[tor-talk] Is using player like VLC safe alternative to Flash?
Joe Btfsplk
joebtfsplk at gmx.com
Thu May 9 01:18:20 UTC 2013
On 5/8/2013 4:53 PM, Moritz Bartl wrote:
> On 08.05.2013 10:58, Moritz Bartl wrote:
>>> Question of playing Flash vids comes up constantly & explanation given
>>> of why it can compromise anonymity in Tor Browser.
>> Additionally to what Tom Ritter wrote: If you want to be safe, convert
>> the .flv to a "real" video format first. I would say a toolchain like
>> ffmpeg -> h264, and then VLC to play it, is safer than directly playing
>> the .flv.
> I just learned that that statement is crap, because flash video is just
> a video format like the others.
>
That is true & I don't pretend to be an expert on vid formats, video
players or much of anything. It is the player(s) that historically were
mostly the problem (or usually been the case, in NON Tor use). Sure, a
vid could contain something bad & you really should scan them just like
any file, or have a real time scanner to do it automatically. But it's
the security holes / bugs, or even built in privacy violating behavior
in some players (Flash) that is most of the concern.
Besides the anonymity thing w/ Flash Player & TBB, it attracts hackers
like flies to manure. [Manure - that's an interesting word that puts
together 2 words that have positive meaning: Ma & newer!]
Flash Player CONSTANTLY has to issue patches, meaning it usually has
security / privacy holes at any given time.
Compare the # of security updates Flash issues vs MPLayer, VLC or any in
their league. Yes, all apps issue security patches - but few even
approach the number or frequency of Flash Player.
More information about the tor-talk
mailing list