I played a small role in helping to break this story. I used a screen capturing utility for OS X called iShowU to grab the video from the Christian Embassy site.
Lambert emailed me via SteveAudio looking for a way to capture video from the Flash Movie on their site, since Flash Movies are embedded and impossible to download (as far as they know, anyway). Most interestingly, however, during the course of my poking and prodding of this little piece of Flash media, I was sincerely alarmed to see the phrase “Allow www.christianembassy.com to access your camera and microphone?” pop up when I checked the settings. There was no “FUCK NO!!!!1!1!” button, unfortunately.
When I searched for the phrase “Allow [blank] to access your camera and microphone,” google took me straight to Adobe/Macromedia’s site, under the heading “Can others use my webcam to spy on me?”
There’s a helpful paragraph there that says-
With the current Macromedia Flash Player, any site you visit can show you their own video, audio or other content. Ads and other applications that use the Flash Player cannot access your webcam without your explicit permission to do so. A privacy dialog window will appear whenever you encounter a Flash site that can make use of video and audio from your webcam. The Macromedia Flash Player Settings dialog window allows you to either deny or allow the application access to your camera and microphone.
That’s not a strong enough “No” for me. It just isn’t. My first question was “Is there any way to permanently disable this feature in Flash?” Current versions of the Flash Player for OS X have a check box that says “Remember,” but having had some experience as a Windows support technician and seeing DirectX and ActiveX controls exploited freely and cheerfully by malware authors, I am extremely wary of any program that allows remote eyes and ears to be opened in my home.
I am not the first person to notice this, naturally. Om Malik was just as creeped out as I am. He blogged about it and the someone named John Dowdell from Macromedia Support piped up in the comments to say “Now, now, girls… don’t get your panties in a wad. We’ve been doing this for a long time.”
I fail to find this at all reassuring. As an earlier commenter said:
Macromedia should put it in big, bold words during the install process that websites have the ability to remotely acess your A/V hardware and GIVE YOU THE OPTION TO PERMANENTLY SHUT THAT DOWN.
Some people may have a need for this, and power to them – but the vast majority of people don’t, and Macrodobe should really be upfront on this one, IMHO.
Alternately, make a version available with that functionality stripped out. I now have to go to a very high profile client of mine, someone who is EXTREMELY concerned about privacy (and justifiably so, btw, and that’s all you need to know about who and why) and say “I have some doubts about Flash Player and Adobe/Macromedia’s commitment to your privacy.”
There is no current Open Source alternative for Flash Player with a binary installer that runs on OS X. I am tempted to empty my PayPal account into Gnash‘s coffers in the hopes that an OS X binary will pop out soon.
I have to say, I can think of few creepier phrases than “Allow www.christianembassy.com to access your camera and microphone?”
In addition to what I hope will be a lively and informative debate in the comments, I would also be interested in your thoughts on similarly creepy phrases…