Opened 12 months ago
Last modified 12 months ago
#26147 new defect
Information leaks with automatic searching via URL bar.
| Reported by: | cypherpunks | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
In the Tor browser, if you enter a malformed URL, it immediately thinks it's a search query and pushes that malformed URL over to the assigned default search (DDG, Startpage, etc)
This is a type of information leak.
It would be better if a malformed URL is entered and you press Enter, you're asked if you are sure you want to search for this or not.
It could be in a strip appears under the URL bar, like the strip that appears when you first run the Tor browser for the first time asking about the default configuration, or a popup from the URL bar, like the enable canvas or enable notification popups.
Child Tickets
Change History (4)
comment:1 Changed 12 months ago by
comment:2 Changed 12 months ago by
| Component: | - Select a component → Applications/Tor Browser |
|---|---|
| Owner: | set to tbb-team |
comment:4 Changed 12 months ago by
I suggest displaying Yes/No buttons and a Don't ask again checkbox. That shouldn't harm user experience that much, especially those who rely on the address bar for searching instead of the little Search box on the top right.
Or it could be like the black strip that appears when you maximize the tor browser.