If someone were to listen to a SHOUTcast server through Tor using VLC (not just

Question

If someone were to listen to a SHOUTcast server through Tor using VLC (not just downloading the M3U playlist through the Tor browser, of course, but while running Tails), would it put their security in jeopardy? I'd think it would be a pretty straightforward connection, just like downloading any random MP3 files and then listening to them, but I know what an issue, for instance, watching videos with Flash is.

I've found this Is using player like VLC safe alternative to Flash? on Tor Talk which basically says that if VLC happened to have an exploit and you were using it to watch Flash videos, you'd be badly off; But, how much of an issue is VLC's track record, really, and are there more secure alternatives? Most importantly, listening to a SHOUTcast server's stream wouldn't be pertinently different from what's discussed in this thread, right?

Explanation / Answer

Watching videos using Flash is hazardous to your Tor security because 1) Flash can access servers directly rather than going through Tor, and 2) Flash has more holes than a block of Swiss cheese.

Listening to audio has the same risks: if your audio player ignores Tor and connects directly to the SHOUTcast server, it can reveal your IP address; if it has security holes, a malicious stream could be used to attack your computer.

Tails mitigates the "direct connection" risk by setting its firewall to block outgoing non-Tor connections, but it does little to protect you against insecure programs.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.