Disable auto loading of icons #519
Comments
|
Hi @cstackpole, First of all, Buttercup only makes network connections (currently) for the following items:
No personal information is sent with any request. We do look for icons at the domains that you've stored, yes. I'm sorry if this functionality makes you feel less secure - we wouldn't have implemented it if we felt there was a risk of exposure - but this way has been terribly effective in producing icons without needing loads of infrastructure behind us to support such a small feature. Having a dedicated server to query for icons does sound appealing, and is probably something we'll look into in the coming weeks. EDIT: Configuration & Settings per user is also something we've had planned, but just not the bandwidth to complete. This could be disabled there as well, if it were integrated. |
|
@perry-mitchell A proxy for downloading the icons doesn't sound so bad. It certainly makes things easier. We should also look into settings... we can add a setting item for enabling/disabling it, so when we add the settings UI, the user can turn it off perhaps? |
|
Greetings, A fancy icon is not at all worth the cost for my privacy. Doesn't even come close. This should be an opt-in by default; not an opt-out after the damage is done. |
|
I agree and believe that your expectations are reasonable @cstackpole - I've created buttercup/dossier#2 in light of this discussion. Thanks. |
|
Depends on #140 |
|
@perry-mitchell We can understand that you are beginner in security and privacy, and maybe you only intend this app for personal use but if you would like your app to be used by businesses and enterprises it would be worth considering placing this functionality behind a setting. This isn't a chat app going to gravatar -- it's a password manager unexpectedly reaching out to banking websites, health insurance websites, internal company resources, etc. I've already verified basic auth credentials are not used when adding a URL like http://username:[email protected]/ (no requests are made) however the app does make requests with query string params included. If you start up a local server with Icons are a nice, expected feature but it looks like you should get some outside help on this. |
|
A more simple way could be to just ask every time... |
Not a beginner, no.
No, we intend it to be used in businesses as well.
We're aware of this and the security implications. We have stated several times that we're going to change this. We don't have time to address every single issue immediately. We'll definitely clean this up when we can - all contributions are appreciated and we'd hope that others might lend a hand with such items. EDIT: Maybe in the mean time we could start by requesting icons only from the root domain. Next (better) step would be to use some kind of lookup without making requests from the users machine to the service. |
@jenstornell I understand the thought behind this, but it might be troublesome if you have many 10s or hundreds of entries. |
|
I've added a small checkbox to my preferences PR. That was the quickest solution I could find. |
|
@perry-mitchell @ph1p thank for the latest updated. How does this new icon management works? I did not find much info in PR #744. |
|
is there any way that we can request the icon of an entry manually? Something like an "Get Icon" button or something else? |
|
@Ricain The new icon library is a transitional upgrade.. so there's a collection of some more popular sites' icons stored locally, and that's it. No requests, so security implications. We'll upgrade it later to provide a more flexible system of icon management - one that will most likely request them from our servers (no logs kept). @julianpoemp Currently no, but that's a great idea! |
|
Having so many entries now - all with the same "none" icon - is very annoying I have to say. |
|
@nickbe We have an icon fetcher which was used for this in the past. It could be added again and mentioned in the options so that it could be enabled so that icons are fetched. I for one would also enjoy this functionality. |
|
Yes please! Just add a little "get Icon from site" button. So it stays optional but is only one click away from doing its thing. (I wonder: Why would I store a passwort from a site I don't trust enough to fetch a favicon from when I have to actually open the site and do something for which I need a password manager in the first place. May it's just me asking stupid questions - but this sounds a lot like tinfoil hat people to me) |
|
@nickbe As I mentioned earlier, once upon a time I did work with the tor project (for clarity sake, no longer associated in any way except as a financial supporter and occasional user at this point). If the password manager starts blabbing on a monitored network to a site in a restricted country, that could have extremely negative (and potentially deadly) consequences. Any of the highly publicized whistle-blowers could have been in deep trouble for a network leak like that. One last example of personal experience, I was heavily involved in a cyber-security team at a past job...I REALLY don't want to be associated with some of those sites if I'm not connected through tor and under some greater entity's legal protection! For the record, I did keep a separate password vault for that job - as I do for all my jobs - and I long ago ditched those accounts because I don't want to be associated with those sites. But it could have been bad news if my home IP randomly connects to one of those sites simply because I opened my password manager. My point, for which I am very grateful that it was addressed by the developers, was that my password manager shouldn't connect to sites unless I explicitly allow it to do so. I think having a button to "get Icon from site" would be good since it would be user controlled and initiated. But at no time do I want it reaching out to sites without telling me. My opinion anyway. :-) |
|
Sounds reasonable of course. Didn't think of country specific restrictions or suchlike. |
|
instead of a button that consumes space on the GUI there could be two menu items: 1) "Refresh all icons" and "Refresh icon from selected". These menu entries could be in the context menu, too. That are just suggestions, I'm fine with an easy "get icon" button, too :) |
|
Maybe we can add a new tab or something else to the "Preferences window" (#882) with an editable domain black list and a checkbox that is disabled by default to turn the icon feature on and off. |
|
The easier the better. For me a context menu item on the icon would be good enough. |
Greetings,
For reasons of my own, I'm looking to replace KeePass. I was recommended Buttercup and after some testing with junk data I decided a proper test would be to import my YEARS worth of history from KeePass and give Buttercup a try for a while as my primary.
I instantly regretted it. To my horror, icons started to appear associated with URL domains. Which means my password application IS TALKING TO THE INTERNET WITHOUT MY EXPLICIT PERMISSION! WTF else is it talking to on the network that it isn't telling me about???
Even WORSE I have sites that I no longer associate with, but still have accounts listed in my KeePass. Please please PLEASE tell me that the icons came from some general icon website and that Buttercup did not just query the sites directly. Please tell me that this app didn't just query websites that I no longer wish to be associated with from my home IP WITHOUT MY EXPRESS PERMISSION!
A password vault is supposed to keep my information safe. Not blab freely on the internet!
How do I disable the auto-loading of icons (and/or disabling of any other kind of internet access without my explicit permission)?
Thanks.
The text was updated successfully, but these errors were encountered: