4.8.12

Stop YouTube (s.ytimg.com) Video Camera Spying | Keiths-Place

Stop YouTube (s.ytimg.com) Video Camera Spying | Keiths-Place



Did you know that your camera enabled computer can spy on you? Did you know that by watching that video or playing that cute game you may be allowing a site to watch you? Did you know that YouTube (via s.ytimg.com) seems to be one such site?
Lean how stop this here.
 

Background

A few weeks ago I posted an article on cookies from an odd site (s.ytimg.com) turning up on pages that were normally OK. It turned out to be a YouTube helper, and that the cookies were needed (at the time anyway) to help play the flash video correctly.
Flash camera accessWhat was odd was that a couple of commenters noted that they had seen a warning about the s.ytimg.com attempting to access their camera and microphones, which is more than a little disturbing.
Believe it or not this is real, and is actually a feature of the Flash Player, although it can be turned off (as another commenter noted).
Quite why anyone thought that this wold be a good thing to add into a browser component is beyond me; browsers should browse, they should not attempt to do video conferencing. That is what Skype is for.
 

How to Turn Camera & Microphone Access Off - For a site (like s.ytimg.com)

Turning off microphone and camera access is actually an easy four step process, as follows:
 

Step 1

Point your bowser at a flash video on a site you are concerned about (such as YouTube) and right click on the video's timeline bar. As shown in the picture below:
Flash settings menu
 

Step 2

Select "Settings", this will bring up the Flash Player's settings. As shown in the picture below:
Flash settings dialog
 

Step 3

Click on the privacy tab, that is the one where the computer has a big eye watching you (ironic, don't you think?), and make sure the settings are set to "Deny" and "Remember". As shown in the following picture:
Flash privacy settings
 

Step 4

Click "close".
 
Congratulations, you have just prevented any flash from that site from accessing your camera and microphone.
The only problem with the above method is that it is site specific - you have only prevented that individual site from accessing your camera and microphone. You may not be protected from other sites, to say nothing of any flash based advertising (an ever increasing annoyance) that you may happen upon anywhere.
To truly protect yourself you need to change your Flash Player's global settings, a straightforward but seemingly well hidden capability.
 

How to Turn Camera & Microphone Access Off - For all sites

Unfortunately there is no obvious way to change your Flash Player's global settings, there is no control panel, no "Global Settings" button, and no preferences menu for it in your browser.
I do not know why Macromedia (now Adobe) failed to include an obvious method to change the players global settings, but I am forced to speculate that they simply did not want most people changing them. If true then that would be an insidious decision almost as bad as including "hidden" microphone and camera access in the first place.
That said, the global settings can be changed via a simple three step process:
 

Step 1

Point your browser at MacroMedia's (now Adobe) settings manager, as follows:
 
This web page allows you to change the global settings of your individual Flash Player, it is not a page that controls Flash Players everywhere.
The relevant portion of the page is shown below:
Flash global settings
 

Step 2

Click on "Always deny...". You will see a confirmation dialog, as shown below:
Flash global settings confirmation
 

Step 3

Click on "Confirm".

That's it, you should now be OK... well from the Flash Player anyway.

Comments


Flahs using webcam

Webcam in flash is for webcam games and to demonstrate products using augmented reality.

I have been being hacked by

I have been being hacked by Turkish punks. I have youtube feeds on my site. Can they get in here?

ADOBE/GOOGLE/ETC SPYING...............

SUGGESTION: WHY DON'T YOU DISABLE YOUR WEBCAM AND MICROPHONE IN THE HARDWARE SETTINGS ON YOUR OWN MACHINE....AND STOP COMPLAINING! PERHAPS YOU JUST FIND IT EASIER TO BE PARANOID THAN PRO-ACTIVE.

Umm.... No?

Ok, first - The Flash Camera Access prompt is well worded, conceise, and makes no attempt to access your camera in the background. Its called a Prompt because, it does just that, it Prompts you, asking you if you mind if we can have access your camera. NOTE - Accessing Camera, and HAVING access to the camera are 2 completely different things.
Secondly - What on earth do you think Youtube would have to gain by 'SPYING' on people staring into a webcam. Webcam's are rarely, pointed at keyboards, therefore its not likely they could capture someones passwords, credit card details (unless you make a habit of holding your credit card infront of your webcam, in which case, RETARD YOU. Lol)
To be bluntly honest, if they really wanted to spy on you, they could capture you're password on registration, forward it to their e-mail, and then go check your e-mail inbox for paypal details etc. It would be a lot easier than 'Accessing the Webcam'.
The only thing they would probably see, when Spying, is some ugly 14 year old kid staring at the camera, picking his nose.
There are alot of people in the world, and quite a few of them have greater technical and legal knowledge than myself and everyone else on this blog, although, I seem to be king of the hill when it comes to common sense at the moment.
If YOUTUBE were doing what you claimed, they would be closed down, and have lawsuits filed against them by internet providers, users and probably face some conspiracy to commit fraud charges.
As for what the Flash Prompt means,
Basically, when you log into Youtube, and visit the page for uploads, and choose to upload from your web cam, Youtube messages your browser, specifically the flash/shockwave plugin, and asks it to ask you if it can access your camera.
You always have the choice of saying YES or NO.
There is absolutly nothing seedy, or untrustworthy about this, Since it never hides its intentions.
Note - Selecting YES, grants permission for it to Access your camera, but it in no way means that it IS going to access your camera.
I could grant access via that prompt, to a website to access my camera, and voila..... hey... my Webcam light has not turned on/powered up. (macbook - it powers up on its own)
When your camera IS in use, they usually, have some sort of visual indicator to indicate it is powered up.
Youtube only accesses your camera, with permission, and when you are uploading video directly to the site.
Also another note - s.ytimg.com
This is the domain name that background images on peoples profiles are stored on. If you are seeing this domain coming up in cookies, or coming up as referrers or whatever, its due to the fact that either someones youtube profile is using a background image or video, from your myspace or whatever site.
You can check it yourself, right click on someones youtube profile, someone who has a background image, and view source.
All in all - Youtube spying on you?
------ No...
Show me proof that video is being uploaded, and stored on a remote server, then I will believe you, heck if you prove it very convincingly, I might even start the law suit off.
[QUOTE]
Quite why anyone thought that this wold be a good thing to add into a browser component is beyond me; browsers should browse, they should not attempt to do video conferencing
[/QUOTE]
OMG - In that case, FARMERS should Farm, and not have social Lives. Lol
I guess that means that every Social Networking site, that offers video chat, voice chat, or even Online Games, should only play, not do silly features like voice chat, cause thats what team speak is for.
[quote]
Spy in the net? Adobe is the enemy
[/quote]
Yeah - You lead the rebellion, and we will all stop using Adobe Products. Everyone uninstall their Flash Players please. O.O Oh Oh.... No Flash Player = No Youtube.
[quote]
Talking about spies...Do you know how to rid your site of a "bot"? Our myspace and our main web site, plus possibly others have been attacked with a robot.
[/quote]
Some Bots = Good
Some Bots = Bad
Good Bots = GoogleBot and other such spider/web crawlers. They go into a website, capture every single link, and href, and e-mail address etc, and add it to the search engines keywords list. Meaning, once the bot has been on a page, a day or so later, it should appear on google.
Bad Bots = Junk Mailers etc. These web crawl web pages, capturing e-mail addresses, and save them to a database, and then e-mail those e-mail addresses things like links to viagra, diet pills, viruses, etc. There is no way to stop these type of Bots, except for making your site/page private, in which case, only people who you grant access to, can access the page.
[quote]
Next you should post a way to completely remove the google and ask toolbars, which are obviously both "legit" corporate spyware.
[/quote]
Clearly Google and Ask.com dont like you, because Im able to opt out of installing these addons, and disable them when ever I want if they are installed, via tools menu > manage addons (IE7)

Thanks a lot

Thanks a lot

Flash 10 on Linux

Strange, my Flash plugin for Firefox on Mandriva shows DENY by default. This is on an Acer Extensa with built in Crystal Eye web camera. I'm running Flash 10 and FireFox has both Ad Blocker and No Script installed. However, DO NOT tell No Script to block ytimg.com or you will see nothing but a JavaScript error.
Good luck.

Post

Hi,
it is very interesting and useful, I always wonder what the hell "s.ytimg.com" was when I watched that string in the status bar.
Could I translate in italian and post on my blog, of course I will quote you.
My blog speak mainly of brasil but sometimes even of IT and th WEB
Thank you
Bye
Antonello

Sure thing.

Sure thing.

now myspace and youtube don't work at all for me

after doing the search on this issue I got pointed to this page. I read the comments and how to turn adobe off on settings. I did this and did the adobe settings manager for all sites thing. And I even went into my wireless router and entered s.ytimg.com as an address to block. I updated spybot and ran it to get rid of any excess. And ever since I did all of this my myspace page no longer comes up like it normally would. Now everything is like your generic index page you'd see if you were building the site. Even with youtube and it no longer permits me to view their videos there. I find it odd after I blocked the site through my wireless router that myspace stopped working properly unless myspace is owned by google as well.

Interesting.

Interesting.
At a guess I'd say that MySpace has a javascript optimisation cache (they are really common - I also have one set-up on this site) to improve page load times, and that it includes references to s.ytimg.com. The problem is that if the cached javascript should abort for some reason then you might not get any of the script running in your browser, which could make the page look very odd indeed.
I'm not a MySpace user so I am just speculating, but it seems reasonable.
For what it is worth I don't block s.ytimg.com, but I do have Firefox setup to only give it session cookies. I actually posted about this a while back: http://www.keiths-place.com/blogs/keith/2008/sytimgcom-wants-set-a-cooki...
Let me know if you need instructions on how to do this.

s.ytimg.com spiracy (my word for Spy and Piracy Invasion)

The subject title is strictly another Google Inc. spyware and piracy invasion of Internet browsing. If you use Adblock Plus (Internet adware Blocker software) which is a free download and install it , it will tell you everything about the page you are using, including any backqroung or hidden scripts (Java) that are running, as well as , any Adobe scripts (Adobe Flash Player). This will tell you what the program is doing and if you want to block it and use that Blocking Filter for future websites that you might see. I found the s.ytimg.com invasion about a month ago and alerted several anti-virus and anti-piracy sites of this spiracy.
It first appeared on iGoogle homepage and the You Tube Video window. These are both operated and owned by Google.Inc, which is an international corporated company and very wealthy.
Use Adblock Plus and rid the WWW of malicious and personal data collection. Thanks

Thank you for the great advice

Thanks so much for your clear and concise advice and guidance here. Although you're not a big fan of Google, I'm afraid that's how I found you!!! LOL
Thanks again.

good info, thank you -

those youtube, adobe decisions do make one wonder...
the only rationale that flashed through my mind was that scenario of the stolen laptop, where one was able to make use of that "feature" and record the perpetrators (thieves), directly resulting in capture and prosecution. The exception rather than the rule for sure, but one that makes one say yay, rather than boo.
it's good to keep a watchful eye ( ; on these developments, thanks -

This You Tube Trouble hit me too

I was working on a page and it had 2 of my uploaded to YouTube movies imbedded in it.
I got a bizarre message saying
"Adobe Flash Player has stopped a potentially unsafe operation!
The following local application on your computer or network:
/Users/me/desktop/march09/movies.html
Is trying to communicate with this Internet-enabled location:
s.ytimg.com"
Very scary.
I hit OK and then settings and it went away.
I sure dont want my app to communicate with this creepy site.
And Im using a Mac! We hopefully are safe, and Im firewalled, but this makes me nervous.
Thank you for having this info on the web, now I know Im not the only one with the problem.
I think from now on, Iwill bypass YouTube and just put my movies up using QuickTime.
Newbie at this

Thank you soooooo much!!

Thank you so much for adding this!
My Youtube didn't worked for some days. the site used to load but the flash player didn't load. even the time line disapeared.
i searched for this f***ing s.ytimg and your blog was the first result.
now it works! thank you so much again!
nice greetz from germany!
Mon ;D

Obviously Adobe is not to be

Obviously Adobe is not to be trusted. I have always disliked them, as i often rummage my computer for random suspicious objects and almost always turn up something suspicious from adobe origins (that or it masks itself as adobe, something that is simply too easy for most malware and trojans). Is there a substitute to Adobe Flash?? Or is flash the new golden era of SHIT?
And anyone wondering if GOOGLE has too much power? Remember when youtube didn't suck? When Google didn't own youtube yet?? Next you should post a way to completely remove the google and ask toolbars, which are obviously both "legit" corporate spyware.

RE:Obviously Adobe is not to be trusted

Spy in the net? Adobe is the enemy.
I get the feeling that Adobe is in league with poisonous villains such as IBM and this malicious use of exploitative software is a means to spy on the public as is cctv.
I have never liked and have always had a bad feeling about the parasitical company that calls itself Adobe.
Unfortunately you will probably find that there are no alternatives to theses parasitical programs that allow access to your mics and webcams.
It is interesting how they target their victims through free Internet game site (dubious) and other popular media such as forums. All these sites are used by children allowing theses spies to gain access to an incredible amount of private information in homes throughout the world.
I suggest you lookup ‘Digital Natives’ on the web it will give you a clear insight to what is going on. It is a government funded project courtesy of your tax/protection money/extortion fee.
It is for criminal purposes that this ‘Exploit’ is here so I will suggest you keep your eyes wide open because there are shadows stalking us for real. Everyone is a target now, all you have to do is go through archives of the past 20 yrs and it is blatantly obvious - The nazis are active again.
I apologise for the sinister tone but I did not create it.
Alas this is the work of organised crime that hides behind a political front in our 'governments'.
Take a look at a movie called ‘They Live’…
For one it is a funny movie and it will makeup for me making you feel miserable two it has appoint and three it is cheap.

s.ytimg.com

Ever since s.ytimg.com started to appear (and it's only very recently) the service from youtube has been utter shite. Either long delays or nothing. Until they resolve the problem I'm viewing elsewhere.

Bots used for spying too...

Thanks for the help with spying with the microphone, etc. WE couldn't figure out why the s.ytimg.com was showing up all the time when going to our myspace, etc. Curious to whether the microphone can be turned on other ways too. We don't have a camera.
Talking about spies...Do you know how to rid your site of a "bot"? Our myspace and our main web site, plus possibly others have been attacked with a robot. The IP that we think developed the bot starts with 38. It is a company out of Washington DC that has clients as big as Johnson and Johnson, Dell, etc. Check out our alert on our website...
http://www.myspace.com/thevigilantespunk. Our visits to site went from 100 per day to 5. A lot of other crap is going on too. Curious if you know anyone else is experiencing this problem.

RE - Bots used for spying too

SPYBOT is free and efficient at stopping and scanning and destroying these jerks.
You can find it at:
http://www.safer-networking.org/en/index.html
You must keep it up to date and press the immunise button, it is very important, after downloading the updates. It is easy to install and is easy to use ie you don't have to be a digital genius to work it.
I have been informed by a friend that is an "software engineer" that you should not have tool bars installed on your PC other than the one for your browser (Fire Fox is currently the safer browser) and always use caution with dubious companies such as Google or Yahoo or Adobé.
If some program insists that you have their “TOOLBAR” then you don’t want their product… it’s that simple.
You install this kind of software (toolbars) at your own risk so please always remember that…. “prevention is better than cure”.
Play safe.
¦:¬)

I agree, but...

While I totally agree that browsers should browse, some people want their browser to be an all powerfull application suite. And I guess Adobe is pandering to that. At least the default for camera/mic access is "always ask", so you should be aware of it when it happens.

Creative Commons LicenseExcept where otherwise noted, content on this site is licensed under
a Creative Commons Attribution-Share Alike 2.0 UK: England & Wales License.
NOTICE:NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION