In the Depths of the Cloud, Open Source and Proprietary Leviathans Fight to the Death
Jono Bacon Asked Google Home ‘Who Founded Linux?’ You Won’t Believe What Happened Next!
Red Hat's Women in Open Source Award Winners, 2017
Imagine an Android Phone Without Linux Inside
Linus Torvalds Talks to Debian Users
Mozilla Relents, Thunderbird Can Stay
Heed the Prophet Stallman, oh Software Sinners!
September 25th, 2013

The Death of the Browser Plugin is a Good Thing

Oddly, the death of the browser plugin started with Microsoft. Now, the other two major players in the browser game seem to be in the process of saying goodbye as well, although it’ll be a long goodbye evidently.

Everybody’s reporting on this. Earlier this week we heard that Google is in the process of doing away with the NPAPI architecture, a Netscape relic. They’re not throwing it out the window just yet; they’re just making it a damn nuisance to use. Brad Chacos at PCWorld put it this way:

“Google announced that plug-ins using the uber-popular NPAPI architecture would be shifted to ‘click-to-play’ by default this coming January, rather than running automatically. Many top plug-ins use the technology, including Java, Silverlight, Unity, Google Earth, Google Talk, Facebook Video, RealPlayer, QuickTime, Shockwave, Windows Media Player and Adobe Reader prior to Adobe Reader X.”

Firefox brings "click to play" to browser plugins.“Click to play” means that every time a webpage wants to take advantage of a plugin, the user will have to click to give it permission. Eventually, Google hopes to replace the old architecture with PPAPI or the Pepper Plugin API, which supposedly fixes a lot of NPAPI’s problems, if they can get traction outside of Google which doesn’t seem likely at this juncture. The folks at Mozilla have already said, “Mozilla is not interested in or working on Pepper at this time.” That sounds like a “no” to me.

Mozilla and Firefox have announced they’re otherwise of a similar mind, however.

“Firefox is even less enamored with plug-ins. This week, click-to-play functionality arrived in Firefox Aurora, a preview build of the browser that will hit release status in mere weeks. As with Chrome, the new feature still allows you to use plug-ins, but you have to explicitly allow them to run.”

This morning on CNET, Stephen Shankland explained why:

“Mozilla’s move is a new step in a wider movement among browser makers to rid the Web of plug-ins, which were useful in a time when browsers rarely released new programming interfaces for new features. However, now plug-ins are viewed largely as security and stability risks, which is why Chrome will begin barring many plug-ins starting in January 2014 and Microsoft banished plug-ins from Internet Explorer running on the new Windows 8 interface. Like Mozilla and Google, Microsoft carved out an exception for Flash, but others–including Google Talk, Java, and Adobe Acrobat — will require permission.”

Yup. Unfortunately, for the time being Flash won’t be included in the mix and will continue to run out of the box. Yesterday, Benjamin Smedberg, the Firefox engineering manager for stability and plugins, explained why in a blog post:

“Flash content is so common on the Web, and many websites use ‘hidden’ Flash instances that the user does not see and cannot click on: making Flash click-to-play would be confusing for most users. Users with older versions of Flash that are known to be insecure will see the click-to-activate UI and will be prompted to upgrade to the latest version.”

I, for one, won’t be unhappy if the browser plugin goes entirely the way of the passenger pigeon. I’m tired of going to the plugin section of my browser and finding plugins that have been installed and activated without my permission, although I think this problem has been fixed in recent times. Oddly again, or maybe not, the worst player in this regard was or is Microsoft, the same folks who were the first to bar plugins from their browser.

I’m also tired of browser crashes on old hardware, caused by web designers who think it okay to ask a browser to use multiple plugins on a single page, eating up tons of memory in the process. I expect this problem to get better almost immediately. Surfers aren’t going to like being confronted with half a dozen click throughs every time they visit a webpage.

As for security, the vast majority of browser exploits these days involves a security vulnerability in a plugin.

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

5 comments to The Death of the Browser Plugin is a Good Thing