Opened 12 months ago

Last modified 12 months ago

#26147 new defect

Information leaks with automatic searching via URL bar.

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

In the Tor browser, if you enter a malformed URL, it immediately thinks it's a search query and pushes that malformed URL over to the assigned default search (DDG, Startpage, etc)

This is a type of information leak.

It would be better if a malformed URL is entered and you press Enter, you're asked if you are sure you want to search for this or not.

It could be in a strip appears under the URL bar, like the strip that appears when you first run the Tor browser for the first time asking about the default configuration, or a popup from the URL bar, like the enable canvas or enable notification popups.

Child Tickets

Change History (4)

comment:1 Changed 12 months ago by cypherpunks

Or it could be like the black strip that appears when you maximize the tor browser.

comment:2 Changed 12 months ago by Dbryrtfbcbhgf

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team

comment:3 Changed 12 months ago by Dbryrtfbcbhgf

please ignore my comment.

Last edited 12 months ago by Dbryrtfbcbhgf (previous) (diff)

comment:4 Changed 12 months ago by cypherpunks

I suggest displaying Yes/No buttons and a Don't ask again checkbox. That shouldn't harm user experience that much, especially those who rely on the address bar for searching instead of the little Search box on the top right.

Note: See TracTickets for help on using tickets.