VideoLAN @videolan App Stores were a mistake. Currently, we cannot update VLC on Windows Store, and we cannot update VLC on Android Play Store, without reducing security or dropping a lot of users… For now, iOS App Store still allows us to ship for iOS9, but until when?
You must log in or register to comment.
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 84 users / day
- 537 users / week
- 1.5K users / month
- 6.58K users / 6 months
- 1 subscriber
- 2.3K Posts
- 53.3K Comments
- Modlog
i love how google is not even trying to hide the fact that they are engaging in obvious extortion
“give us the keys to all your secrets so that we can secretly inject NSA malware, or be setenced to obscurity”
anyway this is what we get when we trust gargantuan multi billion corpos not to royally fuck us over
Okay, but are they still releasing updates via other channels? The newest version on their website is 3.5.4, the same that I got through the play store.
But why is fdroid so behind?
So install and updated it without going through the store apps … you can download all the installers directly from their website. Absolute non-issue.
Reading this I remembered that stupid apple is now forced to let us sideload on iphones. I just kicked off the ios update to enable it.
For people lost in dessert:
removed by mod
TIL that my country has bended over the copyright trolls and blocked Archive.is, need a VPN to view…
Oh, then it has no purpose then
and yet the fdroid version was updated last month!
Or just using their official release APK over obtainium
I just checked it’s 23 February 2023. Last year…
Oh Jesus
So, uh, why not? The link doesn’t answer that.
For people lost in dessert:
Google is forcing apps to have Google services handle private keys. VLC doesn’t think that’s a good policy for security (it’s not), so they’re refusing to adopt it. Whenever you sign in on an app with your fingerprint, the encryption/authentication is being handled by a different program and stored alongside all your other keys. This creates a single point of failure for all sign-ons on your phone.
Thanks! 🙏
It’s a frustrated tweet not a hard hitting piece of journalism. Why is everyone here scrutinizing this so much? Do people hate VLC now or something?
My guess is that their update won’t be approved unless they drop support for old OS versions
Which is a problem given it’s a media player, and AndroidTVs still on Android 11 or earlier would be denied updates.
Some still sold and serviced are Android 8 i think?
Is it a problem though? Old versions of VLC still work fine; I have it on my iPad 2 but haven’t updated it in over 5 years.
Old hardware doesn’t have to worry about security updates because it’s already insecure. So unless VLC stops working, I don’t need updates. And it’s not like my iPad is capable of playing HEVC 4k HDR video anyway, so new codec support isn’t a problem.
One of the quickest ways to pivot into a corporate intranet is via an old insecure networked printer that Shannon from HR brought in.
Sure, maybe you don’t have anything worth stealing or leaking, but I bet getting hit with ransomware that encrypts every drive on the network and charges you $2,000 per drive to decrypt will put a damper on your day, month, or year.
Hope you’re one of the 0.1% of people that actually keep regular backups.
My point though is that if you’re running the old device without appropriate lockdowns, it’s already leaking like a sieve. It’s been at least five years since the corporate perimeter has been considered more than a minor line of defense, specifically because there are so many pieces of equipment long out of security patch support (if they ever had it) that can’t be trusted.
And ransomware actors don’t bother with the printer; they get in via phishing emails and misconfigured routers and remote access tools — because it’s too much work to target the printer when there are juicier targets.
Although there’s been a recent push towards credential management compromise, and if you’ve got an iPad 2 connected to an Apple ID that also happens to include an iCloud keychain with your Exchange server credentials on it….
My thinking was more along the lines of old vulnerabilities in VLC (specifically codecs/implementation) exploiting a set of the most commonly sold TVs, and spreading via torrents. If your malware group can target 6 models of the best selling 5 year old TVs and spread via torrents and then infecting video files, which spread over Windows networks and keep infecting video files, it could be a good few million device strong botnet.
Seems more like something an APT actor would focus on because the effort:reward ratio isn’t there for most groups, and it would take a lot more effort than the MicroTik botnet or other compromised router nets.
