Re: [Gnash] spyware buried in Flash movies

[strk]

On Fri, Jan 27, 2006 at 08:42:59AM +0100, Nicolas Cannasse wrote:
> Rob Savoye wrote:
> >While watching some debug messages fly by, I noticed this link that 
> >luckily was failing: http://mochibot.com. It turns out Mochibot is 
> >spyware for Flash movies. When a movie is played, their server is 
> >contacted, and they track who and where the movie is being played.
> >
> >Anyway, "elvis" is now clean. Sorry for not noticing earlier. I'll be 
> >careful when collecting test cases off the net... I imagine there are 
> >other companies embedding this sort of thing into Flash movies, but at 
> >least now I know to look for it.
> >
> >    - rob -
> 
> It's one of the possibilities of Flash of being able to connect to a 
> server and exchange data. You can't really do any serious application 
> without that. The difference between Spyware and this website is that 
> Spyware works for *everything* you're doing while this website can only 
> report you're visiting it (just like any hit counter BTW, or Apache logs 
> as well). But it can't know what you're visiting else.
> 
> Nicolas

Agreed, external resources loading is good stuff.
Nonetheless, allowing user to disable it is very nice.
Something like domain-based access policy would be excellent.

This would be like cookie managers and image blockers.

--strk; 

 +----------------------------------------+
 | Fight against software patents in EU!  |
 | www.ffii.org www.nosoftwarepatents.org |
 +----------------------------------------+