"Actions for" function can accidentally send private chat logs to google
ups wrong repo. Open ticket about the matter is here: gajim#10423 (closed)
When I make right click on a marked text in any chat (also in OMEMO encrypted chat) several option appear. One option is called "Actions for...". If you choose that by just moving the cursor over it, a submenu shows up presenting you several options. What ever option you choose, it will send the marked text to your default browser. If you choose the option "Web Search it", parts of your chat will be send to google.
By choosing this design, a user only needs to make a single wrong click and chat logs from an OMEMO encrypted chat can be send to google.
there can be different reason this function can lead to unwanted result.
- your cursor (this also can have different reason, what they are is not important, important is that it happens) doesn't move smooth, and so you accidentally make a single wrong click
- you are notorious curious and like to click and learn from the result rather then thinking prior what that outcome will be. You've been told that private OMEMO encrypted chats are secure, so you believe you can't make something from within that chat, that will send your chat logs in clear to google
- you want to choose "open as link", but accidentally you missed it by a few pixel. You also marked to much of the text, because you're under high stress or new to gajim ...there will be more reasons, that's just what came to my mind first.
But it's safe enough, because you need to make multiple clicks to get there?
This is wrong. It only requires one single wrong click. Example: You wish to quote a text, so you mark it and right click. A menu pops up and you wish to choose "Quote", but accidentally you click "Web Search it". Result: One wrong click leaks your chat log to google.
I reported this already via gajim's MUC.
Some quotes from Lovetox responding to my report:
07:25:00 PM] lovetox: yeah and? there are a million reasons how you can post unwanted data to the internet [07:25:08 PM] lovetox: dont use it if that scares you that much
I don't mind for myself, I care to find software that can serve the "Personas" of Tails best. https://tails.boum.org/contribute/personas/ ..and to contribute by reporting where and how it could do a better job.