Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Adobe Flash
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Criticisms== ===Mobile support=== Websites built with Adobe Flash will not function on most modern mobile devices running [[Google Android]] or [[iOS]] ([[iPhone]], [[iPad]]). The only alternative is using HTML5 and [[responsive web design]] to build websites that support both desktop and mobile devices. However, Flash is still used to build mobile games using Adobe AIR. Such games will not work in mobile web browsers but must be installed via the appropriate [[app store]]. ===Vendor lock-in=== {{See also|Vendor lock-in}} The reliance on Adobe for decoding Flash made its use on the [[World Wide Web]] a concern—the completeness of its public specifications are debated, and no complete implementation of Flash is publicly available in [[source code]] form with a license that permits reuse. Generally, public specifications are what makes a format re-implementable (see [[Future proof#Data storage|future proofing data storage]]), and reusable codebases can be [[Software portability|ported]] to new platforms without the endorsement of the format creator. Adobe's restrictions on the use of the SWF/FLV specifications were lifted in February 2009 (see [[#Open Screen Project|Adobe's Open Screen Project]]). However, despite efforts of projects like Gnash, [[Swfdec]], and [[Lightspark]], a complete free Flash player is yet to be seen, as of September 2011. For example, Gnash cannot use SWF v10 yet.<ref>{{cite web |url=https://www.gnu.org/s/gnash/ |title=Gnash homepage |access-date=September 4, 2011 |publisher=Gnu.org |archive-date=September 16, 2011 |archive-url=https://web.archive.org/web/20110916090710/http://www.gnu.org/s/gnash/ |url-status=live }}</ref> Notably, Gnash was listed on the [[Free Software Foundation#High priority projects|Free Software Foundation's high priority list]], from at least 2007, to its removal in January 2017.<ref>{{cite web | url=https://www.fsf.org/campaigns/priority-projects/changelog | title=Changelog for the High Priority Projects list | publisher=Free Software Foundation | access-date=January 21, 2017 | archive-date=January 29, 2017 | archive-url=https://web.archive.org/web/20170129093713/https://www.fsf.org/campaigns/priority-projects/changelog | url-status=live }}</ref> Notable advocates of free software, open standards, and the World Wide Web have warned against the use of Flash: The founder of [[Mozilla Europe]], [[Tristan Nitot]], stated in 2008:<ref>{{cite news |url=http://news.zdnet.com/2424-3515_22-199508.html |title=Mozilla warns of Flash and Silverlight 'agenda' |last=Nitot |first=Tristan |work=[[ZDNet]] |date=April 29, 2008 |access-date=September 4, 2011 |url-status=dead |archive-url=https://web.archive.org/web/20081227145942/http://news.zdnet.com/2424-3515_22-199508.html |archive-date=December 27, 2008 }}</ref> <blockquote>Companies building websites should beware of proprietary [[rich-media]] technologies like Adobe's Flash and Microsoft's Silverlight. (...) You're producing content for your users and there's someone in the middle deciding whether users should see your content.</blockquote> Representing open standards, inventor of [[Cascading Style Sheets|CSS]] and co-author of HTML5, [[Håkon Wium Lie]] explained in a Google tech talk of 2007, entitled "the <video> element", the proposal of [[Theora]] as the format for [[HTML video]]:<ref>{{cite web |url=https://www.youtube.com/watch?v=juer_YCitJE&t=11m50s | archive-url=https://ghostarchive.org/varchive/youtube/20211030/juer_YCitJE| archive-date=2021-10-30|title=Håkon Wium Lie on the video element in HTML 5 |access-date=2014-08-14 |via=YouTube |date=2007-03-29}}{{cbignore}}</ref> <blockquote>I believe very strongly, that we need to agree on some kind of baseline video format if [the video element] is going to succeed. Flash is today the baseline format on the web. The problem with Flash is that it's not an open standard.