[tor-talk] Is using player like VLC safe alternative to Flash?

Joe Btfsplk joebtfsplk at gmx.com
Wed May 8 21:05:31 UTC 2013


On 5/7/2013 8:46 PM, Tom Ritter wrote:
> VLC has a lot of stuff going on inside of it.  I would not be
> surprised if there were proxy leaks that might be able to be forced by
> someone doing something tricky.  Say you enter a url to a flash video
> and the content is intercepted and replaced with an RTSP stream that
> VLC somehow interprets, and due to a quirk of RTSP makes a request to
> a third party domain that isn't proxied?  I have no idea if that's
> possible, but I wanted to give some strange example of something VLC
> supports that might have a proxy leak in some obscure component.
>
> Likewise, when discussing security vulnerabilities... VLC doesn't have
> the best track record.  (See https://www.videolan.org/security/ ).
> I'm a big fan of VLC, but I put it in the same category as Pidgin when
> it comes to "how far do I trust this program to not have bugs?"
>
> I would love to see someone do an objective test of VLC as opposed to
> my subjective hand-waving, but I'm not aware of one.
>
Fair enough.  Thanks for your perspective.  I'm just posing questions.
I am a bit surprised that the issue of playing vids in Tor or TBB or Tor 
developed plugin, no matter their original format (or converting them), 
hasn't been addressed by Tor Project.  I know... they're limited on 
resources.

Here's an idea:  take one of the well respected, open source, cross 
platform video players & MAKE IT safe to use in TBB as a plugin, or as a 
stand alone?  They're already developed, & for the most part - already 
as safe as anything else.  Why re invent the wheel?

Lots of people in repressed societies would like to watch some political 
speech vids, for example.  Not that big of an issue in the U.S., unless 
you're watching militia group vids.  Unless the entire mission of Tor 
Project is to provide semi anonymous access to written word & exclude 
video; that may well be the case & have solid reasoning behind it.

Also seems to me that there are PLENTY of talented Tor users that could 
& would be willing to write patches or entire sections of code for this 
or anything else - for free, if they were allowed to. They do it ALL THE 
TIME for other open source apps.  Tor is a non profit, but sometimes 
seems to be so tightly controlled, that progress moves at a snail's pace.


More information about the tor-talk mailing list