Hacker News new | past | comments | ask | show | jobs | submit login
Google is banning Flash from its display ads (theverge.com)
446 points by cpeterso on Feb 10, 2016 | hide | past | web | favorite | 143 comments

I've blocked Google ads for so long I didn't realize they had been allowing Flash ads.

I bought a new Windows laptop last year. Of course the first thing I did was open IE and search for "download chrome".

Stupidly, I clicked on the first link, which was a Google ad for Chrome bundled with some malware.

Spent the next few hours getting rid of said malware.

I've used adblock (ublock) for a long time, but there was always a little bit of guilt associated with it; that episode cleared the guilt, completely and for ever.

The web can be scary without adblocker. Many people have given similar examples here lately. Here's one from me:

I have a certain addiction I cannot control. Tried everything possible without any success at all. It's not as dangerous as drugs, but it's also related to buying a lot of expensive stuff. So, when I disable adblock, every website spams the hell out of me with ads related to my addiction.

This is nasty! And disgusting. I'm sure I'm not alone. Also there's probably a huge number of people that get influenced to smaller extent and don't pay attention to it (because it doesn't ruin their lives, y'know).

Same thing with VLC I (as a Mac user) once installed for a Windows friend... The malware/adware version scored nr 1.

"IE the number 1 browser for downloading Chrome"

bambax, its not malware. when you installed free software they created spam add-on in browser.

And how isn't that malware?

Ha. One of the annoying things about the first x86 Android tablets was that Google would serve up a flash ad which wouldn't work, presumably because it was expecting an ARM processor. As a result a whole slew of apps which had video and ads were unusable.

The only Google ads that I still get is on the Youtube app on Android... which is one reason why I don't like to install any Google binaries on my computers...


will remove ads in the youtube app if you have a rooted device, just install the xposed framework, then this.

Keep in mind you need to update it when the youtube app updates (youtube app might be showing ads, or behaving weirdly/crashing if you don't)

i've blocked flash for so long, most ads dont display for me.

Good for you that they are moving to HTML5 then ;)

May be in bootstrap ;)

Which ad blocker do you use on mobile?

For Google ads specifically? https://contributor.google.com/

Wow. Their highest tier is $10/month to see 25-50% fewer ads? That seems a bit steep for the minimal reduction you're seeing.

My understanding is that the system literally works by buying out your own ads, as if you were an advertiser targeting specifically yourself with ads that have no content. The effect is thus that you pay what advertisers would otherwise have paid. But if some advertiser bids $100 for one ad (this actually happens!), then Google is going to show that ad.

As such, the pricing structure, while maybe overcomplicated, is perfectly fair. Theoretically, in an ad-free world, this is the price you would need to pay to consume the same content. If you feel it is too high, then what you're saying is that, for you, ads are worth the annoyance. (Or, alternately, you're saying that you'd rather pay less and get lower-quality content.)

Personally, I think $10/month is an extremely reasonable price to pay for the web content I consume, and I'd certainly rather pay it than see the ads.

EDIT: That said, as a matter of product design, I think this pricing structure sucks. They really ought to offer a flat price that removes all ads. However, I suspect that would require strong-arming all AdSense sites to agree to new terms (since it would affect how much those sites are getting paid), and as we've seen when YouTube did this in order to create YouTube Red, it tends to create a huge PR backlash.

And they still got to track you. And you pay for that. Great deal.

I think they're accounting for the fact that Google doesn't control all ads across the web.

Yea, why don't they account for that fact in the $10/month price?

They do

no thanks

That is...a lot more than I expected for what you're getting.

It's not. Google doesn't control all ads on the web. It's basically "hide 90% of Google ads".

> Which ad blocker do you use on mobile?

Firefox with uBlock. Just plain old FF extensions. No root required.

Firefox for Android is seriously underrated IMO.

Possibly because it was very poor when it first came out? That's certainly why I switched away.

Me too. Also because the default Chrome was good enough.

But i came back to firefox recently and now it is my default. The "Reading list" feature is so good productivity-wise.

