A privacy and potential security Flash scare

Adobe Flash Player has stopped a potentially unsafe operation

Because of some poorly formed intranet pages, I was only able to view them in Safari this morning for some reason. Because I already had that browser open I started opening several tabs and going to news sites etc. I clicked on one link and the above error message appeared after a few second long delay where the browser seemed to have completely crashed. Needless to say, it scared the heck out of me!

As a guy who usually uses Mozilla Firefox with more security plugins than ASIO or MI5, I’m used to strictly not having any dynamic content such as JavaScript, Flash, ChuckPeddle or even cookies load, execute or save data without my explicit permission: full stop, put the book down, have a cup of tea. The downside to doing this is a tiny percentage of pages break quite badly, but often adding them to your whitelist or temporarily allowing them in NoScript and the like will fix the problem.

Icon from the Tango Desktop ProjectPeople have told me I’m paranoid, but this little episode shows there really is value in doing this. If Adobe hadn’t included this check, personal information could have been transmitted to a third party. In fact, I used a web browser even as late as last year that didn’t include any of these security and privacy features, so for how long was I loading Flash files that could transmit information without my knowledge? I’d rather not think about it.

I talked about the Firefox privacy and security extensions I use in a previous post this month.

If you’re using my beloved Camino, as far as I know you can’t selectively add sites to a JavaScript whitelist, (hence my heavy hearted decision to move back to Firefox), but you can go into the Preferences pane and disable Flash. Don’t worry, if you go to a site like YouTube that needs it, you can always click the little Flash logo over the blocked content to view it.