Image: ZDNet
The South African Revenue Service has released this week its own custom web browser for the sole purpose of re-enabling Adobe Flash Player support, rather than port its existing website from using Flash to HTML-based web forms.
Flash Player reached its official end of life (EOL) on December 31, 2020, when Adobe officially stopped supporting the software.
To prevent the app from continuing to be used in the real-world to the detriment of users and their security, Adobe also began blocking Flash content from playing inside the app starting January 12, with the help of a time-bomb mechanism.
As Adobe hoped, this last step worked as intended and prevented companies from continuing using the software, forcing many to update systems and remove the app.
As SARS tweeted on January 12, the agency was impacted by the time-bomb mechanism, and starting that day, the agency was unable to receive any tax filings via its web portal, where the upload forms were designed as Flash widgets.
SARS is aware of certain forms not loading correctly due to Adobe Flash. We are currently working on resolving the matter and will advise once the problem has been resolved. We sincerely apologise for the current inconvenience.
— SA Revenue Service (@sarstax) January 12, 2021
But despite having a three and a half years heads-up, SARS did not choose to port its Flash widgets to basic HTML & JS forms, a process that any web developer would describe as trivial.
Instead, the South African government agency decided to take one of the most mind-blowing decisions in the history of bad IT decisions and release its own web browser.
Chrome, Firefox, Edge: Hey, we no longer support Adobe Flash Player due to security reasons.
SARS: mxm okay, we’ll build our own browser ke! 🤡
— Monsieur Elon Masakhane (@VendaVendor) January 26, 2021
Released on Monday on the agency’s official website, the new SARS eFiling Browser is a stripped-down version of the Chromium browser that has two features.
The first is to re-enable Flash support. The second is to let users access the SARS eFiling website.
As Chris Peterson, a software engineer at Mozilla, pointed out, the SARS browser only lets users access the official SARS website, which somewhat reduces the risk of users getting their systems infected via Flash exploits while navigating the web.
But as others have also pointed out, this does nothing for accessibility, as the browser is only available for Windows users and not for other operating systems such as macOS, Linux, and mobile users, all of which are still unable to file taxes.
Do tell me about the Linux, iOS, Android and MacOS versions of this browser
— Stephan Eggermont (@StOnSoftware) January 26, 2021
Pressed for more answers on its decision to focus on a narrow-minded solution via its custom browser rather than port some forms on its website, a SARS spokesperson did not return a request for comment.
But in spite of its unexpected response to the Flash EOL, SARS is only an outlier in the grand scheme of things, as most companies have already moved operations away from Adobe Flash.
Sure, there are a few exceptions here and there that can grab headlines due to poor decisions, but most companies have known long in advance that this day was coming and have taken steps to avoid any downtime.
Another of these outlier cases that made headlines over the past week was the case of the local train station in the Chinese city of Dalian. Initial reports claimed that the rail station had to stop all rail traffic after its internal systems, built around Flash, stopped working.
This turned out to be false, and later reports from Chinese media clarified that railway traffic never stopped in Dalian because of the Flash EOL. However, the reports also admitted that there’s some truth in the original report and that, indeed, some internal traffic statistics system had stopped working at the rail station on January 12, when Adobe blocked Flash content from working.
That system was eventually upgraded to a Flash Player version that Adobe offers inside China only, which does not contain the January 12 time-bomb mechanism, allowing the system to continue working beyond the Flash EOL.