We’re no longer talking about recording the keystrokes or URL referrer logs of an individual ‘computer user’. Now we’re talking about video and audio recording of EVERYONE in the same room, office, cubicle, proximity etc - regardless of whether or not those inhabitants of the pc’s vicinity have granted a “perpetual allowance” to be spied upon.

You can’t possibly be suggesting, via the “phone bug” analogy that because some government agencies have the ability to legally bug our telephones, we should give Flash enabled advertisers the ability to bug our homes as well?

Secondly, no one in their right mind would grant a “permanent allowance” to be spied upon by any advertising company, would they?

This seems to be a worthless-garbage-novelty feature that detracts from the many nice features of Flash MX and player. Its inclusion should be seriously reconsidered in upcoming versions.

Dude you're out to lunch.

Your telephone receiver could be used as a listening device (or bug) in much the same manner and is even more accessible than Flash technology.

One could argue that you have to physically pick-up the receiver in order to allow for any communication...well it's the same for the Flash player.

The player can't do anything unless you explicitly give it permission to do so in EVERY instance.

Cheers

This is total bullshit. No company is going to use the Mickey Mouse Flash MX video capabilities for any type of serious intra or inter company communications. The defenders of this crap must be some priggish techno-nerd-dork-shills working for those freaking advertising bastards.

Tom is a dufus.

What a paranoia attack this guy is having.

I just posted this over at JD's MX blog, where we are conversing about the issue of risk. What I keep coming back to is that the belief common to the techno-community that the effects of technological innovation can be (a) predicted, (b) managed securely and (c) communicated with a minimum of muss and fuss is perhaps a tad overly sanguine:

I think I can see more clearly now how the gap between producer and end user is less just a fillable hole and more like a discontinuity. You invite me to point to "ambiguities," but the problem is that we are less in a realm of ambiguity - a relatively mild form of semantic suspense - than in a mode of radical uncertainty. See, for example, a comment like this on a blog I just now ran across:

"I don't believe the reassurances that users will have to click "allow" because we already see the tendencies of interfaces to use default settings and "opt out" clauses that are very hard for newbies to be aware of or even find--these border collie web-style herding exercises online being mostly practiced by Microsoft in setting browser defaults for the helper PLUGINs. Yeah, them again." (from http://radio.weblogs.com/0109581/2002/11/27.html)

The point is, we are beyond clarifying ambiguous speech and far into the realm of trust, confusion, and potential mischief. There is no way some privacy manual is going to dispel this. I do have one suggestion: Every ad and every instance of Flash 6 which carries this capability should have a warning label clearly in evidence: e.g., "Caution - this ad could be watching or listening to you - click for details." Anything less obtrusive just doesn't meet the standard for respecting the privacy of people at home or at work.

Edited by author 11-27-2002 02:35 PM
The lemur has emailed a couple more host file links: this and this.

Your privacy concerns are indeed important. But I think it's worth looking at this from a practical point of view: say there are a thousand people viewing that ad at any given time. What organization has the resources to devote to listening to and watching a thousand audio/video streams coming from random websurfers? And if they had those resources, why would they want to? What useful information would they get? Most of what they would see would be random people staring intently at the screen, with an occasional laugh or curse or mutter.

If you could target a specific person with a specific ad, then I can imagine (if the technology weren't designed to prevent it) that you could spy on that person with some mechanism vaguely along these lines. But if you put something up on the web, chances are very good that there would be too many people viewing at any given time to track.

So regardless of whether it's possible to spy on someone this way, it's just not very efficient; that alone would prevent most hypothetical black-hat organizations from using it as a spying technique.

On another note, there's some interesting fiction about people discovering that their radio or their TV is capable of secretly broadcasting as well as receiving; I think it's a common fear that any device capable of letting you observe other people has the potential to be turned on you. And not entirely ungrounded; I think I've read that it's fairly easy to turn a telephone into an always-on bug, given physical access to the telephone. Interesting sociologically, if nothing else.

Edited by author 11-27-2002 01:31 PM

Flash geek: the model may well be proper, but that does not mean it has been properly communicated to end users. The gap between Macromedia (and its developers') understanding and that of the average end user is not overcome simply by "doing it right." A rift stands between the professional knowledge of the geek and the amateur ignorance of the average user, one that the geek often ignores. Who then can say, who is the more "ignorant?"

The privacy concerns you raise are important ones. I believe that your concerns are addressed by Macromedia's opt-in model for mic/camera privacy. You state that "apparently without having to obtain our express informed consent," however, you would need to right-click and choose the Settings menu, then choose "Allow" in order to enable the use of the camera and/or microphone.

Uh, Tom... I think you might be a tad bit too paranoid...

You write, "Macromedia has contracts with the Defense Dept. and Air Force" and link to Macromedia's showcase page. The only reference to these two gov't agencies/armed forces is where there is a link and case study about how the Air Force and Defense Dept. have incorporated Flash and MM technologies into their websites.

Simply because Macromedia desires to talk about and link to a high-profile site that uses their technology successfully, does not in any way indicate a contract of any kind.

Do you make contracts with every site you link to and discuss? Hopefully not.

---

michael gunn
http://www.hollowcube.com/

I use and recommend this hosts file

http://www.everythingisnt.com/hosts.html to block unwanted ads and such.

YMMV.

jakob, so you surf to (for example) slashdot.com and before clicking the banner (if you wanted to) you view the html to see where it take you to?
so where does images.slashdot.org/cgi-bin/adlog.pl?index,sfos0943en take you to? (this is the link on the gif-banner there)
instead of blaming macromedia you should blame the company that books the ad. advertisers usually care a shit about usability and (especially) transparency.

