Only the url videolan.org has been erroneously blocked by the Indian Government. Up to date versions of VLC can be downloaded in India for major platforms in the following manner-
- Through Windows Store for Windows users.
- Through the respective store or repository of all major Linux Distros.
- F-Droid or Google Play Store on Android
- Through Homebrew for MacOS (I don’t understand this one well)
- Through the App Store for Apple TV, iPhones and iPads.
There are no plans to block VLC downloads through these platforms.
IMO, this is how people should download apps like VLC. Admittedly, I haven’t been following this whole story very closely, but from what I remember the rumor is that the downloads on videolan.org were hijacked by a hacking group with malware, warranting its ban from the Indian Government.
App stores and repositories such as those on Windows, Linux, and macOS are typically not susceptible to the same attacks as security is much tighter there, and updates usually have to go through some sort of approval process before being pushed to users.
Downloading software through its site/installer is archaic and just asking for problems like this. I think everyone should try to stick to the store provided by their OS as much as possible.
I did some more digging. Seems like the action taken by the Government of India is not as ridiculous as it seems on surface. VLC Media Player has become an attack vector due to reasons beyond my comprehension. Contributors at VideoLan refuse to do anything about it, but continue to pretend that they have no idea why they have been banned. They blame the lax Windows security, which is a valid argument to a certain extent.
Read this thread to gain better understanding of the issue - Has Cicada's hack been corrected? - The VideoLAN Forums
@ralphcrew So what do you recommend ? Should we use VLC player or not. I had it installed already via winget earlier and was thinking of removing it after hearing it in the news. Also any alternatives you suggest that has supports all video codec.
As far as I understand, you probably don’t need to worry if your threat model does not included state level actors like Cicada or CIA. The exploit requires an access to the computer’s file system. Its not fair that VLC got singled out in this manner, as several other applications which allow DLL side-loading are similarly affected. I am not an cyber-security expert, so take what I say with a pinch of salt. There is a lot of confusion on the topic. The exploit in question seems to be Windows specific, so using VLC on other platforms is not of any particular concern. Do make sure that you download VLC from official sources only.
I personally recommend MPV, it’s soooo good
Good suggestion. I considered MPV, but the lack of official builds deterred me. Though Chocolatey for Windows is a name I recognize. Also, I like to support big name open source projects and slow their decline if possible. It is far easier to convince someone to use VLC which they might have heard about vs. MPV, which almost no one outside Linux/Open Source community knows about.
A slightly off-topic question, but will you consider MPV Android to be better than VLC Android? VLC Android is surprisingly polished imo.
Do you have any idea if MPV is susceptible to the same kind of DLL sideloading exploit or not?
People often fear that more dependence on app stores will mean people running these app stores will be able to control what applications you can use. Personally, I consider this to be a legitimate fear only on Windows.
I’ve never used mpv on Android, also idk if it’s prone to dll exploits
I’d say this is a pretty legitimate fear if app stores are kept very closed and controlled like they are on Windows and iOS. Linux and Android let’s you add your own repos and stores which is a far better solution in case you lose trust in your main store’s provider.
I was asking about DLL Sideloading hack (not sure if it can be called an exploit) for MPV on Windows. VLC on Android is fantastic, so I am not looking to use something else.