 'Universal Do-Not-Try-To-Track' cookie. Essentially, getting caught leaving cookies otherwise should be evidence of the attempt, and bill them. Among other things, troll for violations and fine them enough to at least pay for the system. Until they get it, and then it's the overseas sites that will be the culprits, and then we can play whack-a-mole and start in on forcing them to comply or sanction them along with the EU.

They are going to involve the EU also, right? If not, waste of time.

ps - Don't bother trying to sancton Chinese outfits. Just don't bother. You're kidding yourself.

Re:Someone has already brought this up, but

[Bob+Uhl]

Essentially, getting caught leaving cookies otherwise should be evidence of the attempt, and bill them.

So you want to enter your username and password every time you reload a page, every time you post a comment &c.? Or you're cool with URLs which look like 'http://www.example.com/page?sessid=37a1-fb6c-9372-11de' instead or 'http://foo:bar@www.example.com/page' instead of 'http://www.example.com/page'?

Do you even know what cookies are, what they do or why they were added in the first place?

Re:Someone has already brought this up, but

[rickb928]

Yes, dear, I know what cookies are, and why they were conceived.

Since you're still in the box, I'll lift the lid for you.

Since we really can;t ban cookies, and since we can't even tell the difference between a 'tracking cookie' and any number of useful and innocuous cookies, we're stuck with figuring out that we are being tracked, usually by accident. In this environment, theh FTC has a Sisyphean task in trying to implement a 'do-not-track' option for Internet users. Let's leave the foreign sites, aggregators, and such alone for now.

So do we expect the FTC to push the stone up the hill, only to watch it roll back down as another technique is developed? Sounds like our airline security system, save that people genererally don't fear death when tracked online, and the evil trackers are less constrained by politics and such.

Session cookies are too useful to eliminate. Any method that allows you to navigate a site ikn a useful way probably permits tracking that could be used for marketing purposes, and when more than one corporate entity shared data on you, well, you been tracked, and in the way that most people don't like.

Is there no way to limit tracking, or give users options to avoid it? Well, maybe two.

First, do we decide to truly punish transgressors? Assuming we can agree on what the transgressions are, slapping most outfits with a few hundred thousand dollars in fines is meaningless.

Second, when the data has been thrown around a bit, it's lost forever. Nothing compensates you.

I'm not at all hopeful the government (or any governments in any combination) have any hope of addressing this in a useful manner.

So, the third option. Browser add-ons to let you properly manage cookies, tracking data, and such.

I suspect this will come whether we ask for it or not. Those crazy kids out there will mash up some interesting stuff.

So climb out of the box, and don't think for a moment that everyone that yearns for a simple solution is oblivious to reality. It's ok to dream. You just have to stop eating that particular fruit.

Re:Someone has already brought this up, but

[rickb928]

Oh, and I'm cool with URLs that look like:

'https://www.example.com/page?sessid=37a1-fb6c-9372-11de'

Works for me.

Re:Flash Problem?

Second that-- posting anonymously because I'm embarrased that I write Actionscript to exclusion of most other things.... JAVA is a close second tho.

BetterPrivacy Plugin for Firefox will delete LSO

[Hyperhaplo]

Firefox plugin BetterPrivacy - https://addons.mozilla.org/en-US/firefox/addon/6623/ - will delete LSOs

It can be set up to automatically delete LSO on browser exit; on a timer (every x minutes/hours/days) or manually

It allows you to set a whitelist (protection list).

It doesn't 'solve' the problem; but in the mean time it at least breaks part of the cycle.

Also: Ghostery - https://addons.mozilla.org/en-US/firefox/addon/9609/ - helps to stop the problem in the fire place.

Used with Ad Block Plus - https://addons.mozilla.org/en-US/firefox/addon/1865/ - it makes surfing the web much better.

The Wild West era ended when there was no one left to conflict with.. right?

Re:Flash Problem?

You are proof that sometimes murder should go unpunished.

Indeed. I was thinking about incentives, maybe tax breaks or subsidies.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Flash Problem?

[redJag]

ActionScript isn't like JavaScript? They are both based on ECMA Script, they are very similar as languages.

ECMAScript is the scripting language standardized by Ecma International in the ECMA-262 specification and ISO/IEC 16262. The language is widely used for client-side scripting on the web, in the form of several well-known dialects such as JavaScript, JScript, and ActionScript.

I've (unfortunately) written a lot of both and they are extremely similar to each other. Yes, there are a lot of features inside that bloated Flash runtime, but that doesn't mean ActionScript is not like JavaScript.

