| ▲ | eadmund 6 days ago | |
The Wayland framing at the end strikes me as misleading. This gets it exactly right: > Or maybe StarDict would have started asking for special permissions to let it work on Wayland, and users would have accepted those defaults the same way they currently do. Yes, that’s what it would do. Its installer might even configure that special permission automatically, without user intervention. Malware’s gonna mal. Wayland might help defend against some things, but it’s not going to defend against packages installed as part of the distro. | ||
| ▲ | heresie-dabord 5 days ago | parent | next [-] | |
It is not misleading, Wayland is better than Xorg in this particular respect. But the other concern is part of the systemic problem. Consider that the data that was transmitted was sent in the clear! > StarDict ... while running on X11, using Debian's default configuration, it will send a user's text selections over unencrypted HTTP to two remote servers. > Any user who did read the description of the package, and who knew what the YouDao plugin would do, might nevertheless expect the resulting communication to at least be encrypted. But the plugin actually reaches out to its backend servers — dict.youdao.com and dict.cn — over unsecured HTTP. So, not only are these servers sent any text the user selects, but anyone who can view traffic anywhere along its path can see the same thing. | ||
| ▲ | kelnos 5 days ago | parent | prev [-] | |
It's extra misleading, because "Wayland" isn't a thing when it comes to policy like this. Unless a compositor implements some sort of user approve/deny UI when an app requests access to the clipboard, apps on Wayland can snoop on the clipboard just as easily as on X11. I haven't run GNOME or KDE in Wayland mode, so maybe they do implement something like that, but none of the wlroots-based compositors I've tried do. | ||