On 5/8/2013 4:53 PM, Moritz Bartl wrote:
That is true & I don't pretend to be an expert on vid formats, video players or much of anything. It is the player(s) that historically were mostly the problem (or usually been the case, in NON Tor use). Sure, a vid could contain something bad & you really should scan them just like any file, or have a real time scanner to do it automatically. But it's the security holes / bugs, or even built in privacy violating behavior in some players (Flash) that is most of the concern.On 08.05.2013 10:58, Moritz Bartl wrote:Question of playing Flash vids comes up constantly & explanation given of why it can compromise anonymity in Tor Browser.Additionally to what Tom Ritter wrote: If you want to be safe, convert the .flv to a "real" video format first. I would say a toolchain like ffmpeg -> h264, and then VLC to play it, is safer than directly playing the .flv.I just learned that that statement is crap, because flash video is just a video format like the others.
Besides the anonymity thing w/ Flash Player & TBB, it attracts hackers like flies to manure. [Manure - that's an interesting word that puts together 2 words that have positive meaning: Ma & newer!] Flash Player CONSTANTLY has to issue patches, meaning it usually has security / privacy holes at any given time. Compare the # of security updates Flash issues vs MPLayer, VLC or any in their league. Yes, all apps issue security patches - but few even approach the number or frequency of Flash Player.
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk