Xbox at E3 2021 Starfield trailer Square Enix E3 2021 Halo Infinite trailer E3 2021 schedule Millions more stimulus checks sent

Macromedia patching Shockwave privacy hole

The company is working to fix a glitch in the Shockwave animation player that was sending users' private information back to the company.

Macromedia has moved to fix a privacy glitch in its Shockwave animation player that was sending users' private information back to the company.

Part of Shockwave's automatic update feature sends Macromedia the URLs for Web sites users have visited. Macromedia collects these Web addresses to determine the most popular sites using Shockwave animation and then assist those sites in making their animations smaller and faster with the aim of exerting some quality control on Shockwave implementations.

But Macromedia found itself receiving hundreds of Shockwave users' user names, passwords, and other information that was included in the URLs to some password-protected sites.

In an update posted to the Shockwave site, version 7r205 has started combing through the incoming URLs to strip out that personal information.

"There's a lot of information you can put into a URL," said Kevin Ellis, Macromedia's group product marketing manager for Shockwave and Director, the Shockwave authoring tool. "Why anyone would put that information into a URL is beyond me. But they do it."

Indeed, Macromedia received about 300 such URLs before discovering the problem, out of more than 3 million received.

Ellis stressed that Macromedia does not tie the incoming data to an individual and only uses it for its aggregate value. He also noted that Macromedia encrypts the data as it comes in, and only two employees at the company have access to it.

One of the sites that does include personal information in its URLs is MacUser in the United Kingdom. That site discovered the privacy breach and first reported it to Macromedia.

Macromedia's privacy snafu comes as hardware, software, and service providers alike are coming under fire for their privacy practices.