Published on by

For years I have been advocating against Adobe Flash Player. My arguments have been:

  • It makes websites and their content less accessible for both normal people and for those with disabilities — try bookmarking a specific page on a purely Flash based website, copying text, using text-to-speech technology, or using your specific stylesheet to set fonts, foreground and background color.
  • Because the Flash file can also contain images, fonts, and video, and because there is no way to control what will be downloaded, it requires considerably more bandwidth and is thus discriminating against people with no broadband access in rural areas all over the world. Moreover, the bandwidth costs considerably more when you are surfing the web via mobile device such as your cell phone.
  • It is a proprietary closed-source technology — you cannot know what code it is executing.
  • It is taxing your CPU because Flash player, like any other bytecode interpreter, is inefficient compared to native code, and because developers writing Flash applications are writing (or even worse copy-pasting) very low quality code. This low quality code is a direct consequence of rapid development tools which enable everyone and their grandmother to dabble in code creation, a task which 30 years ago required considerable knowledge, good hardware and software platform understanding, and common sense.
  • By consuming more resources, it considerably reduces the autonomy of your mobile device be it a notebook or a Flash enabled cell phone.
  • It is used by many websites to bypass your web browser's cookie control mechanism, and thus invade your privacy (if you use Firefox browser you can install BetterPrivacy add-on to prevent this).
  • It is mostly being (ab)used for shoveling obnoxious epileptic seisure inducing advertisement into your browser window.

Unfortunately, with the advent of web services such as YouTube and Hulu, Flash Player became "necessary" part of our browsing experience. Web browsers would persistently nag you to "install additional plugins to be able to view the content" and soon foot was in the door, there was no computer left that didn't have Adobe Flash Player installed.

This "popularity" made Flash Player a target for hackers and cyber-criminals alike — soon various exploits started to show up, and neverending patch the hole / find new exploit race between Adobe developers and people with malicious intent has begun. To stay ahead in this game Adobe developers implemented auto-update technology for Flash Player.

That auto-update feature is exactly what prompted me to write this rant. Today when I powered up my PC I was greeted with the following dialog:

FlashUtil10g_Plugin.exe

What is wrong with that?

  1. I was not presented with an option to use auto-update when I installed Flash Player.
  2. FlashUtil10g_Plugin.exe file which presents this dialog resides in WINDOWS folder hierarchy, not in Program Files, which is bad security practice.
  3. Mechanism by which FlashUtil10g_Plugin.exe gets executed on a schedule is concealed — I could not find it registered in common autorun locations. This behavior is typical for spyware and malware because they do not want you to be able to "accidentally" remove it.
  4. Adobe Flash Player settings are not easily discoverable — you need to launch your browser and estabilish connection with Adobe's website to be presented with settings manager embedded into a webpage.
  5. Being integral part of Adobe's webpage theoretically allows Adobe to have full insight into your Flash Player settings — which sites you have visited, allowed or denied access, etc.

All this prompted me to revisit my Flash Player settings and to witness feature creep first hand — enter Peeer-Assisted Networking:

Peer-Assisted Networking

In my opinion, introducing such a feature without explicit user consent during installation, and leaving it enabled by default for all websites is pure evil.

Not only it is yet another security risk, a nightmare for corporate network administrators, but it can also set you back for a significant amount of money if your Internet access plan involves paying for the amount of data transferred which is the most common method of payment for Internet access on mobile devices such as cell phones.

For me it is now totally obvious why Apple's CEO Steve Jobs has refused to allow Flash Player on iPhone and iPad. I sincerely hope that HTML5 will take off, and put an end to the tyranical reign of Adobe Flash technology.