[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is using player like VLC safe alternative to Flash?

On 5/7/2013 8:46 PM, Tom Ritter wrote:
VLC has a lot of stuff going on inside of it.  I would not be
surprised if there were proxy leaks that might be able to be forced by
someone doing something tricky.  Say you enter a url to a flash video
and the content is intercepted and replaced with an RTSP stream that
VLC somehow interprets, and due to a quirk of RTSP makes a request to
a third party domain that isn't proxied?  I have no idea if that's
possible, but I wanted to give some strange example of something VLC
supports that might have a proxy leak in some obscure component.

Likewise, when discussing security vulnerabilities... VLC doesn't have
the best track record.  (See https://www.videolan.org/security/ ).
I'm a big fan of VLC, but I put it in the same category as Pidgin when
it comes to "how far do I trust this program to not have bugs?"

I would love to see someone do an objective test of VLC as opposed to
my subjective hand-waving, but I'm not aware of one.

Fair enough.  Thanks for your perspective.  I'm just posing questions.
I am a bit surprised that the issue of playing vids in Tor or TBB or Tor developed plugin, no matter their original format (or converting them), hasn't been addressed by Tor Project. I know... they're limited on resources.

Here's an idea: take one of the well respected, open source, cross platform video players & MAKE IT safe to use in TBB as a plugin, or as a stand alone? They're already developed, & for the most part - already as safe as anything else. Why re invent the wheel?

Lots of people in repressed societies would like to watch some political speech vids, for example. Not that big of an issue in the U.S., unless you're watching militia group vids. Unless the entire mission of Tor Project is to provide semi anonymous access to written word & exclude video; that may well be the case & have solid reasoning behind it.

Also seems to me that there are PLENTY of talented Tor users that could & would be willing to write patches or entire sections of code for this or anything else - for free, if they were allowed to. They do it ALL THE TIME for other open source apps. Tor is a non profit, but sometimes seems to be so tightly controlled, that progress moves at a snail's pace.
tor-talk mailing list