Warning: Gnome file manager (Nautilus) can make remote requests when previewing files
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Well its also a simple browser so it will preview the HTML page like any other browser would. But I don't know about audio files though.
-
Well its also a simple browser so it will preview the HTML page like any other browser would. But I don't know about audio files though.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage). -
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Thanks for the tip! Despite never actually using sushi, I had it installed so now I've uninstalled it to avoid using it by accident.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).While good for privacy, this sounds like an awful UX change for the average person. Some sort of nice toggle to disable it would be good, but removing it all together would probably annoy more people than it benefits.
-
While good for privacy, this sounds like an awful UX change for the average person. Some sort of nice toggle to disable it would be good, but removing it all together would probably annoy more people than it benefits.
It could be implemented the same as most email clients do. A simple message "load external content" with an option to always load.
-
Well its also a simple browser so it will preview the HTML page like any other browser would. But I don't know about audio files though.
IMO a "simple browser" of this sort should display literally only the content in the HTML file itself. It shouldn't even view CSS stored in a separate local CSS file, let alone reach out to the web to download more content.
-
While good for privacy, this sounds like an awful UX change for the average person. Some sort of nice toggle to disable it would be good, but removing it all together would probably annoy more people than it benefits.
A setting that pulls information from the clear net should be up to the user and not a default setting, IMO.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).It probably downloads remote images in PDFs too, but I don’t know that for sure.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Thanks for tipping the previewer's name. Not concerned with the (valid) sec aspect personally, but I've accidentally hit space a couple of times since meta+shift+space is Sway's default for floating / tiling a window and I don't use the preview anyway. Let's uninstall.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Thunar is a much better alternative, in my opinion.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Good thing I use the Flatpak version, I’ll just remove the network permission.
-
While good for privacy, this sounds like an awful UX change for the average person. Some sort of nice toggle to disable it would be good, but removing it all together would probably annoy more people than it benefits.
Woah there! This is GNOME. You don't get choices.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).OpenSnitch, do your thing!
-
What's good to the user is what the user wants its device to do. Simple as.
-
Thunar is a much better alternative, in my opinion.
Agreed. I fucking hate Nautilus - especially the way it fucking tries to filter everything instead of jumping me to where I'm typing. It makes navigation so much slower
-
Thanks for the tip! Despite never actually using sushi, I had it installed so now I've uninstalled it to avoid using it by accident.
It’s actually pretty nice in some situations.
One thing that bites me about Loupe / Image Viewer is that it always goes through images in alphabetical order, despite the sort option you have set in nautilus.
Sushi does go through items using the same sort option set in nautilus.
Though it can be finicky with videos, so I don’t use it for that.
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Still not worse than the simple act of having to use gnome for longer than it takes to install something, anything else
-
I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, it will make requests through the clearnet, exposing your IP.
This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the
sushipackage).Use the image viewer used by TAILS
-
I have the sneaking suspicion this was supposed to be sarcastic, but the Internet doesn't carry "tone"... Am I correct?
