[tor-talk] Is using player like VLC safe alternative to Flash?

[Tom Ritter]

VLC has a lot of stuff going on inside of it.  I would not be
surprised if there were proxy leaks that might be able to be forced by
someone doing something tricky.  Say you enter a url to a flash video
and the content is intercepted and replaced with an RTSP stream that
VLC somehow interprets, and due to a quirk of RTSP makes a request to
a third party domain that isn't proxied?  I have no idea if that's
possible, but I wanted to give some strange example of something VLC
supports that might have a proxy leak in some obscure component.

Likewise, when discussing security vulnerabilities... VLC doesn't have
the best track record.  (See https://www.videolan.org/security/ ).
I'm a big fan of VLC, but I put it in the same category as Pidgin when
it comes to "how far do I trust this program to not have bugs?"

I would love to see someone do an objective test of VLC as opposed to
my subjective hand-waving, but I'm not aware of one.

-tom