hmm, again in my experience looking at the add-ons store, most are made by team kodi and I wouldn’t trust anyone that either doesnt properly list their repo and code or doesn;t have one all together.
It’s why I generally say it’s fine but the user should still be very much careful and I made it abudantly clear that they should be I think but what do you think.
Honestly add-ons is like I think the only way the experience can be expanded upon but yeah.
But In general be careful what you install ← Quote
I see both sides of the argument. I think Kodi offers a much needed much better alternative to phone home solutions and adding it has a lot of value.
But @fria’s point is quite valid. Many people own VHS copies and have no way to “rip” that licensed material, so they torrent it. Also people absolutely will download material illegally and if they get bit, they will judge PG for not warning them.
This is also a high bar IMO.
This is the way. Just move forward with adding it, but maybe add another article (happy to work on it with @fria) and then we add the warning with a link about the risks of torrented files. That in itself is valuable.
2 Likes
If this question is not rhetorical, the TL;DR is that @fria (and others) think that utilizing OS sandboxing (and perhaps other security improvements?) should be a prerequisite to recommending Kodi, and I (and others) think that the risk of it being unsandboxed does not warrant us not recommending it at all, and that it would be perfectly safe to recommend alongside some security education (such as the notes you mentioned).
(I think this is a fair assessment of the thread thus far)
6 Likes
they’re far more likely to get malware via an executable that they blindly run since some operating systems hide file extensions than they are from a video player/codec zero day
2 Likes
I believe that security warnings should be reserved for software that offers a near net gain in privacy
I agree.
Is this the case for Kodi?
Compared to some of the smart TVs on the market, it is worth it; compared to Apple TV, it is debatable.
2 Likes
oh yes, a proprietary black box with mandatory accounts and effectively mandatory subscriptions is a great idea.
death by 1000 cuts
3 Likes
re sandbox: you’ve been able to sandbox Kodi on Linux via firejail for nearly 8 years since I added it: Add a profile for Kodi · netblue30/firejail@d3c16bb · GitHub
4 Likes
Isn’t bubblewrap better? Also I expect them to enable basic security features on all operating systems.
I was gonna say isn’t there now a better more modern sandbox? I forgot it’s name
or was it bubblewrap? hmm, maybe I’m just having a deja vu alright
bubblewrap can’t really be directly used on its own, it needs eg. flatpak to interface with it
but my point was moreso how people are just complaining in this thread as opposed to actually trying to do something to improve the situation
2 Likes
what honestly is the problem Isn’t the Discussion of it’s insecurities but rather the double standard thing (Firefox and DivestOS gets away with it, especially Firefox but no Kodi or VLC of Jellyfin, like eh?).
Like if we genuinely cared about well done security, wouldn’t we have removed Firefox and some linux distros at this point? Like I think you get my problem
As an author, BY ALL MEANS discuss your problems with the recommendation but I would also love to see how it can be solved or at least what can be done about it. Again I don’t want this to turn into a whole liberal thing (and that would honestly be a problem if it did), I do want to make sure everyone or most can be onboard which is why we’re holding back right now and even then till we come to an agreement.
Of course jonah could very well just merge it any second but I do hope that he also understands to hold back to where everyone/most agrees.
I mean I’m down. Firefox is a little more nebulous, I hear about their sandboxing not being as good as chromium but it’s harder for me to see it vs this is very easy to check and has very big security implications.
1 Like
We have thousands of known companies whose sole purpose is to track, profile, and sell our data.
A user agent capable of strong privacy protections is imo more beneficial for the majority of users.
But this veers even more offtopic.
edit: Chrome is about to be antitrusted out of existence and I am hopeful whatever working group or standardization body takes it over (instead of a company like Microsoft) lets it flourish and actually become competitive again as a user agent.
4 Likes
Lol
I mean, that only enforces my point.
Do keep in mind that in the standard criteria wherever applicable is here for a reason and I think I understand why Jonah and others have it.
However I do have to preface that with that, We don’t want things be fully insecure but we also in this case of media players and streaming devices, I don’t think we necessarily want the full security
Now of course we should likely point out security flaws if necessary and someone understanding of their threat model can decide from here.
I think you get the point, like Firefox we would want something in the middle ground where it’s not insecure at least in a manner of targeting even the lowest threat model very easily but can also recommend ways to protect the privacy of others from the likes of smart tvs
I think considering this whole discussion there’s no really middle ground outside of making a guide to make up for it and we can lead them there.
But I do stand firmly that we shouldn’t merge this tools recommendations until we can come to an agreement
edit: just to clarify, this comment it isn’t intended to be for or against the inclusion of Kodi, I’m agnostic about that.