And using firefox again made me realize that features like Reading-list, Tracking-protection, or even offline-mode would never be implemented in Chrome because of the fundamental conflict of interest between its users and Google

We just (last week) launched an Android ad blocker with Samsung that doesn’t require rooting your device or switching to another browser (our app works with Samsung Internet, which is the default browser on most of their devices): https://play.google.com/store/apps/details?id=com.rocketship...

The ad blocker is also open source: https://github.com/rocketshipapps/adblockfast

>Samsung Internet

Ah yes, I'm remembering why I hate non-Nexus Android phones...

Samsung Internet is, surprisingly, faster and smoother than Chrome. They have really optimized it.

Or rather, Google Chrome is extremely slow on Android/ARM: https://meta.discourse.org/t/the-state-of-javascript-on-andr...

If you're rooted, AdAway is fantastic as it not only blocks browser ads, but in-app ads as well.

Firefox on Android with uBlock Origin.

uBlock Origin works well on Firefox IIRC. Alternatively, you could block apps system-wide.

I'm using Blockr on iOS. It also blocks those cookie warnings! http://blockr-app.com

On iOS, using Weblock and Purify in tandem gives you two distinct methods of ad blocking. Albeit, the more powerful blocker is WiFi only.

I use Crystal for iOS.. Works perfectly.

Ghostery on Firefox.

Ghostery like protection is already built in. There is no menu option for normal browsing mode but you can turn it on in about:config. Set privacy.trackingprotection.enabled to true.

uBlock Origin is nice on Firefox for Android

I just user the Ghostery browser. Is there any benefit to using Firefox?

Firefox on Android has full extension support, so you can install things like Self-Destructing Cookies and HTTPS Everywhere as well.

you can use adblock as a proxy and connect to your wifi through said proxy

I suppose this means dropping it altogether (like from Chrome) can't be too far away.

My only regret with that would be that we use flash as a way to allow one-button copy to the clipboard (using this http://zeroclipboard.org/).

We had tried non-flash solutions, but none of them worked.

This sounds like it might work https://clipboardjs.com/, so I guess I'll be adding a backlog item to look at it.

This is a pretty common use case for Flash. There's a clipboard API of some sort now: http://caniuse.com/#feat=clipboard

There is a ZeroClipboard feature request to use the HTML5 Clipboard APIs, where available, and seamlessly fall back to Flash elsewhere. Hallvord R. M. Steen, editor of the W3C Clipboard API spec, started working on it here:


re: dropping [flash] from Chrome -

NOOOOO this is what Chrome is for! The only flash I have is the built in to chrome flash.

I also do this. Firefox is my primary browser but I have Chrome installed solely to view flash-based video sites.

I think I'm missing something. Why not just install the Flash player from Adobe?

I'm not the person you asked, but here's my reasons.

I'm on Linux and there no longer is a supported version of Flash by Adobe. (Apparently there is some NPAPI to Pepper bridge though, to get Chrome's Flash working in other browsers.)

I already uninstalled before that, because I wanted to force HTML5 for sites that dynamically switch between Flash and HTML5 and because I wanted to nudge more sites to support HTML5 by boosting the stats of people who don't have Flash installed.

> I'm on Linux and there no longer is a supported version of Flash by Adobe

I'm using Firefox on Ubuntu with Flash (flashplugin-installer) and it's still receiving updates. It's an older version, but it has been working fine with every Flash site I've visited so far.

Yes, looks like I was misinformed there. While there are no more feature updates, security issues will continue to be released for about another year. (If I'm piecing the information here together correctly https://www.adobe.com/devnet/flashplatform/whitepapers/roadm... https://helpx.adobe.com/flash-player/release-note/release-no...)

Not from my experience. There's quite a few sites that require a newer flash player, so it's either Google's PPAPI Flash or Windows.

I think everyone got most of my reasons covered below, but here they are: no need to manage updates, smaller security surface, battery life, fan noise. I typically browse with Firefox Nightly, and without flash installed globally I get HTML5 or whatever a site wants to offer me if I don't advertise flash compatibility. If I hit some must-have flash I have a key combo that opens the current tab in Chrome.

Historically, it's tended to have had far more zero day exploits than the web browsers themselves. removing Flash removes a huge attack surface, and 95% of the time you don't need it.

