"Adobe Flash Player wants to access your computer."

[Mblaster]

Recently when trying to watch some shows on 4oD I'm getting the message from Chrome at the top of the screen "Adobe Flash Player on www.channel4.com wants to access your computer.", and giving a choice to allow or deny. Choosing deny causes an error in the player about DRM.

I've tried to search but not found much about this, does anyone know what access it's trying to request?

[carvedeye]

Codec on the computer perhaps?

[Saracen]

That's what's so disgraceful about the way so much software works in these "connected" days. So often, nearly all the time in fact, it comes down to whether you trust the company, because there are often legit reasons why access is needed, yet that same access, if granted, could be hugely abused. So .... do you trust that it won't be?

I do NOT!

[Thorsson]

OK, this is a Flash issue, not 4oD. It stores certain settings and requires you to say yes to this question. I've not seen anything to suggest it is used for nefarious activities.

[Saracen]

.... It stores certain settings and requires you to say yes to this question. I've not seen anything to suggest it is used for nefarious activities.

Me neither, but it could be used, or abused, and easily so. And it's not just about this specific issue, but about so much of how things are done these days, from hugely broad terms & conditions, to privacy statements that often amount to signing away and and all real expectation of privacy, to attempts at egregious copyright grabs over anything you post or host to your contact lists, to an Android permission system so wide open that you could not only drive a coach and horses through it, but you could sail an aircraft carrier through it.

And if you haven't seen that, then really, you can't have been looking.

If this seems off-topic in this thread, it really isn't. Look at the message Mblaster was taking about. Flash wants to "access" his computer, but utterly fails to indicate what "access" means. It could be anything from writing a small performance cookie to sucking his network dry and cloning it on a remote server.

How many people bother to read t&c's or privacy statements? Few, I bet, yet it's sometimes astounding what it turns out you've agreed to. As it happens, I'd regard Adobe as one of the more trustworthy companies. So are they up to anything nefarious? Probably not, at least in this situation. Which is why it comes down to trust, and unfortunately, as we've seen by the extent to which so many forms of outright illegality from online cons to phishing attacks, rely utterly on that trust, and lack of cautious scepticism, that people do things because they've got in the habit of doing them.

That's why I said this sort of thing was disgraceful. Adobe could have said "we need to place a cookie", or "we need to update a codec", or whatever, but what did they ask .... for permission to "access" your computer.

If I knocked on your door and asked for permission to"access" your computer, my bet is the answer would be somewhere between *bleep* off, and "what for"? And, of course, who the hell are you? But it wouldn't be "sure, do whatever you want", would it?

But if it's a bit of software, then as we haven't seen it do anything nefarious, it's alright then?

Hence, it's all about trust, which is the answer to Mblaster's question .... do you trust, in this case, Adobe?

[Mblaster]

I a mixture of curiosity and paranoia, I decided to run a HDD monitor (Disk Pulse) to see what files were accessed, as I assumed the access being requested would involve some kind of file operation.

The below shows the list of files accessed, starting right after I clicked Allow.

Code:

C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\gss.dat
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\gss.lkg
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\2971.tmp
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\2971.tmp
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Local State~RF4b2293a.TMP
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\2971.tmp
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Local State~RF4b2293a.TMP
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\2971.tmp
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\0\Flash_Player\-OhPvYAKNaopVSfii9bFsOTspfw=\sss.lkg
C:\Users\%USER%\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4095476410-4007890272-2945713077-1000\c74c6f795ada87022536668c055d2c0e_9da9ad74-9576-4d84-bbf0-b6f0702af973
C:\Users\%USER%\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4095476410-4007890272-2945713077-1000\c74c6f795ada87022536668c055d2c0e_9da9ad74-9576-4d84-bbf0-b6f0702af973
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3-journal
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Sync Data\SyncData.sqlite3-journal
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com\_ggMCvar_1.sxx
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com\_ggMCvar_1.sxx
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com\_ggMCvar_1.sol
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com\_ggMCvar_1.sxx
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com\_ggMCvar_1.sol
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com
C:\Users\%USER%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\8XCDB5JG\secure-uk.imrworldwide.com\_ggMCvar_1.sol

The first thing to raise suspicions is the domain "secure-uk.imrworldwide.com". I did a search around about this and basically they're a company that track your online activity in order to provide that information to advertisers.

I don't know if the request for access was directly related to this or not, but it seems quite clear that there is tracking software embedded within the 4oD video player...

