[vlc-devel] [PATCH 2/2] playlist/fetcher: do not ignore metadata scope when downloading art

Sun Dec 11 13:11:25 CET 2016

Hi Remi,

On 2016-12-11 14:02, Rémi Denis-Courmont wrote:

> First, I don´t see the problem. The metadata is the album art URL, not the 
> resource that the URL represents.
> 
> Second, the difference between asking a third party for metadata and 
> retrieving a known resource from the second party is clear.

To me the second party is the file that is being played, any
references to an external party is (to me) considered to be
third-party.

One could of course argue that we should check whether the referenced
URI belongs to the same domain as that of the media being played, to
allow for such requests (kind of like the ''same-origin policy'').

> And third, album art retrieval used to have its own "album-art" tristate.
> It´s rich of a VideoLabs employee to argue that the policy should be changed 
> because another VideoLabs employee changed the settings name.

I fail to see what *VideoLabs* have to do with this, though I do
understand that my association with the company can make it look like
all changes I propose are coming from the company.

I will change my contact information so that comments such as the
above can be avoided in the future, making a clearer distinction
between my personal development related to VLC and that which is done
during office-hours.

> 
> > > Meta lua scripts have an explicit privacy scope, and their output can be
> > > more or less trusted. The output of lua website demuxers can be trusted
> > > and have no privacy impact. I'm not aware of any protection in other
> > > demuxers from untrusted art URLs, nor from privacy leaks they might
> > > incur.
> > 
> > Demuxers generally do not download any metadata, that happens in the
> > affected code-path which the original patch modified.
> 
> That is completely irrelevant. Demuxers (and previously stream
> filters) routinely fetch referred resources automatically from the
> network. From a privacy and security point of view, this is no
> better or worse than fetching a cover.
>
> Adaptive is a prime example of that.
> 
> If you want to prevent VLC from using the network, then firewall it. I cannot 
> see any sense for the sake of privacy in blocking the art fetcher, but letting 
> other forms of automatic network access.

What other forms of "automatic network access" are you referring to? I
must be missing something since I cannot deduce this from your reply.

To me there is a vaste different between playing something that
queries *data* that is supposed to be played, and fetching additional
metadata that is not mandatory for the playback of the entity itself.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20161211/164f2e38/attachment.html>