by Adobe

Adobe Flash Player


12 May 2011

Privacy is a somewhat subjective term. The American Heritage Dictionary defines privacy thus:
Privacy 1a. The quality or condition of being secluded from the presence or view of others. b. The state of being free from unsanctioned intrusion: a person's right to privacy. 2. The state of being concealed; secrecy.
While this definition adequately reinforces the nature of privacy as being protected, safe, and free from exploit or exposure, it doesn't make any assertions as to exactly what is protected. What one person may want kept private, another might not feel so strongly about.
Many will agree, however, that the most important information to be kept secret is that which can be used to exploit its owner in some fashion. Financial information and intellectual property are examples of this kind of information, and the web has become a global venue for the effort to protect users' privacy.
The goal of this article is to outline in detail the information that Adobe Flash Player makes available to Flash-based content.

Privacy and the web

The web continues to grow and offer increasingly more attractive, entertaining, productive, and engaging online experiences for hundreds of millions of people around the world. The unprecedented ease and speed by which we can access up-to-date information on the web—news, financial content, and the latest shopping bargains—draws us to spend more and more time on the web every day.
As the time people spend online increases, however, maintaining their privacy and keeping their computing environments safe and secure becomes more and more important. In the past few years, identity theft, fraud, credit card theft, and inappropriate information access has increased exponentially, putting web users at risk every time they go online.
The absolute best way to prevent an invasion of privacy while online is to simply not go online. If your computer were not connected to the Internet, it would be close to impossible for a would-be thief to access your personal information through the network. Unfortunately this is an impractical solution for most of us.
Unless they choose complete abstinence from the web, users are vulnerable. The burden of responsibility of ensuring the preservation of privacy then falls in two places—on the users themselves, and on the software that the user runs.

How does Adobe Flash Player preserve my privacy?

Adobe Flash Player provides very little information that would reveal anything about a particular user or his or her machine. In addition to the basic operating system and browser information provided by web browsers, Flash Player provides information about the multimedia capabilities of the machine.
Flash Player provides this information to help developers create experiences that work well for everyone. For example, if the creators of a classical music website can detect that a machine can't play sound, they might be able to let the user know why he or she can't hear any sound on the site.
Here's a summary of client machine information that Flash Player makes available to Flash-based content:
  • "User agent" string: Provides basic information about platform, operating system, and browser
  • System.capabilities ActionScript API: Provides information about the multimedia capabilities of the client
  • Camera and microphone access: Records streams of data from cameras and microphones (and is controlled by the users' settings)
User agent string
The user agent string describes basic information about the browser and the operating system that visitors to websites are using. Here's an example of the user agent string:
Mozilla/4.0 (compatible; IE 5.5; Windows 98)
Because different browsers and platforms render HTML content differently, authors can use the user agent string to deliver the most appropriate content for the best appearance. Every browser provides this information. Table 1 shows a breakdown of the information Flash Player provides compared to that which any web page provides.
Table 1. Comparison of information provided
Details Flash HTML
Operating system and version
Browser and version
Browser compatibility (for specialty browsers like AOL, WebTV)
System capabilities API
Developers use ActionScript to access additional information about the multimedia capabilities of the system. ActionScript provides this information because Flash Player affords content creators unique opportunities to leverage audio and graphics hardware. Content creators can leverage this information to provide a better experience to users who view their content.
Below is the information available about the multimedia capabilities of the machine. For details on the API methods and properties that let authors access this information, visit the ActionScript reference guide in the Flash or Flex help system:
  • Compatible screen reader software installed
  • Audio encoding/decoding capabilities
  • MP3 decoder
  • Attached printers
  • Aspect ratio of the display device
  • Color versus monochrome display device
  • Screen dots per inch (dpi)
  • Screen resolution
Camera and microphone access
Since Flash Player 6, Flash-based content supports recording from cameras and microphones if they are available on users' machines. This capability allows many interactive applications that facilitate communication such as video conferencing, video and voice chats, video and voice messaging, and more.
Flash Player by default always prompts users when the use of those devices is requested by Flash content. Additionally users can adjust their settings to always deny, allow, or prompt for such use when Flash Player requests it. Visit the Flash Player Settings Manager for more information on privacy settings.

What information does Adobe Flash Player not provide?

Flash Player keeps end users' information safe by only providing information that relates to the display and functioning of multimedia content on the web. The information that Flash Player can gather—either through the user agent string or through ActionScript—is general information about what type of machine, printer, or monitor a user has, not unique information about the user. In addition, users who want to participate in video or audio conferencing can control access to their cameras or microphones, opting to input data through them to Flash only when appropriate for chatting and messaging, or they can turn off camera and microphone access altogether.
Though far from complete, the following is a list of types of sensitive information that Flash Player cannot access or make available to Flash-based content:
  • Personal information about users, such as names, e-mail addresses, phone numbers, addresses, or anything that can be used to identify users or their locations
  • Financial information, such as credit card numbers, account numbers, financial history, balances, or spending preferences
By considering the privacy of Flash Player users, Adobe has worked to provide an environment that gives users not only a safe experience, but a great experience. Content authors can access the information they need to make sure that Flash-based content plays as well as possible on a wide array of machines, browsers, and monitors—and that content viewers can enjoy that content safely.