Facebook Disabled Flash For Video Finally

Use Netsparker


So Facebook disabled Flash for video finally, sadly it’s still there for games but a large use case for it just went out the window. And really, it’s not surprising after the recent mega patch in Adobe Flash that fixed 78 CVE classified vulnerabilities.

Facebook Disabled Flash For Video Finally

There’s just no good reason for anyone to still be using Flash and browsers, if they don’t block it completely, should at minimum make it click to enable on a site by site basis.

That doesn’t guarantee safety though with Flash vulnerabilities floating around in drive-by malware hiding in Flash based ad units. Just say no to Flash.

Facebook has hammered another nail in to the coffin of Adobe Flash, by switching from the bug-ridden plug-in to HTML5 for all videos on the site.

The Social NetworkTM explained the move by saying “Moving to HTML5 best enables us to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.”

Flash hasn’t been completely banished: Facebook says it is “continuing to work together with Adobe to deliver a reliable and secure Flash experience for games on our platform.”

Facebook’s Daniel Baulig writes that going to HTML5 means the company can “tap into the excellent tooling that exists in browsers, among the open source community, and at Facebook in general. Not having to recompile code and being able to apply changes directly in the browser allow us to move fast.”

“HTML5 made it possible for us to build a player that is fully accessible to screen readers and keyboard input,” Baulig added, going on to explain that the standard will make it easier to develop for people with visual impairments.


Less of the web is becoming reliant on Flash with video being one of the big hold outs, Youtube moved away earlier this year – but most WordPress plugins, private sites players and anyone else playing or streaming video still use Flash based players.

With a big site like Facebook going fully HTML5 for video, it should lead the way and push people in the right direction (hopefully).

But HTML5 is no panacea: Baulig wrote that “we noticed that a lot of the older browsers would simply perform worse using the HTML5 player than they had with the old Flash player.”

“We saw more errors, longer loading times, and a generally worse experience.”

The Social NetworkTM therefore moved to HTML5 for newer browsers some time ago, adding more browsers over time has improved its video player. As of December 19th, however, it’s all HTML5 all the time, no matter the browser with which you venture into The House That Zuck Built.

And The House always wins: Baulig says “People like, comment, and share more on videos after the switch, and users have been reporting fewer bugs. People appear to be spending more time with video because of it.”

As Baulig’s post points out, Facebook operates at unusual scale and therefore has unusual needs. Yet the site’s considerable influence means developers everywhere are likely to be asked to consider this decision before long, not least because YouTube’s also flushed Flash.

It’s one thing I am grateful to Apple for – leading the anti-Flash movement since the very beginning. Can’t blame them really, why implement such an insecure piece of software into your walled garden.

I don’t see the big Facebook games reimplementing in HTML5 any time soon unless Facebook forces their hand, I hope it’s already tabled though and Facebook has given a deadline to totally stop the use of Flash on the platform.

Source: The Register

Posted in: Exploits/Vulnerabilities

, , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Comments are closed.