Opened 15 months ago
Last modified 15 months ago
#26147 new defect
Information leaks with automatic searching via URL bar.
| Reported by: | cypherpunks | Owned by: | tbb-team |
|---|---|---|---|
| Priority: | Medium | Milestone: | |
| Component: | Applications/Tor Browser | Version: | |
| Severity: | Normal | Keywords: | |
| Cc: | Actual Points: | ||
| Parent ID: | Points: | ||
| Reviewer: | Sponsor: |
Description
In the Tor browser, if you enter a malformed URL, it immediately thinks it's a search query and pushes that malformed URL over to the assigned default search (DDG, Startpage, etc)
This is a type of information leak.
It would be better if a malformed URL is entered and you press Enter, you're asked if you are sure you want to search for this or not.
It could be in a strip appears under the URL bar, like the strip that appears when you first run the Tor browser for the first time asking about the default configuration, or a popup from the URL bar, like the enable canvas or enable notification popups.
Child Tickets
Change History (4)
comment:1 Changed 15 months ago by
comment:2 Changed 15 months ago by
| Component: | - Select a component → Applications/Tor Browser |
|---|---|
| Owner: | set to tbb-team |
comment:4 Changed 15 months ago by
I suggest displaying Yes/No buttons and a Don't ask again checkbox. That shouldn't harm user experience that much, especially those who rely on the address bar for searching instead of the little Search box on the top right.
Or it could be like the black strip that appears when you maximize the tor browser.