Star leaky app of the week: StarDict
theregister.co.ukAs Trixie gets ready to début, a little-known app is hogging the limelight: StarDict, which sends whatever text you select, unencrypted, to servers in China.
A discussion on the oss-security mailing list on OpenWall highlights an interesting feature of an apparently innocuous dictionary app that's included in Debian: StarDict, a Gtk app that looks up text and displays the definition in a tooltip. The alarm was raised by Vincent Lefèvre from INRIA in an email titled StarDict sends the user's X11 selection to the network:
With some plugins, StarDict sends the user's X11 selection from other applications to some servers: dict.youdao.com
and dict.cn
(both Chinese servers).
Debian developer Maytham Alsudany responded that this isn't a bug:
Yes, that's a feature: it will lookup your selections in local and online dictionaries, and by default it searches English-Chinese dictionaries. You can disable it in ...
Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE