Adobe's Flash has gone from the darling of the Internet party to creepy crasher everyone wishes would leave. Apple turned its back on Flash years ago, Google and YouTube aren't fans any more, Firefox now blocks Flash content automatically, and the latest nail in the coffin is coming from Facebook's Chief Security Officer Alex Stamos is calling for a kill date where all Web browsers drop support for the multimedia platform at the same time.
Facebook wants an official end date for all Flash support
In a post on Twitter Mr. Stamos said,
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
He added that setting an official end date for all Flash support would force companies and developers to move on to newer and more secure options like HTML5. "Even if 18 months from now, one set date is the only way to disentangle the dependencies and upgrade the whole ecosystem at once," he said.
Facebook is already eating its own dog food, in a manner of speaking. The social network has been phasing out Flash support for video content in favor if HTML5 for some time. Adobe has even accepted that Flash isn't the reigning king of the Internet any more and added HTML5 support to its online publishing and design apps.
The root of the problem is security. Flash has so many major security issues that Adobe can't even find all of them, let alone patch all the flaws. Companies that sell exploits to governments for spying and surveillance love Flash because of its long history of security issues.
Hacking Team is one of those companies, and recently was the victim of a security breach where another serious Flash security exploit was revealed. Adobe rushed to patch the flaw, but the issue underscores how serious the problem has become: Flash exploits are so marketable that companies have turned them into big business.
I've called for an end to Flash more than once, most recently after the Hacking Team incident. I don't see Adobe killing off the platform, but I do think we can all help to actively shape its future so it isn't a platform developers look to for Websites.
As end users we can uninstall Flash from our computers and let sites know we want alternatives. A side benefit from uninstalling Flash is that it removes some big security weaknesses from our computers. Adobe has instructions for uninstalling Flash on its website for Mac users and Windows users.
Web browser developers can run with Mr. Stamos's suggestion and all agree on a kill date where Flash simply won't be supported any more. That will be far more effective than trying to convince Adobe to retire Flash because companies that don't have to move on to more modern platforms won't if they don't have the incentive of knowing their sites will stop working.
Like I said last week, Flash is an exploit-palloza and it's time to give it up. Adobe isn't going to take the initiative to kill off Flash, so its up to us and developers to make that happen. I'm looking forward to an Internet where Flash doesn't pose a daily security threat.
[Thanks to Business Insider for the heads up on Alex Stamos's tweet]