I don't have flash installed (usually using Safari and Firefox) and have to jump over to Chrome to use a site maybe once or twice a week, which is more than acceptable given the insecurity of Flash.

I really don't like flash. It's full of security holes and its primary uses annoy the living hell out of me. So I only use a browser that has it when it's on my terms.

Then you enter the toxic hellstew of Flash Player updates.

don't need to install. Now its default in browser

Not in Firefox, and the GP said they're only keeping Chrome around for Flash.

I'm not going to cry rivers over this, but yeah, the only reason I have Chrome installed is for sites insisting on running flash stuff.

If Chrome stops supporting Flash I honestly have no need for it.

> I have Chrome installed is for sites insisting on running flash stuff

Same here, I use it for Facebook. But Facebook servers HTML5 video instead of Flash to Chrome. What a world!

An internal app we use at work requires an extension to do one button clipboard in Chrome and Firefox. And if you're using another browser, you're out of luck. I use it enough that I have the extension, but now the version we have and the extension it supports isn't "signed" in Firefox, so I have to make an about:config change.

This is all for a password manager.

We use clipboard.js in our product, it was the perfect replacement for flash copy. I highly recommend it, our users were none the wiser when we swapped it out.

I use that feature a lot, surely they can't all be Flash based.

Flash used to be the only thing that worked, cross-browser.

Chrome, I know for sure, changed their minds several times on whether they would allow it...security model thing, you could make it work only by tweaking some internal chrome setting.

The sales pitch at https://clipboardjs.com/ makes it sound like perhaps things have changed enough that a reasonable cross-browser solution is possible now.

One thing HTML5 lacks is the ability to combine all assets into one file. This makes Flash particularly handy for advertisements. Safari almost got there with its .Webarchive format, and Mozilla experimented with a file format but it didn't get anywhere.

Bundles might make sense, but one large blob that couldn't be parsed until it was finished loading would probably be a big step backward for responsiveness. Parallel downloads also help speed things up.

Another interesting idea for JS-heavy sites is server-side pre rendering (yes, having the server generate HTML like the good old bad days) like Ember FastBoot http://tomdale.net/2015/02/youre-missing-the-point-of-server...

Flash programs could start running before the whole things was downloaded. Hence custom loading bars on flash movies on Newgrounds.

HTML Imports basically give you bundling, at least for CSS, JS, markup, and things you can fit into data URLs. It'd be awesome to explore how HTML can serve as a better bundling format for ES2015 modules and generic files like video.

Isn't that mostly moot with HTTP 2.0 multiplexing?

Almost. Compressing all of the files into one archive often results in a smaller file overall. This might work a little differently with brotli, which uses a precomputed dictionary.

The advantage of keeping the files separate is that it allows for procedural rendering. Multiplexing gives this a boost by allowing your client to fetch a lot of files at the same time.

Couldn't you use inline scripts and styles with images specified as data uris?

Yes, I've used bundlers before which package the scripts and styles into a single HTML file.

Data URLs for large images are horribly space-inefficient.

Data URLs should be ~1.37x the size [0] of the original file (and generally, kept in the same format). Obviously, there are issues of caching, keeping the image loaded in memory, etc, but it shouldn't be all that bad. Esp. when you consider that ads are inefficient for a variety of other reasons.

[0] https://en.wikipedia.org/wiki/Base64#MIME

Right, I miscalculated, Base64 isn't as bad as I thought.

Once you gzip them they aren't bad.

We've been down the rabbit hole for a while now, and we've decided it's not so bad down here. Now we are browsing for curtains and a good rug to make the place feel more like home.

Google more or less invented the .adz file for that. It's a glorified zip file with a few naming conventions and a few other things. Many of the more common pieces of ad serving software support it.

This is from the perspective of the person who is uploading the ad, of course, not from the perspective of the browser that is downloading the ad later.

Another old format in that space is/was MHTML - a MIME document with all the resources needed for a webpage. https://en.wikipedia.org/wiki/MHTML

You could encode assets using "base64" and put everything in a single JS file. There may be a file size issue though, but I did that a few times (actually I did that with html files using data uris)

WARC has proven to be useful in web archiving contexts, I'd love to see browsers use it for good. http/2 is headed in a quite different direction already.

