[vlc-devel] [PATCH 2/2] playlist/fetcher: do not ignore metadata scope when downloading art

Rémi Denis-Courmont remi at remlab.net
Sun Dec 11 13:41:21 CET 2016

Le sunnuntaina 11. joulukuuta 2016, 13.11.25 EET Filip Roséen a écrit :
> Hi Remi,
> On 2016-12-11 14:02, Rémi Denis-Courmont wrote:
> > First, I don´t see the problem. The metadata is the album art URL, not the
> > resource that the URL represents.
> > 
> > Second, the difference between asking a third party for metadata and
> > retrieving a known resource from the second party is clear.
> To me the second party is the file that is being played, any
> references to an external party is (to me) considered to be
> third-party.

AGAIN, for the sake of security and privacy, there is NO difference between 
the art URL, and any other contained external reference. Playlists, segmented 
streaming manifests, HTTP redirections, MP4 redirections, etc. present the 
exact same security and privacy risks:
- notifying a remove system automatically,
- parsing an external untrusted bitstream automatically.

You can add an option to disable that if you feel like it. But that is 
definitely not what the network access option was about. Besides, I think you 
would be better off firewalling VLC off the network for that purpose.

> > That is completely irrelevant. Demuxers (and previously stream
> > filters) routinely fetch referred resources automatically from the
> > network. From a privacy and security point of view, this is no
> > better or worse than fetching a cover.
> > 
> > Adaptive is a prime example of that.
> > 
> > If you want to prevent VLC from using the network, then firewall it. I
> > cannot see any sense for the sake of privacy in blocking the art fetcher,
> > but letting other forms of automatic network access.
> What other forms of "automatic network access" are you referring to? I
> must be missing something since I cannot deduce this from your reply.

And you expect me to believe that?

When I wrote and you quoted this?

> > Adaptive is a prime example of that.

> To me there is a vaste different between playing something that
> queries *data* that is supposed to be played, and fetching additional
> metadata that is not mandatory for the playback of the entity itself.

No. The difference exists from a functional point of view, as the cover art is 
not essential to performing the input media. But as far as privacy and 
security are concerned, there are no differences.

Rémi Denis-Courmont

More information about the vlc-devel mailing list