211

Warning: Gnome file manager (Nautilus) can make remote requests when previewing files (toast.ooo)

submitted 5 days ago* (last edited 5 days ago) by hendrika_gelya@toast.ooo to c/linux@lemmy.ml

31 comments fedilink hide all child comments

I just found this out recently. So this isn't actually Nautilus itself but it's the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, any third-party requests will leak out the clearnet.

This is an open issue and I don't expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the sushi package). On atomic distros if Gnome Sushi is installed as a flatpak you might be able to revoke internet permissions for it using Flatseal, though I have not tested this.

Edit: I'm aware that KDE also has file previewers, but I'm not sure if they have the same issue. If anybody else knows please leave a comment letting us know

top 31 comments

sorted by: hot top controversial new old

[-] ReakDuck@lemmy.ml 5 points 2 days ago

People say Qt sucks. But there is literally no better alternative to the KDE environment. Either Dolphin or tons of other apps just have more features and settings compared to GTK ones.

Unsure if they have the same issue

[-] fuckwit_mcbumcrumble@lemmy.dbzer0.com 50 points 5 days ago

While good for privacy, this sounds like an awful UX change for the average person. Some sort of nice toggle to disable it would be good, but removing it all together would probably annoy more people than it benefits.

[-] TunaLobster@lemmy.world 32 points 4 days ago

Woah there! This is GNOME. You don't get choices.

[-] reddit_sux@lemmy.world 3 points 2 days ago

Maybe we will get an extension

[-] Rogue@feddit.uk 36 points 5 days ago

It could be implemented the same as most email clients do. A simple message "load external content" with an option to always load.

[-] Xanza@lemm.ee 17 points 4 days ago

A setting that pulls information from the clear net should be up to the user and not a default setting, IMO.

[-] golden_zealot@lemmy.ml 3 points 3 days ago

I went and checked out Thunar because of this post, and regardless of the original intention, I have found a file manager I much prefer as a result. Thank you.

[-] Ferk@lemmy.ml 21 points 4 days ago

Thunar is a much better alternative, in my opinion.

[-] brax@sh.itjust.works 13 points 4 days ago

Agreed. I fucking hate Nautilus - especially the way it fucking tries to filter everything instead of jumping me to where I'm typing. It makes navigation so much slower

[-] ReakDuck@lemmy.ml 2 points 2 days ago

I hate, when programs like Firefox or anything else uses something like Nautilus to pick the file.

I can't even press ctrl+L to change the URL of my filesystem where I want to be. I need a lot of clicky GUI to get to the desination...

[-] nodiratime@lemmy.world 1 points 3 days ago

When in doubt, avoid anything gnome.

[-] dallen@programming.dev 1 points 4 days ago

I always install thunar into my gnome.

[-] BaconIsAVeg@lemmy.ml 2 points 3 days ago

Oh no! Anyways ...

[-] that_leaflet@lemmy.world 10 points 4 days ago* (last edited 4 days ago)

Good thing I use the Flatpak version of Sushi, I’ll just remove the network permission.

[-] swelter_spark@reddthat.com 1 points 3 days ago

Good to know, even though I'm not a Gnome user. I wonder if it will work with torsocks.

[-] tasankovasara@sopuli.xyz 8 points 4 days ago

Thanks for tipping the previewer's name. Not concerned with the (valid) sec aspect personally, but I've accidentally hit space a couple of times since meta+shift+space is Sway's default for floating / tiling a window and I don't use the preview anyway. Let's uninstall.

[-] cmgvd3lw@discuss.tchncs.de 11 points 5 days ago

Well its also a simple browser so it will preview the HTML page like any other browser would. But I don't know about audio files though.

[-] Zagorath@aussie.zone 20 points 5 days ago

IMO a "simple browser" of this sort should display literally only the content in the HTML file itself. It shouldn't even view CSS stored in a separate local CSS file, let alone reach out to the web to download more content.

[-] hendrika_gelya@toast.ooo 10 points 5 days ago

Yes but an HTML file is very different from a website. At the very least I'd like an option to disable all remote requests, or disable previews for certain file formats.

[-] grrgyle@slrpnk.net 4 points 4 days ago

OpenSnitch, do your thing!

[-] hperrin@lemmy.ca 4 points 4 days ago

It probably downloads remote images in PDFs too, but I don’t know that for sure.

[-] Lemmchen@feddit.org 1 points 3 days ago* (last edited 1 day ago)

Does KDE's Dolphin suffer from this, too?

[-] marauding_gibberish142@lemmy.dbzer0.com 2 points 4 days ago

Use the image viewer used by TAILS

[-] darklamer@lemmy.dbzer0.com 2 points 5 days ago

Thanks for the tip! Despite never actually using sushi, I had it installed so now I've uninstalled it to avoid using it by accident.

[-] that_leaflet@lemmy.world 5 points 4 days ago

It’s actually pretty nice in some situations.

One thing that bites me about Loupe / Image Viewer is that it always goes through images in alphabetical order, despite the sort option you have set in nautilus.

Sushi does go through items using the same sort option set in nautilus.

Though it can be finicky with videos, so I don’t use it for that.

[-] easily3667@lemmus.org 1 points 4 days ago

Still not worse than the simple act of having to use gnome for longer than it takes to install something, anything else

this post was submitted on 26 Mar 2025

211 points (95.7% liked)

Linux

52636 readers

1077 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz