
Chrome will begin pausing many Flash ads by default on September 1 - cpeterso
https://plus.google.com/+GoogleAds/posts/2PmwKinJ7nj
======
phamilton
For anyone interested in the definition of "essential", see the source code:

[https://chromium.googlesource.com/chromium/src.git/+/master/...](https://chromium.googlesource.com/chromium/src.git/+/master/content/renderer/pepper/plugin_instance_throttler_impl.cc)
(See constants)

and

[https://chromium.googlesource.com/chromium/src.git/+/master/...](https://chromium.googlesource.com/chromium/src.git/+/master/content/renderer/pepper/plugin_power_saver_helper.cc)
(See ShouldThrottleContent)

TLDR, essential content is either:

1) On the same domain as the page

2) Considered "Large" (at least 298 x 398, certain aspect ratio, minimum total
area), with an exception for tiny content (likely transport plugins).

~~~
michaelbuckbee
The only other regular 'tiny content' thing I can think of is ZeroClipboard
(which puts an invisible flash movie over a button so you can click 'copy') as
Javascript clipboard actions still aren't broadly supported [2].

ZeroClipboard is used by Github and lots of other sites for the little buttons
next to repo URLs, etc.

1 -
[https://github.com/zeroclipboard/zeroclipboard](https://github.com/zeroclipboard/zeroclipboard)
2 -
[http://caniuse.com/#search=clipboard](http://caniuse.com/#search=clipboard)

~~~
_yy
Github somehow manages to copy stuff to the clipboard with flash player
disabled - apparently it's using the new HTML5 clipboard API.

~~~
bvm
IIRC ZeroClipboard falls back to flash if you're not using a browser with the
new clipboard APIs.

~~~
stingraycharles
But this problem is irrelevant, since all versions of Chrome that block flash
will have this API, not?

~~~
madeofpalk
But that's irrelevent anyway, as Chrome wouldn't block ~tiny~ flash plugins
used by the clipboard transport.

------
archon810
The irony is that while they recommend converting ads to html5 (or auto
convert them with swiffy), the performance goes to shit as well, arguably even
worse than flash would have been, at least on mobile.

\- [http://venturebeat.com/2015/02/25/google-now-
automatically-c...](http://venturebeat.com/2015/02/25/google-now-
automatically-converts-flash-ads-to-html5/)

\-
[https://code.google.com/p/chromium/issues/detail?id=467709](https://code.google.com/p/chromium/issues/detail?id=467709)

\-
[https://plus.google.com/+ArtemRussakovskii/posts/MtcZGJprWje](https://plus.google.com/+ArtemRussakovskii/posts/MtcZGJprWje)

~~~
harigov
Just out of curiosity - could there be issues other than just performance
here? For ex., could it be that Flash based ads can identify user/device
contributing to privacy issues?

~~~
kevinchen
Flash also has a ton of vulnerabilities and a huge codebase, and according to
Apple, caused a ton of crash reports from their computers.

~~~
dogma1138
TBH if a Flash crash or any other user space application crash causes a system
crash it's an issue with the OS. Steve Jobs at the time said that every time
MacOS crashes it's more often than not Flash's fault, which wasn't really true
and would only speak "wonders" of how well MacOS isolates user space
applications...

On the security issues it's some what true because the nature of Flash,
applications like these are almost impossible to sandbox properly unless you
have an operating system that sandboxes everything by default.

Flash it self these days is pretty much code execution as a service it can do
pretty much everything you want some browsers sandbox it better than others
but it's still intended to pull code from the ether and run it and when you
have a setup like that you will never be able to limit it effectively. Flash
can be phased out only because it's mostly used to play various forms of
media, but any other use of it cannot be converted to HTML5.

If Javascript (as it's parsed and executed in browsers) will ever get to the
point of being as flexible and powerfull as Flash is today you'll see browser
based RCE vulnerabilities skyrocket also, JS is safe to use only because the
browsers restrict it, Flash and AIR are intended to support everything from an
animated ad to a full desktop application.

Just look at Node.JS (and many NoSQL DB's that used JS) in it's early years
almost every (non-DOM based) cross-site scripting vulnerability in a Node.JS
application could result in remote code execution on the server, even today
you can still easily cause it if you don't handle the code properly one stupid
eval in your node code which was there for lazy debugging can lead to your box
getting owned in minutes.

~~~
Arcanum-XIII
They're not system crash but application crash, both are reported on MacOS X.
So no, Flash didn't crash the OS, only apps like Safari, Firefox or Chrome.
Isn't it enough ?