Re:BetterPrivacy Plugin for Firefox will delete LS

[Hohlraum]

Please mod up and stop suggesting other stuff. BetterPrivacy was created specifically to solve this problem :)

Random thoughts

[Artem+S.+Tashkinov]

First of all, let's not make a mountain out of a molehill - 99.999% of users have no idea that they are being constantly tracked and there's such a thing like cookies ... or even more not only your browser itself can store cookies, flash player itself has its own cookies (aka persistent storage). Most users will never bother logging off from gmail and clean cookies and they don't realize all their search queries are linked to their gmail account.

The whole technology needs to be revised if someone really cares about users' privacy. But since most of the world will keep on using IE for the next 5-10 years, I doubt any change will be feasible. *All* browsers, not only IE, will have to implement something completely new, so that this new technology would work. And I predict marketers' outcry if such a change is to be implemented.

As for the geeks there are many options available, I for one create a symbolic link from ~/.adobe/Flash_Player and ~/.macromedia to /dev/shm/. After I power off/reboot my PC all flash cookies are gone. Disabling these directories (like suggested earlier) isn't the best idea because some flash clips won't work correctly when local storage is disabled altogether.

Firefox plugin solves the problem

[Daedalon]

BetterPrivacy has worked for me over a year. Can be set to remove all of these LSOs ("supercookies") on browser exit. Can be set to delete by timer or manually when erasing other history information. Can be set to notify when a new LSO is stored.

The only caveat is that to not lose any Flash game saves, you need to add the cookies or the domains hosting them to the exception list.

Firefox BetterPrivacy add-on should help.

https://addons.mozilla.org/en-US/firefox/addon/6623/

Monopoly or customer service

[tepples]

If the site requires the ability to store flash evercookies as a cost of viewing the site, I'm OK with not being able to see their content.

Unless it is the web site of one of your suppliers (which holds a near-monopoly in the industry) or one of your clients.

DHTML was the first stretch

[tepples]

HTML has been stretched way beyond its original intent - to deliver static, stateless text-based documents.

HTML is simply a document markup language. It hasn't been "stretched" in any way. What are all those extensions that distorted HTML?

As I understand AC's sentiment, the stretching began when web browsers provided a scripting language with a DOM to modify the displayed document.

Opted out of tracking? Register or log in.

[tepples]

Internet sites should be required to not even try to track us, and honor a 'Universal Do-Not-Try-To-Track' cookie.

Web sites that encounter people who have opted out of tracking cookies will likely require them to register and log in before reading an article beyond the first paragraph. If most of the major news sites do this, starting with Fox News (and other Murdoch properties) and spreading to competitors, watch people opt back in.

JS == AS1, but AS2 and AS3 != AS1

[tepples]

ActionScript isn't like JavaScript? They are both based on ECMA Script, they are very similar as languages.

AS1 was Flash's direct counterpart to JavaScript. AS2 and AS3, on the other hand, added static typing and class-based as opposed to prototype-based inheritance. See AS timeline on Wikipedia.

Re:JS == AS1, but AS2 and AS3 != AS1

[ThePromenader]

Hey, I have to agree. I stopped using actionscript with version 2.0 (a version backwards-compatible with AS 1.0).

My major misgiving with flash is not the language it uses, but its insistence on putting proprietary brackets around functions that most any computer should be able to handle - or in other words, it's beyond its time. Shouldn't modern browsers be capable of natively handling image/video/graphic manipulation scripts? They are - but only through javascript. And yes, Javascript is a b*tch to program to Flash-comparable results.

Re:BetterPrivacy Plugin for Firefox will delete LS

helps to stop the problem in the fire place.

Creosote?

Ouch.

[Brannon]

Why!??!

Can you run arbitrary code on your microwave?

[Brannon]

cablebox? refrigerator?

Sounds like you have a beef about nearly every electronic device you own.

Re:BetterPrivacy Plugin for Firefox will delete LS

[GameboyRMH]

On this topic, here's my full suite of Firefox security/privacy plugins to date, and I'm on the bleeding edge of this shit so I know what I'm talking about:

The Absolute Must List (that your browser is total swiss cheese without):

NoScript
FlashBlock
BetterPrivacy
Nevercookie (beta)

Other Plugins I Highly Recommend:

Perspectives
CertPatrol
HTTPS Everywhere

What's Needed Next:

A plugin to handle HTML5 local storage like BetterPrivacy does for Flash LSOs

A better version of User Agent Switcher that sets the user agent to something generic by default (Mozilla-based browser on "x86" running "Linux", regardless of the CPU architecture or OS, since it's none of your damn business)

Steve Jobs, accidentally right again...film at 11

[Brannon]

What were the wrong reasons that he supposedly had for getting rid of Flash?--because it seems like exactly the same reasons you mentioned.