on
An open-source home theater interface. You can use it with local media or various plugins.
It would be a privacy-respecting alternative to Fire TV, Apple TV, Roku, etc.
Media Player Software
Iâm creating this forum topic to discuss changes being proposed in this PR with the rest of the community, because it is missing a topic here.
Kodiâs app lacks the App Sandbox on macOS as well as disabling library validation which is an important security feature (in Appleâs own words). They offer an official flatpak which is great to see, but flat hub warns about it being potentially unsafe. Media players are vulnerable to malicious files so itâs important for them to be as secure as possible.
This is also somewhat relevant to the VLC discussion, but I feel more strongly about listing Kodi and other private Smart TV alternatives than PC media players so Iâll continue it here.
I think playing untrusted media files is actually a very niche use-case in this situation, because this is only used with locally owned media, and isnât dynamically downloading media (like a web browser) or accepting media from random senders (like an instant messenger).
The privacy benefits of protecting your media watching telemetry from commercial streaming services, Smart TV manufacturers, and other parties like this clearly outweigh these security concerns for most people in my opinion.
I disagree, people download media off of unsafe torrent sites and play it locally all the time. Your media player is your first line of defense, it should have the maximum protections.
Thank you guys, I was gonna do it later since I was at work but you did it earlier
anywho I have expressed before
I think kodi does handle the permissions better on the flatpak version so I am kinda opposed to removing it, However what does everyone think
might be off topic but since suggestions for a new section just started popping up I figure maybe its okâŚ
@jonah Is this section going to be meant for playing your own personal media locally only or would something like Torbox be worth considering?
I understand debrid services are typically associated with piracy but thats not their sole use. Having options to host and download legally obtained media without massive hardware costs might be useful in this type of section.
This section would only be for software, so service providers would be a separate category. You can always open a new suggestion at any time, even for categories that donât exist yet, but something like that wouldnât be added in this particular PR.
This seems pretty speculative to me, I totally disagree with the premise that most people with local media obtained it through piracy.
For people who obtain their media via ripping DVDs/CDs/etc that they purchased or obtained from a library or something, this is a risk not really worth worrying about, because commercially available media content is just not going to have this problem.
It is not really our responsibility to cover this either. Whether a media file is trusted or not is at the discretion of the owner of that media, not usâŚ
Pragmatically, it is true that media was acquired through piracy for the most part for the vast vast majority of people.
Yes this I agree with.
I didnât say that, I said people torrent things all the time. Itâs well known.
As a privacy and security focused website, itâs our job to offer the most private and secure options.
Yes, and for trusted local media content what is the risk of using Kodi?
Everyoneâs definition of trusted is different. For a large amount of people âtrustedâ media is something they torrented. The trusted vs untrusted distinction doesnât really matter, if it wasnât trusted they wouldnât play it in the first place. You could make the same argument for software: just run âtrustedâ software and youâll never get a virus. No need for sandboxing or any security measures.
A little pedantic here because people do this with torrented media because they are not evaluating it for if they get a malware or not. They just want the media and watch the movie no matter what. Technically, your point is logically sound but doesnât work from anecdotal evidence and pragmatically thinking/evaluating it.
The way I see it, as soon as youâre relying on humans to manually figure out whether something is malicious or not, youâve failed. Apps and platforms should be designed to be as secure as possible because people will run malware.
Yes yes - a good point. In a perfect world, I am with you. But we donât live in it.
I am just taking a more realistic and practical approach to this discussion and thinking behind it.
We can simply define our definition of the word trusted on this page so that readers know what we mean when we say âonly use this software with trusted media.â
For the majority of people who are using my definition of trusted and are only playing ripped contentâŚ
I donât think you are really running a proper threat model / cost-benefit analysis here. Malicious media files only really show up in targeted attacks in the real world. There is no doubt that the risk exists, but it is outweighed by the privacy benefits in this case, so we should lean towards a positive recommendation.
They are exploited in non-targeted attacks all the time. This is something that affects a lot of people. Iâm not really sure what the privacy benefit is, kodi is just a nice interface to play your media. You can always just plug a computer into your TV and play media that way even if itâs not pretty.
Hereâs something thatâs very common thatâs not even related to torrenting.
I feel like honestly what youâre describing reminds me of the Firefox situation
as @jonah said with this, It is possible and should be cautious but there hasnât been any real world scenario that has happened when it comes to the files
What I also agree with Jonah is that the files itself is the responsibility of the user and nothing a media player can do to mitigate this. Of course if theyâre right on maintained which kodi and VLC are they would have addressed enough of the vulnerabilities if not respond to em but getting files is a whole different story.
As always qe donât encourage piracy, I really do suggest people own their media (such as buying DVDs) and ripping the media they own rather than pirating but again the way these media files were to get is honestly beyond our control.
Kodi expands beyond this
it has an interface that is like the steam big picture but for media and games and does natively support controllers, especially IR ones and probably controllers too.
and with plugin support but as I placed in the cautionary tale but usually they should be just fine.
You remember these Insecure TV Boxes we used to get that probably came with pirated movies or otherwise can act as a TV but also has the interface? Thatâs what Kodi is replacing.