Flash is the rich media plugin that everyone loves to hate, notorious for its constant updates and fierce appetite for system resources. Now it’s splashed across the tech headlines once more, as Mozilla moves to block it by default in the Firefox web browser.
But this isn’t the first time that Flash has come under fire. The tech community has been seemingly obsessed with its destruction for years.
Here’s the who, why and how behind the downfall of Flash.
How Flash Became So Big
From the outside-in, and knowing all we know now about device compatibility, fragmentation and the importance of making website access as easy as possible, it seems absolutely bonkers that Flash is still being used. In order to understand how we got here, you’ll have to cast your mind back to the web of the mid-90s.
In 1996, a company called Macromedia purchased FutureSplash Animator and rebranded it Flash. In addition to authoring software, Flash Player was distributed as a browser plugin that allowed online users to view the animations, videos and interactive elements contained within .SWF files. These files had to be authored using Macromedia’s proprietary software and thus began the Flash monopoly.
By 2000, Flash had reached version 5 and websites like Stickdeath and Homestar Runner only served to keep monthly Flash Player installations growing. At the time this was hardly surprising — web video still hadn’t taken off, with many still restricted to dial-up speeds. The technology made good use of lightweight vector imagery and compression techniques to deliver a rich media experience like no other.
By 2005 Adobe had acquired Macromedia, bringing Flash, Dreamweaver and the whole Shockwave family along with it. Significant improvements were made to ActionScript, making the technology more appealing to business users with some implementations (like Adobe Flex Builder) targeting the enterprise market specifically. That’s right, even enterprise-level corporate applications were built using Flash.
In 2008 Flash reached version 10 complete with a non-GPU-accelerated 3D engine. Shortly after, Adobe Integrated Runtime (later rebranded Adobe AIR) appeared, replacing Flash Player with a new framework that even found its way onto iOS despite Apple’s shunning of Flash as a web technology.
It’s been just short of 20 years since Flash 1.0 was released in 1996, and only now are serious moves being made to truly “kill off” the technology.
The Problem With Flash
One of the biggest problems with Flash was echoed in some of its earliest criticism. Long before zero-day vulnerabilities and an insatiable thirst for system resources became de-rigeur, Adobe was criticized for their “vendor lock-in” approach.
As Flash is a proprietary technology, Adobe is ultimately in control of the platform. There’s no open source to view, and thus no public specifications defined for re-implementation of past work outside of Adobe’s ultimate control. Everyone from Mozilla Europe’s founder Tristan Nitot, to free software movement evangelist Richard Stallman and inventor of CSS Håkon Wium Lie have criticized Flash for its gatekeeper approach.
“Both Adobe and Microsoft have been willing to give [Flash and Silverlight away] for free. But maybe they have an agenda. They’re not here for the glory; they’re here for the money … you’re producing content for your users and there’s someone in the middle deciding whether users should see your content. If Adobe or Microsoft decides to compete with you and you’re using their technology, you cannot compete.”
Tristan Nitot, Mozilla Europe founder, speaking to ZDNet in April 2008.
Despite attempts made in by Adobe in 2009 to lift restrictions on the .SWF/.FLV file specifications, the technology has never received the warm open-source approach that critics have strived for. A number of open source Flash player alternatives sprang up, like Gnash, Swfdec and Lightspark — all of which fell by the wayside, with limited compatibility unlike that which Adobe could implement.
Flash is also frequently found to be insecure, a fact many users are aware of thanks to seemingly endless Flash Player updates. Most recently a group called Hacking Team were themselves hacked, and a number of their tools leaked onto the web — including three (and counting) particularly nasty exploits for Flash, which prompted Mozilla to take drastic action.
“The Adobe flash plug-in is non-free software, and people should not install it, or suggest installing it, or even tell people it exists. That Firefox offers to install it is a very bad thing. I’ve been trying for a couple of years to get going a modified version of Firefox that won’t offer to install any non-free plug-ins, but we don’t have enough people to make this work very well.”
Richard Stallman, founder of the Free Software movement, posting on the OpenBSD mailing list in December 2007.
At the time of publishing, CVEDetails — a website that tracks common vulnerabilities and exploits — attributes 510 total issues to Flash Player since 2005, just short of 40% of all recorded Adobe vulnerabilities since 1999 (1276). The figures for 2015 are even more depressing, with Flash making up 75% of all Adobe vulnerabilities.
It’s also hard to ignore that in the 20 years since its introduction, browser technology has come a long way, as have connection speeds. Flash is old by today’s standards, and having to install a plugin in order to access content feels old fashioned and backwards.
Many of the services you’d want to access that once relied on Flash no longer do — YouTube, Vimeo, Hulu; they’re just that popular — but advertisers still make heavy use of it. Food for thought.
The Start of the End
Despite the mounting criticism from developers and end users alike, Flash went relatively unchallenged as a baseline standard until 2010. Web plugins continued to come and ago, notably the Unity game engine saw its first release in 2005, with a web-player plugin capable of providing immersive 3D-experiences within a web browser. Many of Unity’s implementations were standalone, and the technology was never meant for the web in the same way that Flash was used in applications, media and advertising.
It wasn’t until Steve Jobs published his open letter — Thoughts on Flash — in 2010 that the technology came under serious scrutiny from a tech industry heavyweight. Jobs outlined six clear reasons as to why Apple would not be allowing or implementing Flash on iOS, citing the technology’s lack of openness, a plugin-based approach, security and performance concerns, battery drain, touch-friendliness and vendor lock-in as determining factors for the decision.
This was arguably the biggest blow the technology had received so far, and news that Apple wouldn’t be supporting Flash forced users to seek alternative, browser-compliant technologies. HTML5, WebM and the H.264 codec are just some of the alternatives that flourished in the wake of the announcement. Websites like Vimeo quickly reacted by making Flash an optional extra, but still a default option for most.
Meanwhile Google and Adobe pressed on with plans to implement Flash into Android 2.2 Froyo in May of the same year. The “Flash on Android” era was a short-lived one, and two years later Adobe announced that Android 4.3 “Jelly Bean” would be removing support for the technology. The company backed up its decision with the admission that:
Adobe Developer white paper about Android 4.1 “Jelly Bean” in February 2012.
2012 also saw Microsoft officially cease development on their competing rich media technology, Silverlight. While Silverlight likely posed little threat to Adobe’s crown, this move was seen as the canary in the mine by many, signalling that now was the time to embrace evolving web technologies like HTML5 and ditch the plugin-based approach.
By 2014 the World Wide Web Consortium (W3C) announced that the HTML5 specification process was complete, and that the technology was ready for widespread adoption. Many browsers already supported HTML5 by this point, and so its use moved the “novel” to the ordinary. The <video> tag further removed the dependency on .FLV video, and many HTML5 web games that sprang up using the <canvas> tag ran natively on mobile devices.
In early 2015 another nail was hammered into the Adobe Flash coffin, as YouTube dropped Flash as its default video player, replacing it instead with HTML5 video. As part of the announcement YouTube’s Richard Leider noted how new web technologies were changing the face of online video:
“These advancements have benefitted not just YouTube’s community, but the entire industry. Other content providers like Netflix and Vimeo, as well as companies like Microsoft and Apple have embraced HTML5 and been key contributors to its success. By providing an open standard platform, HTML5 has also enabled new classes of devices like Chromebooks and Chromecast.”
Richard Leider, Engineering Manager at YouTube in a blog post in January 2015.
Fast-forward to July 2015 and Italian “security company” Hacking Team — who by their own definition “provide effective, easy-to-use offensive technology to the worldwide law enforcement and intelligence communities” — are hacked, releasing a number of weaponized exploits into the wild. This included an exploit which Hacking Team described as “the most beautiful Flash bug for the last four years.”
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
— Alex Stamos (@alexstamos) July 12, 2015
Since then two further Flash exploits have been found, and the fallout hasn’t been pretty to say the least. The news lead Facebook’s Chief Security Officer (CSO) Alex Stamos to publicly call for Adobe to set a kill date for Flash, shortly after the head of Firefox support Mark Schmidt announced that all versions of Flash are blocked by default in the current release.
— Mark Schmidt (@MarkSchmidty) July 14, 2015
Two days later and Flash support is back for Firefox users — but for how long this time?
What Now for Flash?
Flash isn’t dead yet, and still enjoys widespread use particularly in the gaming and entertainment spheres. Many mobile games (like Angry Birds and Machinarium) were developed with Flash and packaged up for use on mobile platforms with the help of Adobe AIR, and this is still happening for mobile games produced today.
Similarly, Flash is a go-to animation tool for many professional productions ranging from My Little Pony: Friendship is Magic to scenes in the 2009 Academy Award winning Irish feature film, The Secret of Kells.
You can still buy a license for Flash Pro CC today, and you can spend much more on courses learning how to make the most of the toolset. But if your specialty is web technologies, streaming video and rich Internet applications, Flash is not the future. A poor security record, cumbersome update process and the rise of better, more accessible technologies are all evidence of this.
So don’t expect Adobe to kill off what many still consider to be a vital tool in their creative arsenal, but do expect to hear a lot less about it in the coming years — particularly if you yourself choose not to install it — it’s perfectly possible to enjoy today’s Internet without it..
Do you still have Flash installed? What’s stopping you from letting go?