Mozilla Labs Add-On Provides Video and Audio Recording From the Browser

An anonymous reader writes "Mozilla Labs is working on an experimental add-on which enables video and audio recording in the browser. Anant Narayanan writes on the Mozilla Labs blog, 'The Rainbow add-on for Firefox is an early developer prototype that enables web developers to access local video and audio recording capabilities using just a few lines of JavaScript. The add-on generates files encoded in open formats: Theora (for video) and Vorbis (for audio) in an Ogg container. The resulting files are accessible in DOM using HTML5 File APIs, which may be used to upload them to a server.' Support for live streaming and WebM is planned for a future version of the add-on."

This should lead to some "interesting" malware.

[John Hasler]

n/t

Re:

[Anonymous Coward]

We've already got enough of that kind of malware - Flash already gives access to the microphone and webcam.

Re:This should lead to some "interesting" malware.

[Caerdwyn]

The sins of Flash are not forgiven by the sins of HTML5.

Re:

[Mitchell314]

You're one of those damn HTML5 lubbers, aren't you? \~

Re:

[Caerdwyn]

You're one of those damn HTML5 lubbers, aren't you? \~

Don't know yet, there's nothing to lub. Not much available in the real world to try with HTML5... ask again in two years. The lub may be hawt, or it may be like lub with a drunken frat boy (lots of tears and shortcomings and stains that won't wash out).

But the point stands: whether HTML5 is good or bad is pretty much irrelevant to the inarguable fact that Flash is a security mess. Even if HTML5 turns out to be even worse, that doesn't make the current state of affairs with Flash acceptable. Adobe needs to

Re:

[ThePromenader]

Yes, wait a couple years - not only will html 5 replace flash, but I'm hoping that we'll be able to do away with the notion of 'browser plugin' altogether. Why not have one application/protocol that can handle everything today's browser and all its plugins do, a browser that can access/transfer local files? Yep, there's quite a few security/platform issues to sort out there, but the work would be much more clear-cut if that were the ultimate goal.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[tepples]

Also Adobe doesn't care if you package their stuff with FOSS, or even try to cook up something like Gnash

Until two and a half years ago, Adobe did care. Around that time (keywords: Open Screen Project), Adobe dropped long-standing contractual restrictions on use of the SWF spec, but by then, Flash Player already had a huge head start over Gnash. And what video codecs does Gnash support?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[toriver]

Given that Flash is often used as a container for H.264 video, and HTML 5 video can use other codecs, I say you are delusional.

Re:

[icebraining]

Browsers already access and transfer local files. And plugins will always be required, because you can't bundle every little format viewer in-browser; I wouldn't want Google Earth support [google.com] embedded in my browser, for example.

I'm not sure what that end-goal you're thinking about.

Re:

[ThePromenader]

I wasn't very precise, was I? By 'file transfer' I mean having the same drag and drop functionality we enjoy in modern finders and applications (rather than the browser file-by-file manual selection we have to deal with today).

I do understand that not everyone wants to read pdf's in their browser, but let's at least cover the 'most common' basics - and perhaps have their availability controllable through the browser preferences. Yes, 'less common' file formats should remain plugin-dependable. I also think t

Re:

[icebraining]

But in the other post you talked about it as a distant goal, while it's already done or close.

Firefox 3.6 and Chrome have had drag and drop for months now [stackoverflow.com].

Support for video, audio and PDFs (Chrome only) is already there or close.

I also understand that there are quite a few security problems to solve before any of the above can happen. But shouldn't we already be preparing for the eventuality that our web-connected computers will one day be capable of this?

But that's the thing: it's not "one day", it's now o

Re:

[Stooshie]

About 5 years ago maybe. No-one can access files/hardware on your PC, in flash, without your permission. They can store cookies, just like the browser, but probably more securely than browser cookies.

Re:

[tlhIngan]

But the point stands: whether HTML5 is good or bad is pretty much irrelevant to the inarguable fact that Flash is a security mess. Even if HTML5 turns out to be even worse, that doesn't make the current state of affairs with Flash acceptable. Adobe needs to get its act together, regardless of their competition's CERT alert count. The only bug counts their dev team should care about are their own.

Except that with HTML5, the security mess isn't as big because browsers are updated far more frequently by many

Re:

[the_humeister]

Yeah, no kidding. If they ever include this "feature" in Firefox, I'm switching to something else. Perhaps Konquerer.

Web must be two way, not consume-only, read-only

[h00manist]

Yes, there is malware. But lets not censor people because their computer may be insecure. We do need to encourage people to produce and publish more. Too much of the web is becoming filler "content" for selling commercials, the same as television and magazines. They don't really care what content is or says, as long as it's attention grabbing it sells ads.

Re:

[John Hasler]

I didn't suggest any censorship.

Re:

[tlhIngan]

Yes, there is malware. But lets not censor people because their computer may be insecure. We do need to encourage people to produce and publish more. Too much of the web is becoming filler "content" for selling commercials, the same as television and magazines. They don't really care what content is or says, as long as it's attention grabbing it sells ads.

People produce and publish lots already. Given the number of blogs, facebook posts, tweets, youtube videos, etc. that are posted daily, I don't think the

Re:

[BrokenHalo]

A bit scary, indeed, but a bit of duct tape over the camera lens is always safest. Not that that will stop anyone hearing your moans... ;-P

Re:

[prionic6]

My first thought exactly.

There is no way this could go wrong!

so...uh...

[blair1q]

this thing can turn on my webcam and upload the vids just because i clicked on a link?

let me ask, how do i NEVER get this add-on?

Re:

[maxwell demon]

let me ask, how do i NEVER get this add-on?

Simple: By not installing it.

Re:so...uh...

[CannonballHead]

how do i NEVER get this add-on?

Use IE 6. ;)

Re:so...uh...

[Cougar Town]

Mozilla didn't get Firefox where it is by being morons. Just the fact that it's Mozilla tells me that if this is ever an official release, it's going to have some kind of user confirmation before allowing access to these things (if it doesn't already). The backlash would be too great if there wasn't, and this is just common sense for Mozilla. Bugs could show up that might allow some kind of malware to do it, but it's crazy to think that Mozilla would knowingly allow any site to just access your camera and mic without permission if this was meant to be widely used by regular people.

Re:

[owlnation]

Mozilla didn't get Firefox where it is by being morons.

Hmmm... Mozilla didn't get Firefox from 0.0 - 2.0 by being morons. However, there's certainly some evidence of moronic behavior from 2.0 onwards. Their focus seems to have changed from usability to adding more and more features. And that's moronic, because that's exactly what killed Netscape.

Only a moron would repeat history that way. Yet that does appear to be what they are doing.

Re:

[hedwards]

They're doing that because you're delusional. Sort of like how the sky is now red and Safari doesn't suck balls on Windows.

Firefox is much more usable now than it was when I first started using it back when it was alpha and wasn't Firefox. 3.x and 4.x are continuing the evolution. It's hard for me to believe that a bunch of "moron" as you put it put together the second most popular browser. Even more shocking is that a bunch of morons are now leading the browser market.

Re:

[BrokenHalo]

Back when Firefox was alpha and called Phoenix, my preferred browser was its ancestor, the original Mozilla. If you did your own builds and left out Communicator and all the other stuff that made it huge and unwieldy, it kicked Phoenix' butt in every way.

Eventually, of course, by the time support for Mozilla fell away, the (by then) bulkier Firefox was well and truly established.

Re:

[bennomatic]

Hate to say it, but Mozilla was not the original. There was a little program written by a student at UIUC named Marc called Mosaic, and it was AWESOME! With the possible exception of Cyberdog [wikipedia.org], that was the best browser ever.

Re:

[treeves]

I remember NCSA Mosaic. Ran it on my Mac back in the day, along with Gopher and Eudora. Don't remember watching too many videos with Mosaic though.

Re:

[bennomatic]

Yeah. Remember when Bill Gates said the Internet was a fad and that's why it took them so long to introduce dial-up TCP/IP into Windows? I remember helping customers configure Chameleon and Winsock, among others.

And while the Mac's built-in stuff came faster, it was still annoying; I remember having to reboot every time you changed a networking setting. Those were the days.

Re:

[Angst Badger]

It's hard for me to believe that a bunch of "moron" as you put it put together the second most popular browser. Even more shocking is that a bunch of morons are now leading the browser market.

Popularity does not equal intelligence. Vastly more people are avid followers of professional wrestling than any branch of the sciences. While the OP rather overstates his point, yours has no merit at all.

Re:

[couchslug]

Distinguish "add-on" from the browser itself. Extensions make FF useful. No likee, no installee, no problem.

Re:

[flyingfsck]

Every program evolves until it can send email. Can Firefox do that yet?

Re:

[tepples]

Every program evolves until it can send email. Can Firefox do that yet?

Do Hotmail and Gmail count?

Re:

[SharpFang]

...actually, Mozilla was about adding more features from day one.
Then someone got really pissed off about that, took Mozilla base, removed all the cruft and forked off Phoenix, which was Mozilla minus all the "features".
Then, when Mozilla began to die away and Phoenix began gaining popularity, Mozilla jumped the ship and joined the Phoenix team (and renamed it to Firefox later).
Then they began doing to Firefox what they used to do to Mozilla, and what caused people to abandon Mozilla in favor of Firefox.

Re:

[SharpFang]

And now the primary problem / most frequent complaint about Firefox is...?

Re:

[account_deleted]

Comment removed based on user account deletion

Four words: Lower Merion School District

[westlake]

Mozilla didn't get Firefox where it is by being morons. Just the fact that it's Mozilla tells me that if this is ever an official release, it's going to have some kind of user confirmation before allowing access to these things (if it doesn't already).

If it does, I see no evidence for it.

The potential for abuse here is enormous.

The user confirmation had damn well better be solid. Particularly when a minor is likely to be at the keyboard.

It is not necessarilly a good idea to do everything in the browser.

Th

Re: Four words: Lower Merion School District

[catbutt]

It's absurd to think that they would allow any web page to capture video or audio without having a rock solid way of making sure the user actually wants to do that. I mean, browsers have had a "file upload" widget since practically day one. But never did they allow javascript to browse your hard drive and upload files without you explicitly telling it to.

Same here. Even the most computer illiterate should be aware that having a browser able to do such a thing without the user's permission is crazy. Why is anyone, on Slashdot no less, even debating it?

Re:

[contra_mundi]

It's a tasty piece of FUD and they have a beef with Mozilla?

Re:

[clang_jangle]

It is not necessarilly a good idea to do everything in the browser.

That's an understatement! Unfortunately, in the future we will be doing pretty much everything in the browser if the ISPs and **AA get their way. Total lockdown is their "final solution", and they'll most likely get it. Hopefully I'm wrong, but I believe these are the good old days -- enjoy them while they last...

Re: Four words: Lower Merion School District

[Angst Badger]

It is not necessarilly a good idea to do everything in the browser.

Damn straight. That's what emacs is for.

Re:

[icebraining]

Flash has had this for quite a while, and I don't see any evidence of it being abused in a large scale.

As long as there's a browser confirmation dialog (something like the yellow bar when websites want to install extensions) I see no problem with this.

Re:

[arielCo]

this thing can turn on my webcam and upload the vids just because i clicked on a link?

let me ask, how do i NEVER get this add-on?

Got Flash? Yes it can, and guess what: there are settings for that, per site [macromedia.com] and global [macromedia.com].

Maybe the good boys at Mozilla thought of that too.

Re:

[hitmark]

and if not, there is always noscript (and removable camera).

Re:

[LingNoi]

You'd most likely be clicking the allow button at the top of your page similar to the javascript location API.

Re:

[Hortensia Patel]

Paint or tape over the webcam lens. It's the only way to be sure.

Recording Indicator

[Doc Ruby]

I'd like the OS to have a reliable (hard to crack) indicator to the user showing whenever any mic or camera HW is being accessed, like a red light in the Desktop manager display, and an easily readable display of the XML log of accesses.

As it is I put metal foil tape over them now, disconnecting them physically when I can, and rely on external camera/mic peripherals that I plug in on demand.

Re:

[vigmeister]

As it is I put metal foil tape over them now

So no one finds out about your Tihande-1A which is capable of 2.5 petafaps?

Cheers!

Re:

[John Hasler]

I have a simpler solution: no camera and no microphone

Re:

[hitmark]

or physical switches on the wires.

Re:

[Slutticus]

OS X has this.... and unfortunately has alerted my wife to many failed attempts to misuse my Macbook pro web cam.

Re:

[SydShamino]

Screw a red light in the desktop manager display. Attach a red LED directly to the enable pin of the camera IC, so that it's physically impossible to turn on the camera without showing the light unless the LED burns out or is removed.

Camera circuitry not have a simple enable pin? Don't design in that camera.

Re:

[hitmark]

some designs have a physical cover for the lens.

Re:

[tepples]

Camera circuitry not have a simple enable pin? Don't design in that camera.

Home users don't have power to redesign the camera.

Re:

[SydShamino]

Laptop maker does. That's who I'm talking about.

Re:

[tepples]

Laptop makers choose the lowest bidder. The camera from the lowest bidder takes an enable command, not an enable pin. Home users don't have power to force laptop makers to choose otherwise.

Re:

[tepples]

All camera circuitry has a simple enable pin. In fact all circuitry has a simple enable pin. It's called the power pin..

And watch the camera power be turned on in a "standby" mode even when the camera isn't taking pictures, making the indicator useless.

Re:

[Hamsterdan]

There's a little LED on most webcams that lights up when it's in use.

Re:

[u38cg]

Dude, what exactly is it that you do or say in front of your computer that you think *anybody* would care about? No, fappage does not count.

Re:

[Doc Ruby]

My private life, you slave.

Re:

[moonbender]

My Webcam also has an LED that turns on whenever the camera is accessed. Except, in Linux it acts the opposite way. Oops. I wouldn't trust those LEDs too much.

Re:

[hedwards]

I've got a better solution, a bit of masking tape over the camera any time that you don't want to be caught on camera. It's not perfect, but they can't see anything.

Re:

[Hamsterdan]

Strange, as on my main machine, it always act the same (XP/Leopard/Kubuntu) ON=LED ON OFF=LED OFF

Re:

[icebraining]

That's because it's a software controlled LED, which is stupid. My HP has a LED electrically connected to the webcam, so there's no way in software to disable it, even if you have root privileges.

Re:

[moonbender]

How do you know that it's electrically connected?

Re:

[moonbender]

Sure, reading the driver might work. The code that turns off the LED could still be hidden in the device's firmware, though. The path /sys/class/leds does not exist when I connect my USB webcam with its apparently software-controlled LED.

1984 redux

[woboyle]

They should call it the "Big Brother" plug-in...

So what they're saying is...

[euroq]

So what they're saying is that the hackers will take your bank account credentials, AND your picture so they can print the credit card with it! Sweet, where do I sign up?

Obvious Joke

[rakuen]

Forget this, I'll just wait for the next release. They can call it the Double Rainbow.

In Soviet Russia...

[Penguinshit]

... Web browses YOU!

(c'mon: _somebody_ has to post this)

Re:

[TheyTookOurJobs]

BAD NO!

Re:

[tenco]

In Soviet Russia, the web taps you!

Open formats eh?

[mhaymo]

Perhaps this is an attempt to win back the HTML 5 video format wars from H.264?

Re:

[pak9rabid]

Yup

Rainbow Add-on???

[IonOtter]

I wonder how long it'll take for some televangelist to claim that Mozilla/Firefox is secretly promoting the "Gay Agenda". Anyone remember Jerry Falwell?

One of the last reasons to have flash

[AHuxley]

is finally gone.
With this any UVC webcam will be able to stream from Mac, Linux or Windows to the world. Peoples fav cam sites will be usable without the security issues.
The great part of this is the source is been seen by a few different people and can be optimised and fixed if Linux, Apple or Windows 'upgrades' in a strange new way.
Would this work on the new Windows phones or Apple pads/touches or do Apple and Windows keep webcam streaming locked down for their apps and value adding partners?

Re:

[__int64]

Indeed, blah blah blah.

Security, 'upgrades', lock down, apps, value adding partners...And next time for bonus, be sure to include: a discussion of 'utility', mention something called "mobile equity", and try to work in a reference to capital markets, where relevant of course.

Re:

[AHuxley]

Was thinking of 'Windows Phone 7 limits camera access for apps"
http://news.cnet.com/8301-13860_3-20020522-56.html?tag=mncol;1n [cnet.com]
They seem to be 'working on it' or its not for any app to use :)

interesting

[pak9rabid]

Well, this sure is a clever way to push their tag video and audio codecs. If only everyone would invent something cool to get their formats accepted.

Re:

[LingNoi]

It's not their audio or video tag and they also didn't invent it.

http://www.whatwg.org/specs/web-apps/current-work/#devices [whatwg.org]

Will anyone use it?

[realinvalidname]

This sort have thing has been possible for years with Flash, and before that with QuickTime for Java in an applet. I guess the novelty here is exposing it to JavaScript, and using politically-correct codecs and containers. Very few developers used in-browser capture in Flash or QTJ, even though they were cross-browser, so what's the realistic chance of this getting used?

Such small meager steps.

[John Sokol]

I really wish I had the time to work on it myself.

