The percentage of daily Chrome users who've loaded at least one page containing Flash content per day has gone down from around 80% in 2014 to under 8% in early 2018.
These statistics on Flash's declining numbers were shared with the public by Parisa Tabriz, Director of Engineering at Google, during a keynote speech at Network and Distributed System Security Symposium (NDSS) held in San Diego last week.
Tabriz, one of the Google bigwigs in charge of Chrome's security, was giving a talk on the evolution of security features in Chrome and the web platform. Naturally, she mentioned Flash!
Flash's demise was to be expected, though. Adobe announced last year plans to stop supporting the Adobe Flash Media Player by the end of 2020.
But while Chrome, Firefox, Edge, and all major browsers have already moved from a Flash-enabled-by-default to a Flash-click-to-play policy since last year, the massive drop in Flash usage numbers is a huge surprise for most industry experts.
This big drop could, at least in theory, be explained by the fact that most advertising networks and video streaming portals have moved away from Flash to HTML5, meaning most people can go days before encountering a website that still loads some kind of Flash object.
On the other hand, Flash's market share —the number of computers with Flash installed— is most likely still pretty high. Tabriz's 8% figure only means that very few people are still using Flash for playing web content, which is a good thing, allowing browsers to prepare for the moment when they'll remove the plugin for good.
For Chrome, this means Chrome 87, expected to be released in December 2020, which is the industry-agreed cutoff date when Adobe will stop shipping updates and when other browsers also agreed to remove Flash from their stable branches as well.
But before Chrome 87, Chrome users will go through an intermediary step. In current versions of Chrome, Flash runs under a click-to-run policy. Starting with Chrome 76 —expected in July 2019— Flash will be disabled by default, meaning users will have to enable the plugin in their settings before even entering a click-to-run state.
However, cutting down Flash usage is not Chrome's only major win these past years. Just earlier this month, Google announced that more than 68% of Chrome traffic on both Android and Windows and over 78% of Chrome traffic on both Chrome OS and Mac, is now being sent via HTTPS. Because of this, the company plans to show a "Not Secure" label for all HTTP sites starting Chrome 68, to be released in July this year.
On Monday, Firefox published similar numbers, revealing that 75% of all Firefox traffic is now encrypted. Mozilla, too, is looking into adding a "Not Secure" label to HTTP sites as well.
[ENCRYPTION INTENSIFIES] https://t.co/UHqACCw2ve— Firefox (@firefox) February 26, 2018
Image credits: Mathias Payer