[tor-talk] Is using player like VLC safe alternative to Flash?
Joe Btfsplk
joebtfsplk at gmx.com
Wed May 8 21:05:31 UTC 2013
On 5/7/2013 8:46 PM, Tom Ritter wrote:
> VLC has a lot of stuff going on inside of it. I would not be
> surprised if there were proxy leaks that might be able to be forced by
> someone doing something tricky. Say you enter a url to a flash video
> and the content is intercepted and replaced with an RTSP stream that
> VLC somehow interprets, and due to a quirk of RTSP makes a request to
> a third party domain that isn't proxied? I have no idea if that's
> possible, but I wanted to give some strange example of something VLC
> supports that might have a proxy leak in some obscure component.
>
> Likewise, when discussing security vulnerabilities... VLC doesn't have
> the best track record. (See https://www.videolan.org/security/ ).
> I'm a big fan of VLC, but I put it in the same category as Pidgin when
> it comes to "how far do I trust this program to not have bugs?"
>
> I would love to see someone do an objective test of VLC as opposed to
> my subjective hand-waving, but I'm not aware of one.
>
Fair enough. Thanks for your perspective. I'm just posing questions.
I am a bit surprised that the issue of playing vids in Tor or TBB or Tor
developed plugin, no matter their original format (or converting them),
hasn't been addressed by Tor Project. I know... they're limited on
resources.
Here's an idea: take one of the well respected, open source, cross
platform video players & MAKE IT safe to use in TBB as a plugin, or as a
stand alone? They're already developed, & for the most part - already
as safe as anything else. Why re invent the wheel?
Lots of people in repressed societies would like to watch some political
speech vids, for example. Not that big of an issue in the U.S., unless
you're watching militia group vids. Unless the entire mission of Tor
Project is to provide semi anonymous access to written word & exclude
video; that may well be the case & have solid reasoning behind it.
Also seems to me that there are PLENTY of talented Tor users that could
& would be willing to write patches or entire sections of code for this
or anything else - for free, if they were allowed to. They do it ALL THE
TIME for other open source apps. Tor is a non profit, but sometimes
seems to be so tightly controlled, that progress moves at a snail's pace.
More information about the tor-talk
mailing list