~~~
dogma1138
>They're not system crash but application crash, both are reported on MacOS X.
So no, Flash didn't crash the OS, only apps like Safari, Firefox or Chrome.
Isn't it enough ?

That wasn't what Apple (Steve Jobs) claimed... [1]"Whenever a Mac crashes more
often than not it’s because of Flash. No one will be using Flash, the world is
moving to HTML5." Also Flash doesn't crash Chrome, doesn't crash FF for ages
either. No clue about Safari the quote was debunked by everyone, even Apple
backtracked on it to a more "we meant Safari in certain cases" type of
statement. we can all move along.

[1][http://www.digitaltrends.com/computing/steve-jobs-
unleashes-...](http://www.digitaltrends.com/computing/steve-jobs-unleashes-
his-fury-during-town-hall-meeting/)

~~~
fenomas
I doubt it's worth picking over all that stuff Jobs said about Flash - it was
FUD top to bottom. I mean, in his famous letter he flamed Flash for being
closed even as iOS locked people into a single browser, flamed it for being
nonstandard while Apple pushed out Safari-only web pages [1] and weird
quicktime extensions, etc. He even called out Adobe for being late to adopt
Cocoa even though core Apple apps hadn't migrated yet.

So, the language about crashes may have had more or less basis in reality, but
it's not as if Jobs was concerned with nuance and details.

[1] [http://www.infoq.com/news/2010/06/apple-
html5-gallery](http://www.infoq.com/news/2010/06/apple-html5-gallery)

------
pjmlp
I can already disable flash ads. Good luck disabling HTML 5 ads without
browser plugins support.

~~~
dredmorbius
I've gotten high mileage by blocking OVPs directly. I'm advocating doing this
to encourage video providers to _NOT_ enable autoplay on video.

    
    
        0.0.0.0			www.autofixinfo.com	# Autoplay video
        0.0.0.0			c.brightcove.com	# Autoplay video
        0.0.0.0			player.theplatform.com	# Autoplay video
        0.0.0.0			link.theplatform.com	# Autoplay video
        0.0.0.0			ci-2862d2c8d6-68f418d2.http.atlas.cdn.yimg.com	# Autoplay video
        0.0.0.0			video-img2.thedailymeal.net	# Autoplay audio
        0.0.0.0			ht1.cdn.turner.com	# Autoplay video
        0.0.0.0			ht2.cdn.turner.com	# Autoplay video
        0.0.0.0			ht3.cdn.turner.com	# Autoplay video
        0.0.0.0			ht4.cdn.turner.com	# Autoplay video
        0.0.0.0			ht5.cdn.turner.com	# Autoplay video
        0.0.0.0			ht6.cdn.turner.com	# Autoplay video
        0.0.0.0			ht7.cdn.turner.com	# Autoplay video
        0.0.0.0			ht8.cdn.turner.com	# Autoplay video
        0.0.0.0			ht9.cdn.turner.com	# Autoplay video
    

Protip: install dnsmasq which allows you to block entire domains rather than
listing hosts independently.

(Note: corrected s/VPN/OVP, see followup.)

~~~
coldpie
Firefox provides the "media.autoplay.enabled" setting, which can be disabled.
It's a very difficult setting to implement correctly, but it works most of the
time. The larger trouble is that many websites, including YouTube, expect
autoplay to work and act slightly wonky when it doesn't.

Edit: Have some bug links

Original reporter suggesting the setting should apply to HTML5 media. Includes
a very long discussion of the problem and why it's difficult:
[https://bugzilla.mozilla.org/show_bug.cgi?id=659285](https://bugzilla.mozilla.org/show_bug.cgi?id=659285)

Bug about websites that assume autoplay works, marked invalid because those
websites shouldn't(?) make that assumption:
[https://bugzilla.mozilla.org/show_bug.cgi?id=1173848](https://bugzilla.mozilla.org/show_bug.cgi?id=1173848)

~~~
zamalek
Thank you!

> act slightly wonky when it doesn't.

I would hope so. Autoplay videos are fraught with discrimination: "live in a
country where bandwidth is expensive? Fuck you, have an autoplay video."

I hope browsers move toward having autoplay as default "off" in the future.

~~~
freehunter
I visited a site that was linked here recently and they not only had an
autoplaying video, there was no way to pause it or stop it. The only option
was to mute the video, while it still played.

Horrible. That's why people use ad blockers.

~~~
dredmorbius
My canonical example is a PC World page on killing video autoplay ... with an
autoplay video:

[https://plus.google.com/104092656004159577193/posts/CQAJEyHG...](https://plus.google.com/104092656004159577193/posts/CQAJEyHG9qb)

------
jakob223
I use chrome with all plugins disabled unless I right-click to run them, and
the only one that I regularly have to enable is the PDF viewer. I find it a
much more enjoyable (and faster) browser experience and have no need for an ad
blocker because flash ads are the only ones that really annoy me. I think it's
a great idea to disable non-essential flash by default.

~~~
pbhjpbhj
Isn't part of the point here that flash ads are mostly going to migrate to
HTML5 and then having click-to-run on flash won't be blocking hardly any ads?

------
shocks
I've had pretty much zero consequences from disabling Flash globally in all my
browsers.

Where is Flash still essential?

~~~
rythie
I've been disabling by default for a few weeks, though many sites still use
it, for example:

    
    
      - Facebook (videos)
      - Twitter (bizarrely uses it for gifs in Firefox)
      - YouTube
      - BBC news
      - The Independent and most of UK press
      - Basically any site with embedded video
      - even github prompts because of that copy+paste feature
    

I have no interest in Flash games or adverts, so it's annoying that these big
sites all still use Flash.

~~~
nine_k
Flash-less Youtube works well for me for at least a year now. Vimeo required
more effort but also used to work.

Many embedded videos often don't, though.

------
dang
Url changed from
[http://www.theregister.co.uk/2015/08/28/google_says_flash_ad...](http://www.theregister.co.uk/2015/08/28/google_says_flash_ads_out_september/),
which points to this.

------
kfor
I think this is actually a benefit for consumers, but this just seems like an
invitation to an antitrust suit.

------
arghbleargh
So... can somebody explain what the difference between "essential" and "non-
essential" Flash content is, and how Chrome can tell the difference?

~~~
jakob223
According to the article, it's based on whether it's the "main" object on the
page. Size and centeredness both play a role, I'd guess.

~~~
dredmorbius
So, say, a browser plugin which renamed "main" elements to, oh, say,
"notmain", would have the effect of killing autoplay.

Though for Flash that's already possible. It's HTML5 that's bugging the shit
out of me now.

~~~
icebraining
For Chrome: [https://chrome.google.com/webstore/detail/disable-
html5-auto...](https://chrome.google.com/webstore/detail/disable-
html5-autoplay/efdhoaajjjgckpbkoglidkeendpkolai?hl=en)

For Firefox, I think you can just set media.autoplay.enabled = false in
about:config.

~~~
dredmorbius
Thanks, I'd not seen an HTML5 video blocker previously.

------
cyberjunkie
"Google's reasoning for the move is largely performance-based, apparently"

Now if only they can start optimizing Chrome urgently, that'd be just great!

~~~
_pmf_
> "Google's reasoning for the move is largely performance-based, apparently"

Yeah, because WebGL never crashes the browser (not even the kind of small
demos that seems to be all it's used for).

~~~
onion2k
I've been developing WebGL content for the past 18 months and, so far, it
hasn't crashed from any WebGL issues. And that's with my code which is pretty
awful most of the time.

~~~
dogma1138
I've had WebGL crashes quite often on YouTube. Allot of the WebGL demos are
also either forcing a WebGL crash from time to time or just hang browsers due
to performance. You can say allot about Flash but atm it's performance and
stability are better than WebGL in it's current state.

The problem with WebGL is that it pretty much inherited the mess of OpenGL
every driver version on every GPU can implement different feature set of it
(similar to the extension mess of OpenGL in Nvidia and ATI minidrivers at the
time) which results in Browsers having to maintain blacklist/whitelists[1] for
a very large array of hardware and software combinations (Chrome currently
isn't maintaining a driver version based list other than a cut off date for
certain drivers which also causes problems if you are running old hardware and
the best drivers for it are considered out of date by Google).

WebGL it self is also not implemented in the same manner across different
browsers Chrome and FF for example have quite a different blacklist/whitelist
for WebGL, I don't know if this because of different in browser implementation
or because of they are simply encountering different issues and adjusting
accordingly.

The worse thing I've encountered so far is WebGL on switchable graphics (e.g.
Nvidia Optimus) enabled laptops, some features might switch the GPU
arbitrarily even mid execution which causes the whole thing to implode..

