Flash, Floating Ads And Hijacking Your Webcam

I haven’t had time to look at this closely, and humble apologies if this is old hat, but can pop-up ads hijack users’ web-cams and microphones?

I was surfing at a website called This Is London, when on one page a pop-up Flash ad appeared for Starbucks. I was using Mozilla Firefox 0.7 and it just would not disappear from right above the first few paragraphs of the piece I was trying to read. Like this:

I right clicked on it and got a menu option for Flash settings. When I clicked on that, this is what popped up (well this is another ad that appeared on the same page when I viewed it in another browser, but it’s pretty much the same apart from the website address):

The earlier website was for uk.tangozebra.com, which doesn’t resolve, but which I’m assuming is part of Tangozebra, a ‘leading online advertising and marketing solutions provider in the UK’. The other link, serving-sys.com, doesn’t resolve either but is registered to New York-based online advertising company Eyeblaster.com. You can repeat the trick of getting the above window to appear if you click on their floating ad example and then right click on the ad.

So what is going on? I realise I’m not the first to spot this kind of thing, and the innocent explanation is that it is a built in feature of Macromedia Flash, not some sinister part of the floating ad thing. (Here’s Macromedia’s take on this, which seems to be nearly two years old.) But if this has been the case for a while, why has it not been stopped? And what would happen if I did allow the Flash program to access my camera and microphone? And, lastly, why would the Starbucks ad not disappear until I clicked on it and allowed another window to pop up?

12. December 2004 by jeremy
Categories: E-commerce, Privacy | Tags: , , , , , , , , , , , | 2 comments

Comments (2)

  1. “can pop-up ads hijack users’ web-cams and microphones?”

    Not that I’ve seen… you have to make a conscious choice to allow your a/v to flow upstream. The default for all sites is to not allow any mic/cam access. You have to explicitly click in that permissions dialog to be able to transmit audio or video.

    I don’t recall any advertisers which request such permissions, and I haven’t yet seen any way for rogue sites to break past these barriers. Everything is always open to improvement, for sure, but the ability to have any cam transmit has been clear and safe for the past few years.

    If you did grant cam permissions for that particular ad on the ThisIsLondon site, then I don’t think anything would happen… I don’t recall any advertisements which have something on the back end to handle the a/v content. (Even if they did, you’d have to grant them access to your cam or mic first… takes two to tango.)

    I agree with you on those floating-DIV ads, though… whether they’re SWF or GIF, they need to get out of the way quickly. Have you dropped a note to the content site explaining how it affected your future decisions to visit…?

    Regards,
    John Dowdell
    Macromedia Support

  2. Hey i was just wondering….did you ever try clicking the “close” button for the starbucks pop-up that is in the top right corner under the “moto…” button??