[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Is using player like VLC safe alternative to Flash?

On 5/8/2013 4:53 PM, Moritz Bartl wrote:
On 08.05.2013 10:58, Moritz Bartl wrote:
Question of playing Flash vids comes up constantly & explanation given
of why it can compromise anonymity in Tor Browser.
Additionally to what Tom Ritter wrote: If you want to be safe, convert
the .flv to a "real" video format first. I would say a toolchain like
ffmpeg -> h264, and then VLC to play it, is safer than directly playing
the .flv.
I just learned that that statement is crap, because flash video is just
a video format like the others.

That is true & I don't pretend to be an expert on vid formats, video players or much of anything. It is the player(s) that historically were mostly the problem (or usually been the case, in NON Tor use). Sure, a vid could contain something bad & you really should scan them just like any file, or have a real time scanner to do it automatically. But it's the security holes / bugs, or even built in privacy violating behavior in some players (Flash) that is most of the concern.

Besides the anonymity thing w/ Flash Player & TBB, it attracts hackers like flies to manure. [Manure - that's an interesting word that puts together 2 words that have positive meaning: Ma & newer!] Flash Player CONSTANTLY has to issue patches, meaning it usually has security / privacy holes at any given time. Compare the # of security updates Flash issues vs MPLayer, VLC or any in their league. Yes, all apps issue security patches - but few even approach the number or frequency of Flash Player.
tor-talk mailing list