Java and Flash are two of the most celebrated and reviled web technologies – they enabled active content on the early Internet, and both far outlived their useful, and insecure, lives. Now at last we have a sunset date for Flash. It’s longer than IT and security folks would like, and too soon for the web developers who are – still – deploying solutions that require it. Looking at you NHL.com.
I suspect that one of the key changes that’s enabling the sunset was the addition of DRM support into HTML. That change has not been without controversy, with the ‘information should be free’ crowd getting almost hyperbolic in their predictions of doom, and the content producers unhappy as they won’t have complete control over the entire lifecycle of their product. I find the former irrational (I’m a capitalist at heart), and the latter annoying (locked down clients are often sub-par).
I’m a content creator – some is free, like this blog, and some isn’t, like my books. And that’s the key point – it’s up to each content creator to decide their own business model. If we want the web to evolve to a more modern, secure, and capable platform, we need to incorporate support for both sides of the argument. DRM in HTML does that, and it’s far better to have it in the open standard, than to simply replace one locked-in proprietary technology like Flash with another.
Ok, enough of that tangent. Flash will still be around for another three years in one form or another. Businesses should immediately change procurement requirements to prohibit purchases or renewals of new solutions involving Flash (that should have been done a while ago). For consumers, you don’t need to wait – you can get rid of it right now, and you probably won’t miss it at all. Removal instructions for Windows: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html and Mac: https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html are at those links. If you do run across a site that requires it, use Google Chrome and its built-in support, but make sure you lock down all the privacy settings. Here’s a good overview: https://www.howtogeek.com/100361/how-to-optimize-google-chrome-for-maximum-privacy/
While I’d like to see Adobe’s last update to include a forced-uninstall as well – no sense leaving vulnerable, inactive code out there, the good news that Mozilla, Google and Microsoft are all planning to completely disable Flash once security patches are no longer available. Flash was an amazing technology that allowed the ‘net to grow and flourish. Let’s celebrate its successes, and wish it a fond – and long-overdue, fade into the sunset.