One might enjoy the wit of Total Information Awareness by Mark Fiore while still sensible of the irony of its being created in Flash 6, the application with its very own surveillance capabilities.
This weekend I looked a little more closely at how the real time videoconferencing ability of Macromedia's Flash 6 is explained, or not explained, via corporate press releases, white papers, tech media, Google groups, etc.
It's pretty clear that of the nearly half-billion owners of machines that contain Flash, very few have any idea that Flash 6 can turn your computer, via its camera and microphone, into a large bug in your home or office.
It's also fairly clear that Macromedia has gone out of its way to downplay this fact. Nowhere, for example, does the download page for Flash 6 mention this new facility is being added to your computer's repertoire of tricks. Support info obliquely calls this power to see and hear you the "ability to create a local video object."
At the same time, there is the realization that as Flash becomes an increasingly powerful invention - one that can bring talents like Fiore's to 491 million screens worldwide and counting - its growing complexity opens it to ever more powerful hacks:
Because Flash use is growing quickly. Flash MX is challenging Java and DHTML in an attempt to become a true universal client of the Internet. MX is the designation used for the latest release of Macromedia’s Web design tools, and Flash is becoming much more than just a nice way to design banner ads. Flash MX can add real content and power to Web pages through what Macromedia calls Rich Internet Applications (RIA). Nevertheless, the floodgates are now open, and I expect to see a lot of attackers paying attention to Flash in the future, looking for vulnerabilities they can exploit maliciously. We simply cannot afford to ignore the Flash threat any longer. John McCormick, "Vulnerabilities in Flash pose a major threat," CDNet Asia.
Why is it that elaborate presentations of new features in Flash 6 fail to mention two-way videoconferencing? I don't know, but here's an observation that might carry a clue: Flash 6 is not a program we choose to run, but one that appears unannounced as a feature of ads, games and "rich content" scattered across thousands of sites, pages, accessed by millions of users, whether they are perusing the Wall St. Journal, Odd todd, or some new game.
Macromedia's privacy FAQs tell us that it's our responsibility to control the settings built into Flash 6 to prevent unauthorized use of our cameras and microphones. Speaking of responsibility, when were we advised that Flash 6 even had this capability?
Macromedia is in a tough spot. It wants everyone to download Flash. Its Rich Media Advertising partners, like DoubleClick, also want this, because they are paid to believe their own bullshit that rich media ads attract more clicks, dicks, chicks - something.
The confluence of a brilliant piece of software with the demands of web advertisers to "prove" there is a future for ads on the Web could be one reason the videoconferencing feature of the Flash 6 package has had a rather soft opening. Ad partners are probably more focused on when Flash 6 will run on PDAs, phones and other devices.
Your thoughts welcome.
More on this here and here. I'm also talking about this with John Dowdell of Macromedia over on his blog, JD on MX.
