Facebook has joined a number of big web presences that are moving away from Flash, announcing on Friday that it’s switched to HTML5 for all its web videos.
That includes videos on News Feed, Pages and in its embedded video player.
This is not the ultimate death knell for Flash on Facebook, however.
Flash is going away for video, but it’s staying put in games.
Facebook Front End Engineer Daniel Baulig said in a post that Facebook will still work with Adobe to deliver “a reliable and secure Flash experience” for games.
But HTML5 has now supplanted Flash for video in all browsers by default, Baulig said.
The reason for the move, he said:
Moving to HTML5 best enables us to continue to innovate quickly and at scale, given Facebook’s large size and complex needs.
This isn’t surprising.
Soon after Facebook’s Chief Security Officer, Alex Stamos, joined the company in June, he declared that it was time to end-of-life Flash.
Specifically, he tweeted that…
It is time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.
Though Flash has seen its share of zero-days reported and exploited, including several extracted from the detritus of the breach at security company Hacking Team, Facebook didn’t mention security as a reason for switching its videos to HTML5.
What Baulig did mention as benefits of HTML5:
- Developmental velocity. Baulig said that web technologies allow Facebook to tap into what he called the “excellent tooling” that exists in browsers, among the open source community, and at Facebook in general. Freedom from recompiling code and being able to apply changes directly in the browser allow Facebook to move fast, he said.
- Testability. Baulig said that Facebook has an “excellent testing infrastructure”. By moving to HTML5 video, it can take advantage of the infrastructure’s web tools, like Jest (for “painless” Javascript unit testing) and WebDriver (for automating the testing of web applications and verifying that they work as expected).
- Accessibility. Baulig credits HTML5 with making it possible for Facebook to build a player that’s fully accessible to screen readers and keyboard input. Facebook can also leverage HTML5’s accessibility tools to make it easier for people with visual impairments to use its products.
What HTML5 did not do: work without a hitch. At least, not without a lot of tweaking, Baulig said.
After a lot of work to iron out browser bugs, getting the logging right, working out what turned out to be worse performance in older browsers, and overcoming a slowdown in how quickly ‘s site Facebook was loading, Facebook’s finally reached a level where it felt happy with its HTML5 switch, Baulig said.
Make that very happy:
Videos now start playing faster. People like, comment, and share more on videos after the switch, and users have been reporting fewer bugs. People appear to be spending more time with video because of it.
Facebook moved to HTML5 for newer browsers some time ago. But at this point, it’s all HTML5 for all browsers, all the time, for all your Facebook video needs.
After a good deal of work, Facebook has gotten to the point where it doesn’t need Flash for video. We should point out, as we have in the past, that neither do we.
We recommend turning it off – that’s actually number 7 in our list of advent tips.
Granted, some of us may find it difficult to entirely cut out Flash, given that some sites still depend on the technology.
But we recommend at least turning Flash off by default and enabling it on a case-by-case basis, as a way to reduce your browser’s attack surface.
Browser vulnerabilities existed before Flash, and others will exist after it’s gone, but turning it off is easy enough, and it’s worthwhile, given the bang for the security buck.
At any rate, YouTube already switched, Facebook’s now abandoned Flash for video (and will presumably abandon it at some point for games as well, given Stamos’s earlier remarks), and the BBC’s testing an HTML5 alternative for its iPlayer.
With those big web presences moving off Flash, people will find it even easier to live without it in 2016.
The wind is blowing in one direction.
It may not be only for security reasons, but we’ll all be a bit more secure because of it.
Image of Facebook.com in browser courtesy of Pan Xunbin / Shutterstock.com
R. Dale Barrow
I saw “a reliable and secure Flash experience”, snorted coffee out my nose, and then saw the scare quotes. Thanks a lot!