</blockquote> Representing the [[free software movement]], [[Richard Stallman]] stated in a speech in 2004 that:<ref>{{cite web |url=https://www.youtube.com/watch?v=aYNLYIDZN48&t=22m52s | archive-url=https://ghostarchive.org/varchive/youtube/20211030/aYNLYIDZN48| archive-date=2021-10-30|title=Richard Stallman on The free software movement and its challenges |access-date=2014-08-14 |date=2004-10-13 |publisher=Google Video |location=Australian National University, Canberra, Australia}}{{cbignore}}</ref> "The use of Flash in websites is a major problem for our community." ===Accessibility and usability=== Usability consultant [[Jakob Nielsen (usability consultant)|Jakob Nielsen]] published an Alertbox in 2000 entitled, ''Flash: 99% Bad'', stating that "Flash tends to degrade websites for three reasons: it encourages design abuse, it breaks with the Web's fundamental interaction principles, and it distracts attention from the site's core value."<ref>{{cite web|url=http://www.useit.com/alertbox/20001029.html|title=Flash: 99% Bad|last=Nielsen|first=Jakob|date=October 29, 2000|access-date=February 21, 2009|archive-date=February 16, 2009|archive-url=https://web.archive.org/web/20090216231119/http://www.useit.com//alertbox//20001029.html|url-status=live}}</ref> Some problems have been at least partially fixed since Nielsen's complaints: text size can be controlled using full page zoom and it has been possible for authors to include alternative text in Flash since Flash Player 6. ===Flash blocking in web browsers=== [[File:Noflash.png|thumb|Some websites rely heavily on Flash and become unusable without Flash Player, or with Flash blocked.]] Flash content is usually embedded using the <code>object</code> or <code>embed</code> [[HTML element]].<ref>{{cite web |url=http://validator.w3.org/docs/help.html#faq-flash |title=Help for The W3C Markup Validation Service |publisher=Validator.w3.org |access-date=January 26, 2012 |archive-date=May 13, 2013 |archive-url=https://web.archive.org/web/20130513233210/http://validator.w3.org/docs/help.html#faq-flash |url-status=live }}</ref> A web browser that does not fully implement one of these elements displays the replacement text, if supplied by the web page. Often, a plugin is required for the browser to fully implement these elements, though some users cannot or will not install it. Since Flash can be used to produce content (such as advertisements) that some users find obnoxious or take a large amount of bandwidth to download, some web browsers, by default, do not play Flash content until the user clicks on it, e.g. [[Konqueror]], [[K-Meleon]]. Most current browsers have a feature to block plugins, playing one only when the user clicks it. Opera versions since 10.5 feature native Flash blocking. Opera Turbo requires the user to click to play Flash content, and the browser also allows the user to enable this option permanently. Both Chrome<ref>{{cite web |url=http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure/ |title=How to Enable Flashblock in Chrome (And Make it 5000% More Secure) |date=8 April 2011 |publisher=How-to Geek |access-date=18 August 2012 |archive-date=August 18, 2012 |archive-url=https://web.archive.org/web/20120818142048/http://www.howtogeek.com/58058/how-to-enable-flashblock-in-chrome-and-make-it-5000-more-secure |url-status=live }}</ref> and Firefox<ref>{{cite web |url=http://www.ghacks.net/2012/03/29/firefox-14-to-get-click-to-play-plugin-feature/ |title=Firefox 14 To Get Click To Play Plugin Feature |date=29 March 2012 |publisher=ghacks.net |access-date=18 August 2012 |archive-date=August 28, 2012 |archive-url=https://web.archive.org/web/20120828055445/http://www.ghacks.net/2012/03/29/firefox-14-to-get-click-to-play-plugin-feature/ |url-status=live }}</ref> have an option to enable "click to play plugins". Equivalent "Flash blocker" extensions are also available for many popular browsers: Firefox has [[Flashblock]] and [[NoScript]], Internet Explorer has Foxie, which contains a number of features, one of them named Flashblock. WebKit-based browsers under macOS, such as Apple's Safari, have ClickToFlash.<ref>{{cite web|url=https://hoyois.github.com/safariextensions/clicktoplugin/|title=ClickToFlash|access-date=July 27, 2011|archive-date=March 2, 2013|archive-url=https://web.archive.org/web/20130302225135/http://hoyois.github.com/safariextensions/clicktoplugin/|url-status=dead}}</ref> In June 2015, Google announced that Chrome will "pause" advertisements and "non-central" Flash content by default.<ref>{{cite web|url=https://chrome.googleblog.com/2015/06/better-battery-life-for-your-laptop.html|title=Better battery life for your laptop|access-date=February 15, 2017|archive-date=February 8, 2017|archive-url=https://web.archive.org/web/20170208162304/https://chrome.googleblog.com/2015/06/better-battery-life-for-your-laptop.html|url-status=live}}</ref> [[Firefox]] (from version 46) rewrites old Flash-only [[YouTube]] embed code into YouTube's modern embedded player that is capable of using either [[HTML video]] or Flash.<ref name="firefox_embed_rewrite">{{cite web|title=QA/Youtube Embedded Rewrite|url=https://wiki.mozilla.org/QA/Youtube_Embedded_Rewrite|access-date=21 May 2016|archive-date=August 22, 2016|archive-url=https://web.archive.org/web/20160822103316/https://wiki.mozilla.org/QA/Youtube_Embedded_Rewrite|url-status=live}}</ref> Such embed code is used by non-YouTube sites to embed YouTube's videos, and can still be encountered, for example, on old blogs and forums. However, there are ways to pass this error in absence of flash player by deleting the validation code in HTML. This also depends on browser vision. ===Security=== {{See also|Adobe Flash Player#Security|Browser security#Plugins and extensions}} For many years Adobe Flash Player's security record<ref>{{cite web|url=https://helpx.adobe.com/security.html#flashplayer|title=Security bulletins and advisories|access-date=March 27, 2010| archive-url= https://web.archive.org/web/20100406041941/http://www.adobe.com/support/security/| archive-date= April 6, 2010 | url-status= live}}</ref> has led many security experts to recommend against installing the player, or to block Flash content.<ref>{{cite news|url=http://news.cnet.com/8301-27080_3-10396326-245.html|work=[[ZDNet]]|title=Expert says Adobe Flash policy is risky|date=November 12, 2009|access-date=March 27, 2010|archive-date=April 26, 2011|archive-url=https://web.archive.org/web/20110426041823/http://news.cnet.com/8301-27080_3-10396326-245.html|url-status=dead}}</ref><ref>{{cite web|url=https://www.zdnet.com/article/protect-yourself-from-flash-attacks-in-internet-explorer/|title=Protect yourself from Flash attacks in Internet Explorer|website=[[ZDNet]]|date=September 9, 2012|access-date=July 7, 2013|quote=I recommend that you disable the Shockwave Flash add-on in IE completely|archive-date=June 19, 2013|archive-url=https://web.archive.org/web/20130619110939/http://www.zdnet.com/protect-yourself-from-flash-attacks-in-internet-explorer-7000003921/|url-status=live}}</ref> The [[United States Computer Emergency Readiness Team|US-CERT]] has recommended blocking Flash,<ref>{{cite web|url=https://www.us-cert.gov/publications/securing-your-web-browser|title=Securing Your Web Browser|access-date=March 27, 2010|archive-url=https://web.archive.org/web/20100326131333/http://www.us-cert.gov/reading_room/securing_browser/|archive-date=March 26, 2010|url-status=dead}}</ref> and security researcher [[Charlie Miller (security researcher)|Charlie Miller]] recommended "not to install Flash";<ref>{{cite web|url=http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/|title=Pwn2Own 2010: interview with Charlie Miller|date=March 1, 2010|access-date=March 27, 2010|archive-url=https://web.archive.org/web/20110424022058/http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/|archive-date=April 24, 2011|url-status=dead}}</ref> however, for people still using Flash, [[Intego]] recommended that users get trusted updates "only directly from the vendor that publishes them."<ref>{{cite web|title=How to Tell if Adobe Flash Player Update is Valid|url=http://www.intego.com/mac-security-blog/how-to-tell-if-adobe-flash-player-update-is-valid/|publisher=Intego|access-date=9 April 2013|date=March 8, 2013|archive-date=May 17, 2013|archive-url=https://web.archive.org/web/20130517010423/http://www.intego.com/mac-security-blog/how-to-tell-if-adobe-flash-player-update-is-valid/|url-status=live}}</ref> Adobe Flash Player has over 1078 [[Common Vulnerabilities and Exposures|CVE]] entries,<ref>{{cite web|url=http://www.cvedetails.com/product/6761/Adobe-Flash-Player.html?vendor_id=53|title=Adobe Flash Player : CVE security vulnerabilities, versions and detailed reports|access-date=February 12, 2015|quote=291 total vulnerabilities|archive-date=March 7, 2015|archive-url=https://web.archive.org/web/20150307184945/http://www.cvedetails.com/product/6761/Adobe-Flash-Player.html?vendor_id=53|url-status=live}}</ref> of which over 842 lead to [[arbitrary code execution]], and past vulnerabilities have enabled spying via web cameras.<ref>{{cite web|url=http://www.h-online.com/security/news/item/Adobe-remedies-webcam-spy-hole-in-Flash-1364631.html|title=Adobe remedies webcam spy hole in Flash|access-date=April 4, 2012|archive-date=June 3, 2012|archive-url=https://web.archive.org/web/20120603124549/http://www.h-online.com/security/news/item/Adobe-remedies-webcam-spy-hole-in-Flash-1364631.html|url-status=live}}</ref><ref>{{cite web|url=http://www.h-online.com/security/news/item/Flash-Player-as-a-spy-system-1073161.html|title=Flash Player as a spy system|access-date=April 4, 2012|archive-date=March 10, 2012|archive-url=https://web.archive.org/web/20120310071434/http://www.h-online.com/security/news/item/Flash-Player-as-a-spy-system-1073161.html|url-status=live}}</ref><ref name="FlashSettings">{{cite web |url=http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html |title=Adobe Flash Player Settings Manager |publisher=Adobe Systems |access-date=July 1, 2010 | archive-url= https://web.archive.org/web/20100620070041/http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html| archive-date= June 20, 2010 | url-status= live}}</ref><ref>{{cite web|url=http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html|title=Global Privacy Settings panel|publisher=Adobe Systems|access-date=April 4, 2012|archive-date=April 4, 2012|archive-url=https://web.archive.org/web/20120404054214/https://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html|url-status=live}}</ref> Security experts have long predicted the demise of Flash, saying that with the rise of HTML5 "...the need for browser plugins such as Flash is diminishing".<ref>{{cite web|url=http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf|title=Sophos Security Threat Report 2013|publisher=Sophos|pages=11, 24|date=December 2012|access-date=May 9, 2010|archive-url=https://web.archive.org/web/20130203145927/https://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf|archive-date=February 3, 2013|url-status=dead}}</ref> Active moves by third parties to limit the risk began with [[Steve Jobs]] in 2010 saying that Apple would not allow Flash on the [[iPhone]], [[iPod Touch]], and [[iPad]] – citing abysmal security as one reason.<ref name="thoughtsFlash">{{Cite web |url=https://www.apple.com/hotnews/thoughts-on-flash/ |title=Thoughts on Flash |first=Steve |last=Jobs |publisher=Apple.com |date=April 29, 2010 |access-date=2012-06-18|archive-url=https://web.archive.org/web/20120612011820/http://www.apple.com/hotnews/thoughts-on-flash/|archive-date=2012-06-12|url-status=dead}}</ref> Flash often used the ability to dynamically change parts of the runtime on languages on OSX to improve their own performance, but caused general instability. In July 2015, a series of newly discovered vulnerabilities resulted in [[Facebook]]'s chief security officer, [[Alex Stamos]], issuing a call to Adobe to discontinue the software entirely<ref name="stamos">{{cite web|url=https://www.theverge.com/2015/7/13/8948459/adobe-flash-insecure-says-facebook-cso|title=Facebook's new chief security officer wants to set a date to kill Flash|first=James|last=Vincent|website=The Verge|date=July 13, 2015|access-date=July 14, 2015|archive-date=July 13, 2015|archive-url=https://web.archive.org/web/20150713193019/http://www.theverge.com/2015/7/13/8948459/adobe-flash-insecure-says-facebook-cso|url-status=live}}</ref> and the [[Mozilla Firefox]] web browser, [[Google Chrome]], and [[Safari (web browser)|Apple Safari]] to blacklist all earlier versions of Flash Player.