Microsoft Edge Will Start Automatically Pausing Less Important Flash Content

An anonymous reader cites an article on VentureBeat: Microsoft Edge will "intelligently auto-pause" Flash content that is "not central to the webpage." If you want to try this out now, you can take the feature for a spin with Windows 10 build 14316, which was recently made available to Windows Insiders. Peripheral content like animations or advertisements built with Flash will be displayed in a paused state unless the user explicitly clicks to play that content. This significantly reduces power consumption and improves performance while preserving the full fidelity of the page. Flash content that is central to the page, like video and games, will not be paused. Microsoft wrote in a blog post, "We encourage the web community to continue the transition away from Flash and towards open web standards. We are planning for and look forward to a future where Flash is no longer necessary as a default experience in Microsoft Edge."

Option to Disable Autoplay

[ohnocitizen]

All browsers should have the ability to pause autoplay content (videos with sound especially) by default. This would be a game changer. Chrome has this: An article with an ironic autoplay advertisement.

Re:At least Flash is easy to block.

[gstoddart]

Which is why Javascript also needs to be much more tightly controlled than simply running any damned thing on the page.

Your average web page has 10-20 3rd parties, all of which want to run javascript, flash, set cookies, and do a host of other crap. Advertising has pretty much fucked up the permission model of the internet by saying "you need to let every asshole run anything they want because you have no idea if it's part of the functionality of the site or an ad, but we just assume you'll let it all run".

Yeah, sorry, no. Flash is straight up disabled or uninstalled. I'll selectively whitelist sites who I trust, or at least temporarily do so. But almost no 3rd party scripts or content are EVER allowed ... because I don't want ads, and because I don't trust random web pages to run scripts. Because they're not trustworthy.

If Javascript has only one big namespace, then maybe that needs to be fixed? Security holes like cross-site scripting and other stuff are enabled by web sites insisting they be able to write the most presumptively insecure code and then let it be the user's problem.

This stuff needs to be sandboxed, treated like it's potentially hostile, and locked down from being able to do anything to the host computer. Instead what we have is stuff running which we have no idea what it is, which may or may not be malicious, and which can actively impact the host machine.

It's time we stopped treating web pages like they're trusted by default, because so much of the web these days simply can't be trusted.

Stop letting the advertisers tell us how the internet should work, and stop letting them be the ones who cause the damned thing to be insecure in the first place.