In the case of DivestOS, the harm reduction is taking something bad wrt privacy (proprietary stock android) and replacing it with something less bad/more good (DivestOS).
A prerequisite for calling something harm reduction is demonstrating what harm it reduces relative to the status quo, and why better solutions aren’t feasible/practical. (e.g. not taking drugs from unknown parties is safer than taking those drugs, but prohibition doesn’t work, therefore harm reduction approach focuses on making drug use safer. Similarly DivestOS reduces harm on hardware where better solutions are not possible).
In the case of Kodi (a project that I really appreciate and like), what harm is being reduced? what existing badness does it uniquely eliminate?
But kodi does provide substantial privacy over say the smart TVs that’s where I’m confused here.
Kodi is very cool, but I don’t see it as a replacement for or comparable to a smart TV. It’s a nice UI for organizing, accessing, and playing your local media, and some other things, but it doesn’t really serve the same set of purposes as a smart tv.
digression re: 'ripped' or 'burned' media vs filesharing
WIth respect, I feel like the above is mostly a reference to a different era. I think that those of you premising your perspective on the idea that (in the mid 2020s) there is still a large group of people who rip or burn physical media exclusively (or even primarily), have more to prove than those arguing torrenting is more common.
Ripping owned media may have been common in the early 2Ks when it was common to buy and own your own media, but it doesn’t seem very common these days, mainstream users use paid/proprietary streaming services, non-mainstream users who use Jellyfin, Kodi, etc largely overlap with those using bittorrent, usenet, etc. I personally think it’s unrealistic to assume that most people interested in Kodi, Jellyfin, etc, aren’t sourcing media from bittorrent or usenet for at least some portion of their library.
What else do people want a Smart TV to do…?
but it does, outside of I guess some streaming services but I think someone trying to protect privacy generally wouldn’t use something like Netflix and stuff but I digress.
It does cover TV, Local Media but also DRM-Free streaming like SoundCloud, YouTube, Twitch, Vimeo etc. (etc for if I missed something). Ironically but More importantly it does also cover LBRY and Peertube too which is nice, it seems invidious is here too: Invidious
Now I must remind the warning about add-ons and doing your own due diligence but yeah
Now thay I see it I should definitely fork, learn kodi add-on development and start maintaining the invidious one as it seems abandoned, as for the lbry also that but I do hope there’s anyone else, it goes to show how reliant the community can be in contributing to the kodi ecosystem and they can get burnt out [or maybe there was genuinely no need for change? but there should be]
1 Like
exactly.
In my experience, the most common reason people use Smart TV’s is easy access to the streaming services (Netflix, HBO Max, etc) they use (and youtube) and for some people legacy cable.
I know nobody (in my personal) life who uses a SmartTV to consume their own local content, and a SmartTV wouldn’t be strictly necessary if this was their sole priority (Kodi (xbmc) began well before the SmartTV era)
outside of I guess some streaming services
That is in my opinion and experience the single largest reason people buy Smart TVs and streaming devices. In my experience, consuming owned local content was more common in the pre-smart-TV era.
generally wouldn’t use something like Netflix
I think that is a flawed assumption. Most of us recognize Youtube is privacy hostile (and bad in many other ways) but most of us here do still use it begrudingly.
Compared to Youtube, Netflix is very far down the list of services I spend time worrying about. That doesn’t mean I’m totally comfortable with it, but I’m not overly stressed about it either relative to the other privacy concerns I have.
that is honestly a different argument and tbh replacements like Kodi are mostly meant for those who do care about privacy yet they want to get away with smart tvs and their biggest privacy problems
Kodi does have YouTube and many others but especially drm-free covered but of course for Netflix and other streaming services that is a whole different spectrum
Generally we recommend just buying Physical media and playing them there (ripping them and putting them into a jellyfin or frick, rip them and put them into Kodi ready to play or even buying a dvd/bd player abd playing them there works too) anyways. Not only do you own the content this way but it is far more private than the traditional streaming services and stuff.
I ask you this, why would I want to pay monthly not to own my content and get tracked by Netflix and others about what I’m watching when I could do this instead, I think you get the point of what we’re trying to protect from and it why we’re accomodating these tools with a guide to make up for it.
This post is totally not sponsored by my favourite physics media enjoyer, AustralianPods (Bite me Disney, I'm back to discs. - Invidious), speaking of, if DankPods enjoys having physical media, how couldn’t others, especially if transitioning away from Netflix and stuff I feel like taking the steps to advocate and afford for physical media goes a long way. And as DankPods once said, the Purchases of these will be the receipts.
And I mean, I do genuinely want to start buying my anime shows especially starting with ones I do want to support and enjoyed and putting them to something like jellyfin so I can stream them here whenever I wanna watch them and it’s a pretty good market imo.