One thing that I really don't like about ads displayed using Macromedia's flash player is the inability to right-click (Or Command Click) on them and choose something like "Properties" or "open in new window", etc.

So, I am instead left to dig into the webpage HTML to see who is serving the ad and I have no clue as to where the ad will take me if I click on it.

Bad Macromedia, BAD!!!

Jacob

Edited by author 11-26-2002 11:55 AM
Isn't recording video and audio images of anyone within range of the webcam and mic of the pcs in our home a little different than gathering other types of marketing info?

Let's say that we voluntarily enable the "allow" feature. Do the web sites gathering this info disclose anywhere on the site that they are gathering it?

Uh, adiamondisforever.com created that ad, not Doubleclick.

Sigh. Another uninformed loser blames DoubleClick for all the problems of the internet. That is soooo 1999. Join the hordes over at Slashdot.

Once upon a time I worked at DoubleClick. They really don't track a thing. The justice dept actually crawled up their ass with a video camera and analyzed their log files, etc and found a startling revelation: THEY AREN'T TRACKING SHIT. Feel free to surf those porn sites with a clear conscience.

DoubleClick is really just a glorified ISP. They just target the advertising niche. Why aren't people afraid of Akamai, who has detailed logfiles (if they want) about all kinds of sites? Referrer logs contain some interesting stuff, it's what you do with them that matters.

Dear tom_sucks - it might be worth pondering why you are so nettled. Look at it like this: Your information may be correct, but look how far away from the ad that information can be found. It is neither clear nor up front. Second, why should I take your or the company's assurance that these "default" settings are as good as gold? Third, have you ever heard of exploitable security holes in allegedly secure software?

Chuck, I appreciate your information. I think part of the problem for non-geek end users like myself may be that the process of notification of this apparent capablility, and any informed discussion of it, is 1.) not readily available, and 2.) sufficiently complicated as to require more than a sound bite to explain. This might be more a problem of communication than of insidious warez, which only makes it more necessary in the current climate of Government sanctioned clandestine surveillance that companies do everything in their power to be up front not just with developers, but with end users.

Bruce, Unlike some others, I do not assiduously attend to every bit of every company's marketing gumph. Nor do I expect most end users feel obligated to do so. As the man says in Cool Hand Luke, we might have ourselves here a failure to communicate.

Tom - do you know anything at all. You message is full of 'techno' balle that is uter utter shit !

This is a feature of the plugin that ONLY allows access to the cam/microphone if you ALLOW it.

if you dont want it to have access then sya no. Which is the default.

If your going to post shit like this get you facts strait firt you ignorant piece of turd

Hi Tom. I understand your paranoid reaction. A bit of clarification is needed, though. The ad you saw was not created in Flash 6. None of the major ad networks support or recommend serving Flash 6/MX ads yet because the penetration of the plugin in not high enough just yet, though it will be eventually.

The reason you saw the "settings..." option when you right-clicked and the following configuration window about the cam/mic settings is because you are using the Flash 6 plugin, not because the ad was created in Flash 6. In fact, since you are running the Flash 6 plugin, you will see that config for every single flash file you view, no matter what version it was created in. The config is a part of the plugin, not the flash file itself. And any flash file that is older than 6 cannot access those features, only 6 or higher.

Now, I am not providing this explanation to say your concerns are unfounded. I think a healthy amount of skepticism about any new and potentially invasive technology is a good thing. But what I can tell you, as a long time Flash developer and one who has developed several apps utilitizing the new camera/mic features of FlashMX/6, Macromedia has gone to extensive lengths to make sure this as safe as possible. They have seen too many other companies get lots of bad pr about security(microsoft) and did not want to follow their lead. MM actually spent their time on this *before* it was released, instead of waiting until people cracked it, then releasing a patch, which is so often the path software companies take.

Any Flash content that wants to utilize these features will always prompt and ask the user for permission (unless the user permanently grants and denies for a particular site). And this is handled by the flash plugin, not the flash file served from the site. And there are no currently known hacks around this, though this is not to say their wont be someday.

Anyway, hope this info is helpful.

Maybe I'm missing the point, but how can you say:"So the ad with the James Bond name has within it the technology to use our equipment to look at us, listen to us, capture us, and broadcast us to "other people," apparently without having to obtain our express informed consent."

To my knowledge, this is not true. As long as the Flash ad does not have any audio or video communication within itself, your webcam or mic will not send any audio or video to anyone. When you get an ad with some audio or video communication, which requires your webcam or mic, you will get the settingspanel popped up by itself, so you wil have to allow or deny this.
This goes for every ad that comes from the Doubleclick network, as long as you don;t check "Remember" in the settings panel.
So to my knowledge, you are in total control of what goes where within the Flash player.
If I'm missing the point of your article, please let me know. But I don't see any harm or spyware-kind-of thing in these capabilities of Flash 6.

Getting freaked out by opening this panel in the context of a DoubleClick ad makes me think of a user than surfs to a porn site then has a heart attack when opening their IE security settings and seeing an option to enable the installation of desktop items.

The video and audio access is clearly set to "Deny" by default... you've only got to panic when someone can hack into your Flash player and modify your settings remotely.

In terms of the interface, I think we're just fortunate that browsers have some common 'traditions' when it comes to how users are presented with certain options.

This 'feature' of Flash MX is no big secret... if you saw any of the Macromedia marketing gumph that accompanied the release of Flash MX you would have heard all about it.

Edited by author 11-26-2002 09:50 AM
This goes to a thread entitled ''Informationally Aware Advertising''