Porn Sites Feel Exposed by Flash, Get It on With HTML5

Pornhub has stopped delivering videos via Flash, largely due to security concerns.

|
Sep 7 2016, 10:34am

Image: Shutterstock

Soon, Google Chrome will phase out full support for Flash, meaning that, on most sites, users will have to manually activate the aging software if necessary. The move is largely for security reasons: Researchers regularly find dangerous vulnerabilities in Flash.

On Tuesday, porn site Pornhub said it would be ditching all Flash content from its site, opting instead for HTML5, the most recent version of the web language that offers more support for multimedia content. Since hackers have had a number of successes at compromising porn sites, it's notable that one of the largest is taking this step, albeit when Flash is already on its last legs.

"It was just a matter of time until we switched, as HTML5 is becoming the standard across platforms. Now makes the most sense as Google and Firefox are slowly pushing Flash support out of their browsers. Plus HTML5 has improved security, better power consumption and it's faster to load," Corey Price, vice president of Pornhub, told Motherboard in an email.

"All adult sites should make the transition to HTML5. Flash is nearly dead," he added.

"Contrary to some beliefs, these top adult sites are very concerned about their security"

In January, hackers took advantage of two Flash vulnerabilities to deploy malware on Windows machines, which, according to the Guardian, led Mozilla to disable Flash in its Firefox browser until users had updated to a current version. That same month, YouTube announced it would stop serving its videos via Flash for anyone using a modern browser.

The attacks keep coming. In June, Adobe patched a critical vulnerability in Flash that was being exploited in the wild, after fixing other issues in March, April and May of this year as well. In July, Adobe fixed a staggering 52 vulnerabilities in Flash.

At the time of writing, other porn sites including YouPorn, xHamster, and RedTube are all serving their content over Flash in a fully up-to-date Google Chrome browser. RedTube, which is an affiliate of Pornhub, is expected to make the switch in a few weeks, according to a company spokesperson. YouPorn and xHamster did not respond to a request for comment.

Read More: Hacking Team's Spyware Targeted Porn Sites' Visitors

"Support for new technologies is critical to stay ahead of the competition but also to keep up with new performance and security standards imposed by web browsers," Jérôme Segura, lead malware intelligence analyst at cybersecurity company Malwarebytes, told Motherboard in a Twitter message. "The Flash Player is very much like Windows XP in that its lifespan was extended way past its prime."

"Contrary to some beliefs, these top adult sites are very concerned about their security and spend considerable resources to keep malicious ads (malvertising) out and also invest in proactive research to secure their infrastructure," he added.

Pornhub was only serving Flash to a minority of its visitors. According to Pornhub spokesperson Chris Jackson, 70 percent of the company's traffic comes from mobile. However, Price said that, "This transition will affect close to 20 million daily visitors"—so still a relatively large number of users.

"We expect the transition to be seamless for our users. Our new player has been tested for several months on numerous browsers and platforms," he said.

Want more Motherboard in your life? Then sign up for our daily newsletter.