Post · bonfire.cafe

#StarDict Plugins in #Debian 13 Raise #Privacy Concerns • Linuxiac

｢ Once triggered, StarDict sends the selected text in plaintext over HTTP to third-party servers in China, namely dict.youdao.com and dict.cn. And to make matters worse, these requests are made over unencrypted HTTP, making the data visible to anyone monitoring the network—whether on a local LAN or through a compromised router ｣

https://linuxiac.com/stardict-plugins-in-debian-13-raise-privacy-concerns/

Diane

@alienghic@timeloop.cafe replied · 2 months ago

@jbz

So, it's not implausible that you might want to contact chinese websites for an online chinese dictionary.

But it really should be patched to be doing it over https, as far as I can tell all the sites stardict youdaodict plugin is trying to talk to do have TLS certificates.

John Livingston

@John_Livingston@mamot.fr replied · 2 months ago

@jbz
Is stardict installed by default on a desktop Trixie?

jbz

@jbz@indieweb.social replied · 2 months ago

@John_Livingston I don't think so.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.1 no JS en

Automatic federation enabled