25 July, 2008 - 17:05 — Keith
Did you know that your camera enabled computer can spy on you? Did you know that by watching that video or playing that cute game you may be allowing a site to watch you? Did you know that YouTube (via s.ytimg.com) seems to be one such site?
Lean how stop this here.
What was odd was that a couple of commenters noted that they had seen a warning about the s.ytimg.com attempting to access their camera and microphones, which is more than a little disturbing.
Believe it or not this is real, and is actually a feature of the Flash Player, although it can be turned off (as another commenter noted).
Quite why anyone thought that this wold be a good thing to add into a browser component is beyond me; browsers should browse, they should not attempt to do video conferencing. That is what Skype is for.
Congratulations, you have just prevented any flash from that site from accessing your camera and microphone.
The only problem with the above method is that it is site specific - you have only prevented that individual site from accessing your camera and microphone. You may not be protected from other sites, to say nothing of any flash based advertising (an ever increasing annoyance) that you may happen upon anywhere.
To truly protect yourself you need to change your Flash Player's global settings, a straightforward but seemingly well hidden capability.
I do not know why Macromedia (now Adobe) failed to include an obvious method to change the players global settings, but I am forced to speculate that they simply did not want most people changing them. If true then that would be an insidious decision almost as bad as including "hidden" microphone and camera access in the first place.
That said, the global settings can be changed via a simple three step process:
This web page allows you to change the global settings of your individual Flash Player, it is not a page that controls Flash Players everywhere.
The relevant portion of the page is shown below:
That's it, you should now be OK... well from the Flash Player anyway.
Lean how stop this here.
Background
A few weeks ago I posted an article on cookies from an odd site (s.ytimg.com) turning up on pages that were normally OK. It turned out to be a YouTube helper, and that the cookies were needed (at the time anyway) to help play the flash video correctly.What was odd was that a couple of commenters noted that they had seen a warning about the s.ytimg.com attempting to access their camera and microphones, which is more than a little disturbing. Believe it or not this is real, and is actually a feature of the Flash Player, although it can be turned off (as another commenter noted).
Quite why anyone thought that this wold be a good thing to add into a browser component is beyond me; browsers should browse, they should not attempt to do video conferencing. That is what Skype is for.
How to Turn Camera & Microphone Access Off - For a site (like s.ytimg.com)
Turning off microphone and camera access is actually an easy four step process, as follows:Step 1
Point your bowser at a flash video on a site you are concerned about (such as YouTube) and right click on the video's timeline bar. As shown in the picture below: Step 2
Select "Settings", this will bring up the Flash Player's settings. As shown in the picture below: Step 3
Click on the privacy tab, that is the one where the computer has a big eye watching you (ironic, don't you think?), and make sure the settings are set to "Deny" and "Remember". As shown in the following picture: Step 4
Click "close".Congratulations, you have just prevented any flash from that site from accessing your camera and microphone.
The only problem with the above method is that it is site specific - you have only prevented that individual site from accessing your camera and microphone. You may not be protected from other sites, to say nothing of any flash based advertising (an ever increasing annoyance) that you may happen upon anywhere.
To truly protect yourself you need to change your Flash Player's global settings, a straightforward but seemingly well hidden capability.
How to Turn Camera & Microphone Access Off - For all sites
Unfortunately there is no obvious way to change your Flash Player's global settings, there is no control panel, no "Global Settings" button, and no preferences menu for it in your browser.I do not know why Macromedia (now Adobe) failed to include an obvious method to change the players global settings, but I am forced to speculate that they simply did not want most people changing them. If true then that would be an insidious decision almost as bad as including "hidden" microphone and camera access in the first place.
That said, the global settings can be changed via a simple three step process:
Step 1
Point your browser at MacroMedia's (now Adobe) settings manager, as follows:This web page allows you to change the global settings of your individual Flash Player, it is not a page that controls Flash Players everywhere.
The relevant portion of the page is shown below:
Step 2
Click on "Always deny...". You will see a confirmation dialog, as shown below: Step 3
Click on "Confirm".That's it, you should now be OK... well from the Flash Player anyway.
Bookmark/Search this post with:
Delicious
Digg
StumbleUpon
Reddit
Technorati  | Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Share Alike 2.0 UK: England & Wales License. |
| NOTICE: | NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION |
Comments
Flahs using webcam
I have been being hacked by
ADOBE/GOOGLE/ETC SPYING...............
Umm.... No?
Secondly - What on earth do you think Youtube would have to gain by 'SPYING' on people staring into a webcam. Webcam's are rarely, pointed at keyboards, therefore its not likely they could capture someones passwords, credit card details (unless you make a habit of holding your credit card infront of your webcam, in which case, RETARD YOU. Lol)
To be bluntly honest, if they really wanted to spy on you, they could capture you're password on registration, forward it to their e-mail, and then go check your e-mail inbox for paypal details etc. It would be a lot easier than 'Accessing the Webcam'.
The only thing they would probably see, when Spying, is some ugly 14 year old kid staring at the camera, picking his nose.
There are alot of people in the world, and quite a few of them have greater technical and legal knowledge than myself and everyone else on this blog, although, I seem to be king of the hill when it comes to common sense at the moment.
If YOUTUBE were doing what you claimed, they would be closed down, and have lawsuits filed against them by internet providers, users and probably face some conspiracy to commit fraud charges.
As for what the Flash Prompt means,
Basically, when you log into Youtube, and visit the page for uploads, and choose to upload from your web cam, Youtube messages your browser, specifically the flash/shockwave plugin, and asks it to ask you if it can access your camera.
You always have the choice of saying YES or NO.
There is absolutly nothing seedy, or untrustworthy about this, Since it never hides its intentions.
Note - Selecting YES, grants permission for it to Access your camera, but it in no way means that it IS going to access your camera.
I could grant access via that prompt, to a website to access my camera, and voila..... hey... my Webcam light has not turned on/powered up. (macbook - it powers up on its own)
When your camera IS in use, they usually, have some sort of visual indicator to indicate it is powered up.
Youtube only accesses your camera, with permission, and when you are uploading video directly to the site.
Also another note - s.ytimg.com
This is the domain name that background images on peoples profiles are stored on. If you are seeing this domain coming up in cookies, or coming up as referrers or whatever, its due to the fact that either someones youtube profile is using a background image or video, from your myspace or whatever site.
You can check it yourself, right click on someones youtube profile, someone who has a background image, and view source.
All in all - Youtube spying on you?
------ No...
Show me proof that video is being uploaded, and stored on a remote server, then I will believe you, heck if you prove it very convincingly, I might even start the law suit off.
[QUOTE]
Quite why anyone thought that this wold be a good thing to add into a browser component is beyond me; browsers should browse, they should not attempt to do video conferencing
[/QUOTE]
OMG - In that case, FARMERS should Farm, and not have social Lives. Lol
I guess that means that every Social Networking site, that offers video chat, voice chat, or even Online Games, should only play, not do silly features like voice chat, cause thats what team speak is for.
[quote]
Spy in the net? Adobe is the enemy
[/quote]
Yeah - You lead the rebellion, and we will all stop using Adobe Products. Everyone uninstall their Flash Players please. O.O Oh Oh.... No Flash Player = No Youtube.
[quote]
Talking about spies...Do you know how to rid your site of a "bot"? Our myspace and our main web site, plus possibly others have been attacked with a robot.
[/quote]
Some Bots = Good
Some Bots = Bad
Good Bots = GoogleBot and other such spider/web crawlers. They go into a website, capture every single link, and href, and e-mail address etc, and add it to the search engines keywords list. Meaning, once the bot has been on a page, a day or so later, it should appear on google.
Bad Bots = Junk Mailers etc. These web crawl web pages, capturing e-mail addresses, and save them to a database, and then e-mail those e-mail addresses things like links to viagra, diet pills, viruses, etc. There is no way to stop these type of Bots, except for making your site/page private, in which case, only people who you grant access to, can access the page.
[quote]
Next you should post a way to completely remove the google and ask toolbars, which are obviously both "legit" corporate spyware.
[/quote]
Clearly Google and Ask.com dont like you, because Im able to opt out of installing these addons, and disable them when ever I want if they are installed, via tools menu > manage addons (IE7)
Thanks a lot
Flash 10 on Linux
Good luck.
Post
it is very interesting and useful, I always wonder what the hell "s.ytimg.com" was when I watched that string in the status bar.
Could I translate in italian and post on my blog, of course I will quote you.
My blog speak mainly of brasil but sometimes even of IT and th WEB
Thank you
Bye
Antonello
Sure thing.
now myspace and youtube don't work at all for me
Interesting.
At a guess I'd say that MySpace has a javascript optimisation cache (they are really common - I also have one set-up on this site) to improve page load times, and that it includes references to s.ytimg.com. The problem is that if the cached javascript should abort for some reason then you might not get any of the script running in your browser, which could make the page look very odd indeed.
I'm not a MySpace user so I am just speculating, but it seems reasonable.
