Websites with cool interactive content like games used to go for Java.
By embedding a special sort of Java program called an applet in your website, you could add a bit more pizazz than your competitors could manage with plain old HTML.
Then came Adobe Flash, using a programming language called ActionScript instead of Java, but with the same ultimate idea: multi-platform, cross-browser, web-based, real-time, on-line multimedia coolness.
There were downsides to Java and Flash from the start, of course, namely that:
- They were “someone else’s” standards, rather than web ones.
- They required you to install and manage additional plugins in your browser.
- They inevitably opened up additional security holes.
- Cybercrooks fell in love with Java and Flash security holes because they often worked in every browser, leading to true “cross-platform” attacks.
Eventually, browser makers and web standards-setters agreed on an alternative approach, called HTML5, that would (or at least could) make both Java and Flash redundant by giving web programmers a way to do cool multimedia stuff right inside the browser.
(To see how cool, try typing the word asteroids in the Naked Security search box!)
Simply put, almost all of us can live without Java or Flash in our browsers, almost all of the time.
Indeed, most of us do live without Java in our browsers these days, because Oracle, which owns Java, no longer enables the Java applet web browser plugin by default when you install the Java product.
Java is mainly used for applications, full-blown software programs that you install locally, so support for in-browser applets is rarely necessary these days.
But Flash has proved harder to eject from the world’s browsers, with lots of people keeping it installed and turned on, and often insisting that they need it, even when they don’t.
The fight against Flash
Apple was the first big brand name to take against Flash in a big way, by the simple expedient of banning it altogether on iPads and iPhones.
If you have an iDevice, you don’t have Flash, and that’s that: it’s all done with HTML5 instead.
Facebook jumped into the anti-Flash wars recently, too, with its newly-appointed CSO coming out swinging on Twitter.
Alex Stamos publicly demanded that Adobe should act to kill off Flash, and to set a date by which all browsers would refuse to support it.
Of course, that was just a Twitter rant.
Facebook doesn’t yet seem to share its CSO’s strident views, because the company didn’t back him up, and still makes use of Flash in your browser if you have it installed.
That’s annoying for those who want to convince the world that Flash is largely superfluous, and thus an unnecessary security risk.
Sites that use Flash “because they can”, instead of just moving to HTML5 for everything, tend to reinforce users who still think they need Flash, even when turning it off would make no visible difference.
So Flash naysayers will welcome Amazon’s recent announcement:
Beginning September 1, 2015, Amazon no longer accepts Flash ads on Amazon.com, AAP, and various IAB standard placements across owned and operated domains.
This is driven by recent browser setting updates from Google Chrome, and existing browser settings from Mozilla Firefox and Apple Safari, that limits Flash content displayed on web pages. This change ensures customers continue to have a positive, consistent experience across Amazon and its affiliates, and that ads displayed across the site function properly for optimal performance.
Interestingly that Amazon hasn’t gone all out by banning Flash because of its security risk – the “added attack surface area” it brings to your browser.
Amazon is blaming, if that’s the right word, three of the world’s Big Four browsers instead, because they no longer play Flash ads automatically by default.
Indeed, Amazon’s explicit reason for ditching Flash seems to be that it will improve the consistency of your ad-viewing experience, meaning that your browser’s “click-to-play” Flash option will no longer act as a sort-of implicit ad blocker.
Ironically, even though Amazon’s announcement means that some users will start seeing ads that didn’t appear before, it may actually help to distance Amazon from Adobe’s recent (and rather unpopular) suggestion that ad blockers are a Bad Thing and could cost our economy $22,000,000,000 this year.
Nevertheless, Amazon has banned Flash ads, and that’s that!