Doesn't seem like it would be very difficult to parse a zip file from a typed array (fetched with binary Xhr) and pull out images files, video files, etc. This has probably already been done but I can't find a project presently.

Silly question: Do people not use Click-to-play? I thought it was enabled in browsers by default now, or at least Firefox.

I do (even as a sometime Flash developer), but unfortunately it's not always practical. There are plenty of sites, including Vimeo embeds and Vine, which cover the SWF with an HTML element - making it impossible to right-click to play the SWF. So you end up disabling click-to-play just to see the video you wanted.

Firefox has had a top-of-the-page notification for click-to-play for a long time, making this a non-issue.

Chrome has an icon for this in the address bar. The only problem with this solution is you lose control of which elements you want to allow.

I think Firefox's top-of-page notification is just for Flash content that is not large enough for the inline "click to play" UI. It's pretty annoying, though, because it causes the whole page to shift down. Chrome's address bar icon sounds like a good alternative.

Does anyone know why Vimeo does that? I refuse to disable Flashblock to use Vimeo, and I don't understand how requiring me to do so would benefit them.

I use Chrome Canary, which doesn't have flash at all, and it seems that most sites automatically switch to HTML5.

Sometimes I'll go to a site in Safari or Chrome and and the flash won't play, but then I load it up in Canary and it works. I don't understand why those same sites don't just start with html5 if they already support it anyway.

Chrome Canary has Flash. Do you mean Chromium?

No I mean Chrome Canary. But I've messed with the settings in chrome://flags/ to disable it and enable default html5.

Back when I still have Flash installed, I turned off Firefox's Click-to-play because I was unable figure out how to have it on without something like a speech balloon's popping up in the upper left corner of the window every time I visit a page that wants to use Flash.

I have a low tolerance for distractions and for anything that resembles nagging.

How can they continue to allow "video ads built in flash"? Isn't a video flash just like any other .swf, that happens to use the NetConnection, NetStream and Video classes? Or will they supply the .swf part and the advertisers just the .flv/.mp4 part?

Also, what's to stop a "html5 ad" from inlining swfobject.js? They've fallen for malvertising before, so how could they not fall for an obfuscated swfobject.js? :)

This is because video ads use an obnoxious ad API called VPAID [1] that is mostly used to track viewability of video ads (which in turn conditions the billing event for advertisers). This is most effectively done with Flash and so 90% of video ads use Flash if given the opportunity.

[1] http://www.iab.net/guidelines/508676/digitalvideo/vsuite/vpa...

The NY Times' recent post about their transition from Flash to HTML5 video highlighted VPAID as one of their big challenges. It sounds like they had to pull the ad vendors, kicking and screaming, into the HTML5 world.


I think there's a lot of confusion in terminology here.

"html5 ad" may mean "videos in formats supported by html5 video tag"

"video ads built in flash" may mean ".flv in our own player", but also "we're going to unpack your .swf and strip anything apart from <run from frame 0>"

Also "From January 2nd next year, Flash ads won't run" does match up with "Google says that Flash video ads aren't included in the cull "at this time.""

The article is pretty confusing though...

This is great progress. Google being the biggest ad network and going with a complete ban is probably the only way to move things forward but glad to see it finally being done.

It sounds like great progress.......until you realize that Google uses Flash everywhere in their own APIs

Progress = forward movement towards something. This is still great progress, regardless of how much there is left to do. Chrome was even the first browser to stop playing lots of flash ads months ago.

I've never installed Flash since it was an ad on (or maybe I just disable it, I can't remember). It's ONLY used for ads these days. I avoid the few video sites that use it.

Nope. The Superbowl was streamed with Flash Player on CBS own website. Hulu still streams with Flash Player. Zynga and King use Flash player in all their multi-million dollar earning Flash games. It's not going anywhere.

> ... It's not going anywhere.


I haven't had the Flash plugin since 2012 and only a few couple of times I've encountered something I wanted to use which required Flash since when I stopped having Flash. In every case where Flash was required I simply Googled the relevant keywords and found what I was looking for provided by other non-Flash sites.

Twitch is the only thing keeping Flash on my system, and as soon as they make the switch to HTML5 video I'll be uninstalling it completely.

If you use Livestreamer and an IRC client, you can run Twitch streams outside your browser. That's what I've been doing - I haven't had flash installed since that cross-platform RCE bug late last year.

Add &html5 to the Twitch URL to force it to give you HTML5 instead of Flash.

Twitch has run over HTML5 for the better part of a year (maybe longer).

The controls and chat were upgraded to HTML5 last year but the video will not be converted from Flash to HTML5 until Q2 this year.

This was one of the major announcements made during CEO's keynote at TwitchCon. http://blog.twitch.tv/2015/09/twitchcon-2015-keynote-product...

OS X and iOS streams use HLS (append /hls to url) and you can get the html5 video in various ways (append &html5 or [1]).

[1] https://www.reddit.com/r/Kappa/comments/3l01q4/complete_twit...

Livestreamer works well for Twitch.

Surprised to see this in the news now. As an advertiser, we received notice from Google around July of 2015 that our flash ads will soon be disabled. Something like a month or two later the change went into effect.

I wonder if people may begin to go back to older browsers for surfing once ads have completely transitioned to HTML5 :-)

With people shifting their layouts over to Flexbox, relying on "box-sizing: border-box", "display: table-xxx" and friends, older browsers will mess up the layout beyond belief. IIRC some older browsers even failed to apply an entire CSS file if they couldn't parse a single rule - good luck with ::before, ::after, ::nth-child and friends.

CSS, unfortunately, isn't really backwards compatible unless you invest a LOT of effort into testing and development.

Good riddance. Those older browsers are also going to be full of unpatched security holes, and if websites don't work people will eventually quit using them.

Many recently updated websites of unicorns/startups look very bad or often completely unreadable on older browsers e.g. IE 9. Can they live without enterprise sales?

In Firefox you don't need to use an old version; just do it from about:config: media.autoplay.enable = false.

Just add a bookmark to kill iframes, then you just click the button to instantly remove any iframe adverts (which includes all of google's ads).

Why? This still allows the ad tracking and other malicious Javascript, and it still requires you to recognize that there are ads on the page. The cost in mental effort is significant; if you think it isn't, live completely ad free for a month or two to reset your tolerance.

Ad tracking uses cookies, not javascript, and isn't "malicious" as such. If you're worried about that, just disable cookies and/or javascript.

It depends on the tracking. They are far more advanced than simple cookies these days. Some do use javascript to load things and/or report back without resorting to easily-deletable cookies. Whether something qualifies as malicious or not is a matter of opinion. Imho any tracking attempt by unnamed third parties (ie without my say so) is evil.

For example, Chrome keeps Google analytics connections open for 4 minutes since the last request, even cross sites. This is a cookie less, IP less of uniquely identifying a user.

That is for analytics, not adverts. Google adverts only uses cookies to track users AFAIK.

I don't look at ads...that's remiss of me, as some ads probably contribute to my salary...

When I see a three column layout on a client's page, with the right column "blinking" I think, usually, that they're probably barely holding on...just from experience...

I beat them to this a loong time ago.

Good, and good riddance. The less Flash on the Internet, the better.

Anyone else see this and think "Why the hell didn't they do this years ago?". I was really surprised it was still allowed.

They should also bad video ads (including their own).

Ironically, one of the very few places I find Flash still used, that I miss it, is in Google Finance pages.

They're desperately wanting a rewrite.

Flash ads were a good way to target desktop office day time users for some conversion needs. Anyway had to go ..

I use firefox at the moment and do not have flash installed. In the rare occasion that I cannot view a video because I need flash I will fire up chrome to watch it.

Also, I use adblockers.. so I haven't seen a flash ad in ages.

Google does ads?

Honestly, it has been a very long while since I've seen ads. Adblock aside, my phone is so old that any significant ads effectively causes a crash, total non-responsive phone. So I still don't see them.

How do you think Google makes money if not ads?

How do you not get sarcasm?

Normally there's an element of humour

Just in time for the launch of AMP.

( What took you so long? James. )

The sentence that came across my head when i read the title.

* Quote from the 007 movie Spectre

Google main focus is ADS

ive been blocking flash since 2012. no biggie.


Flash is like DLLs. Enough said.

Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact