Update check is insecure and not private
Currently, Pitivi makes a request to http://www.pitivi.org/releases.txt every time it is run. There are a number of issues with this.
- Privacy considerations: neither pitivi.org nor anyone else monitoring the connection should be able to tell who uses Pitivi or when and how often it is used.
- Unencrypted connection: an attacker can easily modify the response. This makes it possible for the attacker to trick users into downloading a new (malware-infested) version from the (non-HTTPS) website. In addition, by sending an extremely long version number (like '999.' repeated 500+ times), an attacker can prevent Pitivi from launching.
Gdk-Message: HH:MM:SS.mmm: Error 71 (Protocol error) dispatching to Wayland display.
I don't think pitivi.org nor anyone intercepting the connection should be able to do this.
Possible solutions:
- Remove the update check altogether (it does more harm than good, in my opinion)
- Add a build-time option for disabling this check (ideally disable it by default)
- Allow users to disable this check (ideally disable it by default)
- Verify that version numbers are of reasonable length (doesn't resolve the privacy issues)
- Use HTTPS (doesn't resolve the privacy issues)
Edited by Ghost User