I’m hesitant to run any outdated network-connected devices on my (read: the one my personal devices use) network. The only older model device we have running is a brother printer but it still receives firmware updates, and it’s segmented so printing is never done directly from anyone’s device, it’s hooked up to an old laptop running a simple custom web server that accepts files and puts them in the printer queue, and tunneling and DNS are configured on the router, if someone needs to print, they go to [thenameoftheprinter].com in their browser and upload the file(s) and it prints. Devices without access to the guest network can print with Bluetooth, it just requires opening the laptop and pairing and manually printing.
But that was born out of issues of compatibility with the printer running on the guest/kids network, and not wanting to plug it directly into the router or use the Brother apps more than “This printer is older, must not have direct network access.”
deleted by creator
Off topic
MPV can also be configured to look way better than VLC. Especially if you use HDR.
Last time I tried it, the prebuilts packages didn’t work, and the version I built from source couldn’t recognize any graphics or video outputs to use 😞
same thing for linux. their repo’s latest version is 1.16 while their github version is 2.4.
Edit: my version numbers are wrong but you get the idea. The repo’s version is like 20 releases behind
Gentoo has version 3.0.x available
VLC is still on Twitter? I thought they would be quick to migrate to Mastodon, slightly disappointed.
And thanks OP for linking outside of Twitter.
Mastodon and other federated platforms are still confusing to normies and less ideologically-minded users. Aside from that, unless VLC starts hosting their own instance, it is hard to say if the particular one they decide to use will stick around. They can relocate by taking some extra steps of course. But they would likely care to put that effort into making VLC Player better instead of into social media. For now at least. X has been more or less the same for a long time (even with the past couple of years) for what they use it for. I am sure they would like to be on an open platform over propriety if that were the only difference. And nothing is stopping them from using both at the same time in order to reach as many people as possible.
Probably on both?
I’ve scrolled through the F-Droid repositories in Droidify app and see that VLC does not have their own F-Droid repository ? They could create one, and set up mirrors for it, think of a way to cover the hosting costs, why not ? Making yourself depend on Apple and Google and saying that app stores were a mistake feels wrong.
It doesn’t because you should get the app from F-droid main.
Several projects have their own F-Droid repository. A few years ago VLC was not updated for some time for some reason. A project like NewPipe has their own F-Droid repository making it possible to let users download the latest version, which can be useful when there is issues with the main F-Droid repository.
Better to use the official fdroid repo
Generally with small time apps, sure, but VLC are trustworthy enough to get it straight from the source. However, it’s not like VLC is an app that you need to keep up to date as soon as possible.
Unlike certain services, the main fdroid repo is pretty reliable
I don’t think app stores are the problem. I think big company app stores are the problem, such as the Google Play Store and the Apple App Store. I think something like F-Droid where you can add your own app sources or Droid-ify that has a ton of sources by default you just need to enable is the way to go.
The issue there is similar though - who controls Fdroid? They have the final say. Besides, 99% of users stick with the defaults.
I like the defaults personally.
Do you also like being tracked and having your private data sold without your knowledge?
I’m sorry what? F-droid takes security, privacy and freedom very seriously. You can read more about it here:
https://f-droid.org/en/2024/03/08/privacy-design-of-fdroid.org-webservers.html
You said you like the defaults… Fdroid is not the default.
Oh I misunderstood, I though you were about to argue that the play store us more secure or something
Hell naw, bruh. Google can go fuck itself with a spiked club.
deleted by creator
Fdroid has no say in what repos are added by the users.
Theoretically yes, but in practice for the vast majority of users it makes no difference. Very few people are going to go through the trouble of vetting another source, adding it, etc. That’s what the tyranny of the default is all about.
That’s right. Fdroid the app is just a program that accesses repositories. It’s not even the only one, Aurora has a similar version of their own called Aurora Droid.
Fdroid the repo is a repository of FOSS apps maintained by the Fdroid team with apps they’ve reviewed and compiled themselves, to provide an element of trust that you might not get from every random developer.
There’s no fool proof way of handling app trust other than developing your own understanding of the code. Otherwise you have to trust someone. Fdroid seem pretty trustworthy, more than the big corporations, and more than many unknown small time developers - however you can get app updates quicker direct from the developer, through the Fdroid app, if you’re willing to trust them.
Its open source.
There’s plenty of examples of FOSS devs selling out to corps who dramatically change the apps they produced. Not saying that would happen to Fdroid, but ultimately, unless you yourself control the software and its updates, you can never be 100% sure.