Package: stardict Version: 3.0.1-9.2 Severity: normal Hi,
"stardict" program in default configuration have by default enabled plugin "Dict.cn 1.0". This plugin sends every searched word by a plain HTTP to a server dict.cn. Translated sentence is send even if local dictionary of local central European language is used and even if "Enable Network dictionaries" in setting is disabled. Disabling plugin itself help, however this is not intuitive. It is not evident that plugins ignore setting from a main settings menu, a user is not noticed about sending a data in any way. After years of using stardict, I became aware of this privacy leakage just after warning from a friend analyzing network traffic. People who enabled automatic translation of clipboard content have their password send in plaintext over the network, when they use a password manager. (I know about at least one such person) Problematic behavior of stardict in default setting have been (not) solved repeatedly, I think both reports are related to this plugin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613236 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534731 Stardict version seems to be the same in all debian versions, from wheezy to sid. I suggest disabling "Dict.cn" plugin in a default configuration. cheers, n. -- System Information: Debian Release: 7.9 APT prefers oldoldstable APT policy: (500, 'oldoldstable'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 3.2.0-2-686-pae (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages stardict depends on: ii stardict-gtk 3.0.1-9.2 stardict recommends no packages. stardict suggests no packages. -- no debconf information
