Roter Kater: > Would it be desirable and possible to change a default behaviour from > the unsafe web browser: > > If you (mis)type the name of something within your network (let's say > you want to acces your router's config page), then the default search > engine = google pops up and you are faster than you like out there in > the WWW without TOR.
Understood. I agree that this leak could be pretty bad. I'm also thinking about mistyping something like @protocol://user:password@LAN_server@ thus leaking credentials. > Would it be possible to disable the standard search engine for unsafe > web browser in a persistent way? I think disabling web search in the address bar to plug this type of leak makes sense, so I opened a ticket about it: https://labs.riseup.net/code/issues/12540 And I think this should be done by default, not be optional. Options cost a lot in terms of code complexity and increased maintenance, more scenarios to consider when debugging, added complexity for users, etc. So we only want to add options for truly important security decisions and usability vs security trade-offs. > Would it be possible to forbid (preferrably as default, also as > persistent setting) the unsafe browser to leave the own private > network at all? (Tails should know by DHCP the IP range supposed to > be the private network) The Unsafe Web Browser's main (read: only supported) use case is to login on captive portals. On some networks the web server hosting the login page resides on the Internet, not on the LAN, so that won't work. :/ This issue does not look important enough to me for introducing an option (see above). Cheers! _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
