Privacy Settings

Flash can access media streams available to the local (client) computer, including data from any connected microphone and video camera. Flash can also store persistent information (files or other preference data) [Hack #44] locally via the SharedObject class (so-called local shared objects or LSOs). For details on the SharedObject class, see pages 760-768 in ActionScript for Flash MX: The Definitive Guide, by Colin Moock (O'Reilly), and Recipe 16.4?"Saving a Local Shared Object"?in the ActionScript Cookbook, by Joey Lott (O'Reilly).

The ability for a site to receive input from a microphone or camera attached to your computer or store information on your hard drive raises privacy and security issues. Therefore, the Flash Player must have the user's permission before it allows the SWF to do anything that may infringe on the user's privacy. Such permission is sought on a per-domain basis (the Flash Player 7 System.exactSettings property specifies whether to use superdomain or exact-domain matching rules when accessing local settings) via the Macromedia Flash Player Settings pop-up window shown in Figure 12-1.

Figure 12-1. The Flash Player Settings window
figs/flhk_1201.gif


This pop-up window appears atop the running SWF in several situations:


User interaction

The user can right-click (Windows) or figs/command.gif-click (Mac) on the SWF and select Settings from the context menu that appears.


As required by the content

The Flash Player displays the pop-up window if the running SWF attempts to access any feature that may compromise user privacy, unless the user has previously given permission for the domain and checked the Remember option.


Via ActionScript

Invoking System.showSettings(tab) where tab is 0, 1, 2, or 3 brings up the Settings panel with the corresponding tab open: Privacy (0), Local Storage (1), Microphone (2), or Camera (3). Omitting the tab argument opens the Settings panel to the last opened tab. You could, for example, add this feature as part of a button handler or before attempting to store local data.

The Settings dialog box has tabs that allow the user to manage settings for Privacy, Local Storage, Microphone, and Camera access. Additional Flash Player settings are available only via the Settings Manager on Macromedia's web site (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html).

Users can access the web-based Settings Manager by clicking the Advanced button on the Privacy tab of the Settings dialog box. Once at Macromedia's site, the user can configure global and domain-specific options regarding privacy, storage, security, and update notifications.


The following script shows the skeleton code to handle permissions for the default local microphone hardware. The other Flash features that require permission vary slightly in implementation but are very similar in overall technique.

The code assumes the presence of a dynamic, multiline text field with instance name myStatus. You will see best results if you test it in the browser using FilePublish PreviewDefault - (HTML) or by pressing F12.

function micPermission( ) {

  if (myMic.muted) {

    myStatus.text = "User denied permission.";

  } else {

    myStatus.text = "User gave permission.";

  }

}

// Create a Microphone object and attach it to the 

// current timeline.

var myMic:Microphone = Microphone.get( );

this.attachAudio(myMic);

// Check current microphone muted value

if (myMic.muted) {

  myMic.onStatus = micPermission;

  myStatus.text = "Either user will always deny access to the " +

    "microphone, or user is looking at the Microphone Settings panel " + 

    "and function micPermission( ) will soon run.";

} else {

  myStatus.text = "User has already given permission.";

}

Lines 10 and 11 set up the Microphone instance (note that although Flash allows you to select from a list of possible connected microphones, you are strongly advised to use the code shown, which selects the default microphone).

Flash assumes any hardware capable of having a microphone connected to it in fact has a microphone attached, and this includes each sound card Flash finds. On most computers, the default device is defined as such for a very good reason. It is the only one to have a microphone actually attached!

When you try to access the microphone using Microphone.get( ), Flash automatically opens the Settings panel if the user has not previously granted permission. If you prefer, you can invoke System.showSettings(2) to open the panel manually (for example, if you prefer to ask at the beginning of the application rather than waiting until the application tries to access the microphone). If the user has previously given permission to allow use of the microphone to your site, myMic.muted is false, the script displays the text "User has already given permission.", and the microphone is available to Flash. If myMic.muted is true, the user has either not yet allowed permission for your site to use the microphone or has set privacy permissions to always deny your site access. If appropriate, Flash displays the Settings panel, and the code waits to see if the user changes the permission.

Once the user closes the Settings panel, the function micPermission( ) is invoked and code will run depending on whether the muted property is true or false. If, however, the user has already denied permission during a previous visit to your site, you will not be given permission and micPermission( ) will never run (because no status change occurs). Your code will exit, displaying the message on lines 15-17 (which is all one long statement). You have the option to pester the user to give permission by forcing the Player Settings window to appear (using System.showSettings(2)), but it's better to give a brief message as to why nothing is happening and then let the user decide what to do next.