Basic audio and video capture should be really trivial, but I have no idea what the Mozilla code looks like inside.

Streaming audio and video from the browser is something I am currently trying to play with using Java, but
I don't know java very well and and very rusty with it. Probably will need to pay a friend to help get it working.

I would be willing to share some of my older code (from livecam) and answer questions for anyone struggling to figure this stuf

Recording video in the browser? Great...

[93 Escort Wagon]

Now if only Firefox would support playing the most common modern video format, h.264 - nah, there's no demand for that.

Re:

[BenoitRen]

Now if only people would understand why Firefox can't support proprietary codecs - nah, there's not enough intelligence for that.

Re:

[Haedrian]

H. 264 is also propriatry, so aside from the fact that it costs money, it also kinda messes up Firefox's "open-sourceness" - and therefore will go against their main mission of sorts.

Now if there was an open-source video decoder, you'd be sure that they'd have it implemented in two shakes of a fox's tail - in fact, there's already <video> tags working, which I assume uses theora.

Re:

[tepples]

Now if there was an open-source video decoder, you'd be sure that they'd have it implemented in two shakes of a fox's tail - in fact, there's already tags working, which I assume uses theora.

Firefox 3.6 can use .ogg with Theora video and Vorbis audio, comparable to DivX (AVI with MPEG-4 ASP video and MP3 audio). Firefox 4 can also use .webm (renamed .mkv with VP8 video and Vorbis audio), and VP8 is roughly equal in video quality to the baseline profile of H.264.

Re:

[icebraining]

Maybe they only listen to non-selfish demands?

Re:

[rjstanford]

I guess Mozilla could try to make a donation drive for the five million it'll cost annually [zdnet.com] to get every Firefox copy cleared with licensing.

Or they could just use the already-licensed codecs baked in to the incredibly well documented, supported, and high-performance video subsystem of most installed operating systems rather than trying to ignore their host system and the user's previously set preferences completely and apply their own standards...

XP+Ubuntu outnumbers Vista+Win7+OS X

[tepples]

Or they could just use the already-licensed codecs baked in to the incredibly well documented, supported, and high-performance video subsystem of most installed operating systems

Windows XP and Ubuntu lack the built-in H.264 and AAC codecs that Windows Vista, Windows 7, and Mac OS X have. And the last time I checked, the former combined still outnumbered the latter combined.

Not happy with Mozilla

[flimflammer]

When did Mozilla switch their focus from a fast lightweight browser that outperformed the competition to the near bloated mess it's winding up as now? People have software to do this sort of thing already. Do we really need Firefox to do this? Firefox isn't really an application framework. It isn't an Operating System. Lets stop adding things that aren't necessary, please!

Not only that, but can other browses (IE, Chrome, etc) play Theora/Vorbis video files in their own video tags? If not, then are they real

Chrome and Opera play Theora video

[tepples]

Firefox isn't really an application framework. It isn't an Operating System.

If not Firefox, then what is a web application framework? You appear not to want Firefox to be a web application framework, but a lot of other Slashdot users disapprove of technologies from Adobe and Oracle.

Not only that, but can other browses (IE, Chrome, etc) play Theora/Vorbis video files in their own video tags?

Chrome and Opera already play Theora video, and IE 9 will play Theora and VP8 with codec packs that organizations such as Xiph.Org and Google are expected to provide. This leaves Safari on Mac and IE on Windows XP.

Why?

[BenoitRen]

There's an increasing tendency to put everything in the web browser, making it the Jack of all trades. What's the point of putting audiovisual recording in the web browser? Why can't the user just use their own recording software and upload the result using the ubiquitous (sp?) file upload form control?

Finger on the pulse

[Wowsers]

Recording in the browser, this is an excellent idea.... just something else to crash PulseAudio.

More Popular

[assertation]

More popular would be an extension to remove all of those Facebook symbols and links you find all over the web.

This is firing the first shot across the front bow

[Provocateur]

It's a serious challenge to the top browser.

You know, emacs.

Re:

[LingNoi]

I don't understand how it can work at all since FF4 Beta doesn't support the binary functions from FileAPI at all. Very annoying btw, I wish someone would fix that like they have done in Webkit for months.

Re:

[Yvan256]

Believe me, you're not the only one waiting for that.

In the meantime, you can only say "Safari or Chrome only" to your users, if you have that luxury. What are Opera doing about that, too?

Re:

[Steauengeglase]

Just swap it back to the old one in your profile settings.