James Delahunty
1 Oct 2015 21:39
Why is everybody seemingly running with open arms to HTML5, and away from Adobe Flash?
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
Back in 2007, it was considered a drawback that Apple would snub Adobe's Flash plugin in the browser on its brand new iPhone, and it would later continue to ignore Flash products in future iPhones, iPods and iPads. Adobe even stated that Apple's decision meant that users were being denied a full web experience, citing the extremely high rate of Flash support on Desktop web browsers and its use on millions of webpages.
It wasn't until 2010 that Steve Jobs explained to customers why Flash won't be supported in Apple's mobile products. Chief among Jobs' concerns were the proprietary nature of Flash, its chequered security track record and its efficiency for video playback. Jobs' favoured the comparably open HTML5 standard to Flash, and the advantage of hardware decoding for H.264 video (which Flash supported by then, but hardware decoding support was inconsistent between sites).
Security concerns stood out for Jobs for good reason. The Adobe Flash plugin for major web browsers has been a consistent target for hackers seeking vulnerabilities as a means to attack web users. New Adobe Flash security flaws are still very common, and it seems Adobe is in a constant race to save the image of Flash.
Earlier this year, Mozilla temporarily disabled the Flash plugin by default in its browsers because of security flaws, reversing the move later when fixes were available. Google also decided to implement changes in Chrome that will pause Flash elements that aren't part of a webpage's core content.
The big boys are snubbing Flash!
On the content side, Flash is being pushed out by an increasing number of platforms and sites. YouTube now streams its videos with a HTML5 player by default, for example. Facebook still shows some videos in Flash, but it won't help Adobe that Alex Stamos, Chief Security Officer (CSO) at Facebook believes that Adobe needs to kill Flash.
BBC iPlayer - a tremendously popular video content platform in the UK - is also set to welcome HTML5 with open arms at the inevitable expense of Flash. It is currently testing a beta of a HTML5 player that iPlayer viewers can check out by visiting a HTML5 Player beta page.
"We're now confident we can achieve the playback quality you'd expect from the BBC without using a third-party plugin," wrote James East, Product Manager in Media Playout.
Should you keep Flash?
Flash is not likely to be dead any time soon. It is still used to deliver video content by several major platforms on some browsers and there are still many Flash-based games played in-browser. It is also used for a lot of interactive / video advertisements.
All that said, it has definitely declined in necessity for the average web user, to the point that completely removing the plug-in and software from your device is not likely to harm your web experience all that much, and let's be honest, it would eliminate one routinely-exploited attack vector.
Even as Flash updates are pushed out in response to discoveries of vulnerabilities, many users can still be left at risk because they haven't updated the plug-in. Then there's performance, where you may not want Flash videos to automatically start playing when you load a webpage, for example.
A good middle-ground proposal would be to stop Flash content from loading automatically in a browser. You can do this in Chrome, for example, by going to chrome://settings/content and changing "Plug-ins" to "Let me choose when to run plug-in content".