For what it is worth I don't block s.ytimg.com, but I do have Firefox setup to only give it session cookies. I actually posted about this a while back: http://www.keiths-place.com/blogs/keith/2008/sytimgcom-wants-set-a-cooki...
Let me know if you need instructions on how to do this.
s.ytimg.com spiracy (my word for Spy and Piracy Invasion)
It first appeared on iGoogle homepage and the You Tube Video window. These are both operated and owned by Google.Inc, which is an international corporated company and very wealthy.
Use Adblock Plus and rid the WWW of malicious and personal data collection. Thanks
Thank you for the great advice
Thanks again.
good info, thank you -
the only rationale that flashed through my mind was that scenario of the stolen laptop, where one was able to make use of that "feature" and record the perpetrators (thieves), directly resulting in capture and prosecution. The exception rather than the rule for sure, but one that makes one say yay, rather than boo.
it's good to keep a watchful eye ( ; on these developments, thanks -
This You Tube Trouble hit me too
I got a bizarre message saying
"Adobe Flash Player has stopped a potentially unsafe operation!
The following local application on your computer or network:
/Users/me/desktop/march09/movies.html
Is trying to communicate with this Internet-enabled location:
s.ytimg.com"
Very scary.
I hit OK and then settings and it went away.
I sure dont want my app to communicate with this creepy site.
And Im using a Mac! We hopefully are safe, and Im firewalled, but this makes me nervous.
Thank you for having this info on the web, now I know Im not the only one with the problem.
I think from now on, Iwill bypass YouTube and just put my movies up using QuickTime.
Newbie at this
Thank you soooooo much!!
My Youtube didn't worked for some days. the site used to load but the flash player didn't load. even the time line disapeared.
i searched for this f***ing s.ytimg and your blog was the first result.
now it works! thank you so much again!
nice greetz from germany!
Mon ;D
Obviously Adobe is not to be
And anyone wondering if GOOGLE has too much power? Remember when youtube didn't suck? When Google didn't own youtube yet?? Next you should post a way to completely remove the google and ask toolbars, which are obviously both "legit" corporate spyware.
RE:Obviously Adobe is not to be trusted
I get the feeling that Adobe is in league with poisonous villains such as IBM and this malicious use of exploitative software is a means to spy on the public as is cctv.
I have never liked and have always had a bad feeling about the parasitical company that calls itself Adobe.
Unfortunately you will probably find that there are no alternatives to theses parasitical programs that allow access to your mics and webcams.
It is interesting how they target their victims through free Internet game site (dubious) and other popular media such as forums. All these sites are used by children allowing theses spies to gain access to an incredible amount of private information in homes throughout the world.
I suggest you lookup ‘Digital Natives’ on the web it will give you a clear insight to what is going on. It is a government funded project courtesy of your tax/protection money/extortion fee.
It is for criminal purposes that this ‘Exploit’ is here so I will suggest you keep your eyes wide open because there are shadows stalking us for real. Everyone is a target now, all you have to do is go through archives of the past 20 yrs and it is blatantly obvious - The nazis are active again.
I apologise for the sinister tone but I did not create it.
Alas this is the work of organised crime that hides behind a political front in our 'governments'.
Take a look at a movie called ‘They Live’…
For one it is a funny movie and it will makeup for me making you feel miserable two it has appoint and three it is cheap.
s.ytimg.com
Bots used for spying too...
Talking about spies...Do you know how to rid your site of a "bot"? Our myspace and our main web site, plus possibly others have been attacked with a robot. The IP that we think developed the bot starts with 38. It is a company out of Washington DC that has clients as big as Johnson and Johnson, Dell, etc. Check out our alert on our website...
http://www.myspace.com/thevigilantespunk. Our visits to site went from 100 per day to 5. A lot of other crap is going on too. Curious if you know anyone else is experiencing this problem.
RE - Bots used for spying too
You can find it at:
http://www.safer-networking.org/en/index.html
You must keep it up to date and press the immunise button, it is very important, after downloading the updates. It is easy to install and is easy to use ie you don't have to be a digital genius to work it.
I have been informed by a friend that is an "software engineer" that you should not have tool bars installed on your PC other than the one for your browser (Fire Fox is currently the safer browser) and always use caution with dubious companies such as Google or Yahoo or Adobé.
If some program insists that you have their “TOOLBAR” then you don’t want their product… it’s that simple.
You install this kind of software (toolbars) at your own risk so please always remember that…. “prevention is better than cure”.
Play safe.
¦:¬)
I agree, but...