StarDict Dictionary's Default Settings Leak User Text Selections
StarDict, a popular cross-platform dictionary application, has been found to contain a serious security vulnerability. Under X11, its default configuration sends user-selected text via unencrypted HTTP to two remote servers. This vulnerability stems from its default-enabled "scan" feature, which monitors user text selections in real-time and automatically provides translations. While the maintainer suggests that disabling the scan functionality or the YouDao plugin resolves the issue, security experts argue that features with privacy risks should never be enabled by default. This is not the first time such a vulnerability has been reported; previous similar reports existed but fixes were incomplete, potentially exposing users to text leaks for years. Although the number of StarDict installations on Debian is low, the issue highlights the persistent existence and delayed resolution of security problems in open-source software maintenance.