[1][https://chromium.googlesource.com/chromium/src/gpu/+/master/...](https://chromium.googlesource.com/chromium/src/gpu/+/master/config/software_rendering_list_json.cc)

Whats worse is that WebGL can actually crash your graphics driver and if it's
bad enough than Windows can't recover the kernel mode driver it's a complete
kernel panic. This doesn't happen often but if you want to do it you can do it
sadly too easily, Chrome/FF chase known DOS cases with WebCL quite well but
they really don't catch all of them and if that feature isn't blacklisted for
your setup well you can crash a machine with a single pixel draw ;)

And the introduction of WebCL would probably lead to some of the nastiest RCE
vulnerabilities you can imagine soon enough you are allowing people to execute
general purpose code directly on the metal and interact with Kernel mode
components. There are already GPU rootkits out there soon enough they'll find
an infection vector trough WebGL or WebCL and it will be a very unpleasant
period.

~~~
jaen
Chrome & FF do not use OpenGL drivers on Windows, they translate to DirectX
using Angle:
[https://code.google.com/p/angleproject/](https://code.google.com/p/angleproject/)

~~~
dogma1138
I didn't say they use OpenGL, the WebGL implementation on Windows is trickey
since there is no OpenGL mini driver so native support is implemented a bit
differently it's only matters who does the translation (GPU driver, vs
Browser).

Also are you sure they still use ANGLE by default? Both Chrome and FF had the
ability to enable native support years ago using –use-gl=desktop for Chrome or
webgl.prefer-native-gl for FF, 2-3 years ago that was the only way of getting
any reasonable performance out of them..

But even with ANGLE, WebGL feature implementation is still not consistent
across hardware and drivers (Graphic drivers treat DX like one would treat a 5
year old, they'll hear it and do what they want ;)) from even a single vendor
yet alone across the 3 desktop and 3-4 mobile GPU vendors.

------
EarthLaunch
Embrace, extend, extinguish? I remember when Chrome first integrated Flash
into its browser rather than requiring it to be a separate install.

~~~
Menge
> Embrace, extend, extinguish?

Only the 3rd properly applies to Chrome and Flash. Chrome didn't embrace an
API they could extend; they shipped a plugin providing an ~ABI of a
foreign/closed API then still had to make atomic decisions like this one.

------
dogma1138
I got plugins disabled by default in Chrome for ages now (right click run
plugin when needed).

Before that on FF i had an add on that disabled autorun for flash also (very
similar to how chrome does it with plugins gotta right click to load it).

But if Google does it only for none Google adnetworks that's going to be a
huge lawsuit. The article doesn't really clarify why would it work on Google
own networks because they convert to HTML5 or because they will white list
their own stuff.

TBH we could've gotten rid of Flash years ago, Google was actually a big
supporter for Flash, it was very important for them at some point in time,
Google Chat, Gmail Extensions, Google Wave, and most importantly getting high
bit rate video on YouTube off the ground (DXVA, OpenGL support was critical
for YouTube and every other streaming site out-there), and heck Google
promoted Flash on Android until JB as their big gotcha over Apple..

~~~
dao-

      But if Google does it only for none Google adnetworks that's going to be a huge lawsuit. The article doesn't really clarify why would it work on Google own networks because they convert to HTML5 or because they will white list their own stuff.
    

It's because their ad network converts stuff, at least that's the only way I
can read these sentences:

    
    
      Google said advertisers who are worried about having their ads switched off should consider converting their Flash artwork to HTML5. According to the cyber-goliath, "most Flash ads uploaded to [Google] AdWords are automatically converted to HTML5."
      So, in other words, if you're not on Google's ad network, you're locked out of Chrome – unless you also switch to HTML5 artwork.

~~~
Sephr
You don't need to be on Google's ad network to use swiffy (the conversion tool
that they are using), it's open source.

~~~
mccr8
Is the conversion tool actually open source? The Swiffy Wikipedia page says
"There is a server-side component (source currently not public) that converts
SWF to an intermediate representation serialized as JSON.".

~~~
Sephr
Oh sorry, I was thinking of shumway. Swiffy isn't open source, but it is
_free_ at least, so third party ad networks can still use it.

------
taco_emoji
Wish they would do this for animated GIFs...

------
illumen
Is this anti competitive?

~~~
jcl
That occurred to me, too. It certainly hurts any competing ad networks who
don't have a Flash-to-HTML5 converter ready.

On the other hand, I think Chrome is the only major browser that ships with
the ability to play Flash, so one could argue that it is just altering the
benefit that Google has been providing to all Flash providers for years.

