MySpace security measure disables viral spread of widgets

MySpace has taken a step to increase security that disables a key method for third party vendors to spread their services inside the online social network. The company is using new code in a new version of flash that disables outgoing links from flash widgets and it is pushing users to install the blockable version of flash by requiring that they do so in order to view MySpace hosted video. Widgets will operate, but users who have upgraded to Flash 9 will be unable to click to the widget vendor’s site and get a copy of the widget for themselves.

Just as javascript has been unusable in MySpace, most flash objects are also now unable to link out to third party sites when viewed with Flash player 9. MySpace users are now being encouraged to download a beta version of Flash 9 in order to view MySpace hosted video. When they do so, almost all other widgets (YouTube, etc) no longer link out to third party sites because of code inserted by MySpace after a security breach last weekend. Some flash widgets appear unaffected but there is no clear reason why. Being displayed in a music section profile is the only thing that I and several friends could see as different between the few widgets that still link out and those that don’t.

This means that the “get this widget” function so key to the viral spread of a growing industry of MySpace widgets will soon be unavailable. It also appears to mean that MySpace remains vulnerable to the worm the site sought to stop.

The new version of flash was required after a flash based worm was discovered this weekend this weekend that had spread far and wide through the site and sent users to an off site page claiming that the U.S. government was behind the 9/11 terrorist attacks. Blogger Alice Marwick,with assistance from Josh Santangelo, pointed out today that when Flash 9 is installed, site administrators have the option of turning off the ability for flash objects to link externally. MySpace administrators have apparently made that choice; users can no longer click through embeded YouTube Flash objects to pages off site once they have installed the Flash player 9 that is required to view MySpace hosted videos.

Specificallly, MySpace is inserting ‘allowNetworking=”internal”’ into the code of some embedded flash widgets. Why the code is not embeded in all of the widgets, including some video players is unclear.

That’s a major blow against the viral spread of services like YouTube, RockYou and countless emerging others. I’ve been talking to a lot of widget vendors lately, and “it works in MySpace” is a now a primary selling point. Companies are investing large amounts of money in widgetizing content from one site onto another and MySpace is huge. This move, in the name of security, will likely do serious damage to the cottage industry of flash widgets in MySpace. In as much as users love their widgets, that means this will do serious damage to MySpace as well.

Related: with the addition of yesterday’s news about the mass exposure to adware via a banner ad on MySpace, things are not looking good for the company’s image.