It seems it's less about whether I trust Adobe, more about whether I trust Channel 4 and the companies they decide to partner with.

[Saracen]

One of the things thst is oh-so-commonly granted by agreeing to t&c's is the authority to use personal data for "marketing", and often not just by the outfit you gave permission to but anyone they choose to do business with, and that may or may not include simply selling it on.

This is why you may find you do a search on baby clothes, or carrycots, etc, for a friend, and lo and behold, you magically start getting junkmail, or junk email, from baby clothes and carry cot retailers.

People's attitudes to that vary. Most people don't like it much and would rather be left alone, but aren't that botnered, while others, like me, get the right hump with it.

None of us can protect privacy 100% in this day and age without going offline, probably off-grid, and more or less living in a cave, and only paying for things in cash. But we can go quite a way to cutting down the proliferation of this stuff, IF we're prepared to put up with some inconvenience in doing so.

One step is to do all in our power to avoid all this damn tracking. The methods for doing that are legion, and some are more of a pain than others. It's an individual choice as to whether it's worth it or not.

But one thing is perhaps worth remembering. If you don't mind the horribly mangled metaphor, getting the privacy genie back in the bottle is far harder than getting toothpaste back in the tube with one hand, while herding cats with the other.

Once you compromise your privacy, it's compromixed for eternity. Once these companies have added to your profile, it's done. Period. For all time. So while you might not think something matters now, if you change you mind tomorrow, next week or in 20 years time, tough.

And be aware, all this information can be aggregated. So company A builds up an apparently anonymous profile, and it may well end up blended with company's B though Y data. Then you do something that allows company Z to associate just one part of their data to your actual identity and if their computers can link that uniquely to just one item from A to Y, then you are linked to everything that previously was "anonymous".

Ultimately, what you browse for, what you order, what you download, what you watch on or upload/download to with any social media site, what books or magazines you read, what countries you travel to, what you do for a living, how much you earn, what you spend it on, and a vast array of other stuff besides, is going to end up being datamined 5, 25 or 50 years from now.

Should you care? Well, if you browse a few things on heart conditions, do you really want your insurance company wondering if you, or someone in your family, has heart problems and loading your life premiums on the off-chance?

If you think you might be worried in the future, don't let any more of your private data get onto these corporate databases now than you can help, because by the time you come to regret it getting out, it'll be way, WAY too late.

We cannot realistically stop it happening. We can try to minimise it, and slow it down. If we care.

[Chris4]

Hey guys,

I found this thread via Google when looking into the same Flash/4oD issue, so thought I'd contribute!

I use Ghostery Google Chrome extension, which tells you who is tracking you and allows you to block the trackers. From analysing this, I discovered 4oD requires only one tracker: Conviva, which "helps media companies and carriers increase revenue and improve their relationship with viewers by boosting minutes watched and providing real-time, per-user performance information that results in more profitable video businesses." So by the looks, they (hopefully) don't share information about you to advertisers, just how you watch the video. All good so far.

So with Conviva enabled and all other trackers disabled, the video plays fine. Disk Pulse (the application mentioned by Mblaster) tells me no information is being sent to "imrworldwide.com" or others, just "channel4.com" - perfect. To experiment, one-by-one I enabled the other trackers to see which one was causing the "imrworldwide.com" requests (as reported by Mblaster) and I found it to be Nielson NetRatings SiteCensus.

Another thing I noticed while experimenting was that 4oD will not let you watch it when in Chrome's Incognito mode (else you get an error)! I wasn't aware websites could detect when you were using this (which is at fault of Google really) but anyhow, I had to use a normal window. Incognito would have been great to temporarily save the trackers and wipe them after, as Incognito was designed for, but unfortunately they're smart and so a normal browser windows needs to be used.

So to conclude these findings, if you want to watch 4oD with absolute minimal tracking, without having to worry about clearing cookies (as suggested by PMSaracen) and other complications, block everything apart from Conviva with something like Ghostery and you should be good to go.

Chris

[md733406]

Hi,

I got this same message when attempting to watch march madness online. After reviewing this thread and getting worked up over 3rd party cookies (once again) I clicked "deny" to the message.

Funny enough, the video player worked regardless. It seems that the sole purpose of the "access your computer" permission is to inject 3rd party tracking cookies into your system. What fun!

cheers

[jimbouk]

Target ads, say no more...