------
kin
Good riddance.

Sometimes I forget to turn ad-block back on after testing stuff. Thanks
Google.

~~~
dredmorbius
Tip: use different user profiles. A "stock", "raw", or "testing" profile for
unfiltered use.

Though better sandboxing would be my choice.

~~~
kin
Wouldn't switching between different profiles be the same effort as
enabling/disabling?

~~~
dredmorbius
Extensions are specific to profiles. Rather than toggle a bunch of extensions
on and off, just switch profiles.

------
skynetv2
but will continue to autoplay html5 ads provided by Google ad network? Or does
Google ad network explicitly prohibit auto play?

------
sharmadwivid
This is awesome!!! Now no more unwanted stuff while browsing.

------
ablation
I hope that Google takes the next, bigger step and kills its YouTube Flash
player. The HTML5 one is superior in almost every way and so many browsers now
support HTML5[1]. It would be a really meaningful statement. This is just a
bit 'meh'.

[1] [http://html5readiness.com/](http://html5readiness.com/)

~~~
chrismarlow9
What irritates me is that flash is required for google music. I really like
google music over all the other radio services, plus I have some music in my
lib, but I've resorted to just looking up albums on youtube. If it's an
absolute must have for some technical reason, a desktop client would be nice
as an alternative.

~~~
on_and_off
In GM settings, you can opt in for HTML5 audio. I have been using it for more
than a year, it works extremely well.

~~~
chrismarlow9
Thanks for this. I'm not sure why they wouldn't use a fallback mechanism
instead of making this an explicit setting?

Edit: This is strange. I went to change the setting and it is greyed out and
cannot be changed. This is in both chrome AND firefox. Both are up to date
with most recent version, and my macbook was bought this year. Neither have
adblockers enabled.

~~~
on_and_off
It is indeed strange, I have been using this option for some time. Works like
a charm on 2015 mbps, as well as older ones. There is maybe an issue with your
specific model ? That might also explain why it is not a default yet.

------
HazonS
Taking Flash away is always a good new for privacy and security :) Anyway, is
not sufficient.

Why would google take a good but not sufficient approach?

IMO because of marketing issues: get some hackers and tech savvy people to
evangelize that they are improving their privacy issues. I suppose google
doesn't need flash/super cookies, "so lets take them out, we look good, and we
still have the same entropy to get to know the user"

------
vacri
Chrome has invented Flashblock (2004) :)

[https://en.wikipedia.org/wiki/Flashblock](https://en.wikipedia.org/wiki/Flashblock)

------
kuschku
> "essential" Flash content (such as embedded video players) are allowed to
> automatically run, while non-essential Flash content, much of that being
> advertisements, will be automatically paused.

Can’t we just throw out all flash?

~~~
ars
> Can’t we just throw out all flash?

Way too much stuff needs it. For example fun little browser games. For example
[http://www.kongregate.com/](http://www.kongregate.com/)
[http://www.miniclip.com/](http://www.miniclip.com/)
[http://www.friv.com/](http://www.friv.com/)

At least in my browser (Firefox on Linux) flash plays better than html5 for
video.

~~~
samsonradu
+1 for this. Another example would be live streaming. yy.com comes to my mind
right now, it's fully flash and used by millions of users. gaming.youtube.com
does Flash too on Firefox, not to mention all of the adult streaming sites.
Funny how everyone is asking for Flash to just disapear, if it had never been
around we'd all be screaming for a plugin that makes all the above possible.

~~~
kuschku
No, we wouldn’t scream for a plugin making that possible, but we’d scream for
a web standard.

We already have a way to transmit two-way video live in browsers (WebRTC).

It should be not to hard to use the codecs existing for that to make a one-way
live streaming in browsers.

~~~
samsonradu
Well, WebRTC is indeed a way, but it's very far from a standard - Chrome and
FF supporting it only - and has some issues. It's difficult to do multi-
casting with it and eats up a ton of CPU resources. If it were scaleable and
usable one of these multi-million dollar businesses would adopt it by now
don't you think? I haven't seen anyone pick it up.

~~~
kuschku
Yes, we need some additional standards to build upon it, but at least the
decoders exist in Chrome, Firefox and Safari on all modern platforms.

If someone would add a small standard extension (like Microsoft originally
suggested) to allow for one-way streams, we could do livestreaming over it,
too.

Preferably even make it seamless – allow pointing a video element to a
livestream source.

