edit: Problem solved, davidb informed me about the vulnerability in version 3.0.4, and that it is fixed in the new version 3.0.6. Somehow Spyhunter thinks i still use 3.0.4, which in turn is the actual problem i had with Spyhunter, not VLC.

Spyhunter 5 has been bothering me about potential data leaks from vlc media player. The vulnerability is generally based on publicly available information.
It would be a shame if i have to switch, been using vlc for as long as i remember. It is probably the best media player out there, but i hate sharing my personal data in any way or form.

Spyhunter msg:

• Severity: Medium, VLC media player (Version 3.0.4)
  • The CAF demuxer in modules/demux/cad.c in VideoLan media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in Caf files, because a ReadKukiChunk() cast converts a return value to an unsigned int, even if that value is negative. This could result in a denial of service and/or potential infoleak.

Is this even anything to care about? I have updated VLC including removing cashe and still get the alert. Is a rollback another option perhaps?

i was reading careem's privacy policy (yeah using the app from yeah & didn't read privacy policy yet) & i found they collect almost everything & sharing it with 3rd parties & while dragging down i saw "access your info" section i found they want from you money to send you a copy of your data (WTF ARE YOU KIDDING ME, YOU STEALING MY DATA & WANT MONEY TO REQUEST MY DATA) so its so mean from careem to get money to give you right its already free & its collect your data so its very bad move so i decided to use Uber within browser (in new profile in firefox) to stop uber from stealing my data in phone & to be more safe what guys you think ? browser in more safer right ?

EN version(of pic that says careem need money to send you your data): https://i.ibb.co/LYfqFbn/Screenshot-2019-03-30-20-06-52.png

AR version(of pic that says careem need money to send you your data): https://i.ibb.co/rsnRNzm/Screenshot-2019-03-30-20-11-03.png

Careem's Privacy policy (in case you not trust me xD): https://www.careem.com/en-ae/privacy/ & Ar version: https://www.careem.com/ar-ae/privacy/

I was browsing r/privacy today and I came across this guy going on about how Mozilla was just pretending to be privacy focused. Here's his comment. Now I don't really know what to think of this, and frankly, I'm getting really exhausted of hearing about how all the things I'm using aren't actually trustworthy. So can so someone put my mind to rest? Does this guy's claims have any truth to them? Thanks.

Comment Visits Setting

This data is retained for 30 days. After not visiting a particular topic for 30 days, the data about your last visit to it will be deleted.

We've had discussions before about long-lived topics, resurrecting old topics, etc. and the general consensus is that they were good and encouraged. Unfortunately, with the limited 30-day memory for topic read-vs-new comments, resurrected posts become a real pain. The current activity-sorted all-time front page has three topics from 2018, each with over a hundred comments. It'd be nice to read the new activity, but that takes either some tedious Ctrl+F with various terms ("minutes", "days", etc.) to find newish comments or re-reading everything.

I'd like to avoid relying on a third-party extension to handle this (browser and device support, issues with syncing multiple devices, etc.), and I understand the privacy goals. What are people's thoughts on making read-comment memory user-configurable, even if it's just "default 30-days" and "all-time"?