<ref name=ars-flashblockfirefox>{{cite web|title=Firefox blacklists Flash player due to unpatched 0-day vulnerabilities|url=https://arstechnica.com/security/2015/07/firefox-blacklists-flash-player-due-to-unpatched-0-day-vulnerabilities/|website=Ars Technica|publisher=Condé Nast|access-date=15 July 2015|date=July 14, 2015|archive-date=July 4, 2017|archive-url=https://web.archive.org/web/20170704095644/https://arstechnica.com/security/2015/07/firefox-blacklists-flash-player-due-to-unpatched-0-day-vulnerabilities/|url-status=live}}</ref><ref>{{cite web|title=Adobe Flash has been blocked because it's out of date|url=https://support.google.com/chrome/answer/6258784|website=Google Support|access-date=20 October 2015|archive-date=January 1, 2016|archive-url=https://web.archive.org/web/20160101081846/https://support.google.com/chrome/answer/6258784|url-status=live}}</ref><ref name=flashblocksafari>{{cite web|title=Apple blocks old, unsafe Adobe Flash plug-in versions in OS X Safari|url=https://appleinsider.com/articles/15/10/20/apple-blocks-older-adobe-flash-plug-in-versions-on-os-x|website=Apple Insider|date=October 20, 2015|access-date=24 October 2015|archive-date=July 24, 2020|archive-url=https://web.archive.org/web/20200724234016/https://appleinsider.com/articles/15/10/20/apple-blocks-older-adobe-flash-plug-in-versions-on-os-x|url-status=live}}</ref> ===Flash cookies=== {{Main|Local shared object}} Like the [[HTTP cookie]], a [[flash cookie]] (also known as a "[[Local Shared Object]]") can be used to save application data. Flash cookies are not shared across [[Domain name|domains]]. An August 2009 study by the [[Ashkan Soltani]] and a team of researchers at [[UC Berkeley]] found that 50% of websites using Flash were also employing flash cookies, yet privacy policies rarely disclosed them, and user controls for [[Adobe Flash Player#Privacy|privacy preferences]] were lacking.<ref>{{cite journal|ssrn=1446862|title=Flash Cookies and Privacy|date=August 10, 2009 |last1=Soltani |first1=Ashkan |last2=Canty |first2=Shannon |last3=Mayo |first3=Quentin |last4=Thomas |first4=Lauren |last5=Hoofnagle |first5=Chris Jay |journal=SSRN eJournal |publisher=[[University of California, Berkeley School of Law]] }}</ref> Most browsers' cache and history suppress or delete functions did not affect Flash Player's writing Local Shared Objects to its own cache in version 10.2 and earlier, at which point the user community was much less aware of the existence and function of Flash cookies than HTTP cookies.<ref>{{cite web|url=http://epic.org/privacy/cookies/flash.html|title=Local Shared Objects – "Flash Cookies"|publisher=Electronic Privacy Information Center|date=July 21, 2005|access-date=March 8, 2010|archive-url=https://web.archive.org/web/20100416041024/http://epic.org/privacy/cookies/flash.html|archive-date=April 16, 2010|url-status=dead}}</ref> Thus, users with those versions, having deleted HTTP cookies and purged browser history files and caches, may believe that they have purged all tracking data from their computers when in fact Flash browsing history remains. Adobe's own Flash [https://web.archive.org/web/20120404195828/http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html Website Storage Settings panel], a submenu of the [https://web.archive.org/web/20100620070041/http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html Settings Manager web application], and other [[Local Shared Object#Editors and toolkits|editors and toolkits]] can manage settings for and delete Flash Local Shared Objects.<ref>{{cite web|url=http://kb2.adobe.com/cps/526/52697ee8.html|title=How to manage and disable Local Shared Objects|publisher=Adobe Systems Inc.|date=September 9, 2005|access-date=March 8, 2010<!--DASHBot-->|archive-date=February 18, 2010|archive-url=https://archive.today/20100218135619/http://kb2.adobe.com/cps/526/52697ee8.html|url-status=live}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Adobe Flash
(section)
Add topic
