You are not logged in.
- Topics: Active | Unanswered
#1 2025-08-08 21:24:32
- Altoid
- Member
- Registered: 2017-05-07
- Posts: 1,808
Stardict - possibly problematic application?
Hello:
From today's edition of The Register:
------------------------------------------------
Star leaky app of the week: StarDict
Fun feature found in Debian 13: send your selected text to China – in plaintext
by Liam Proven - Fri 8 Aug 2025 // 15:29 UTC
------------------------------------------------
A discussion on the oss-security mailing list on OpenWall highlights an interesting feature of an apparently innocuous dictionary app that's included in Debian: StarDict, a Gtk app that looks up text and displays the definition in a tooltip. The alarm was raised by Vincent Lefèvre from INRIA in an email titled StarDict sends the user's X11 selection to the network:
With some plugins, StarDict sends the user's X11 selection from other applications to some servers: dict.youdao.com and dict.cn (both Chinese servers).
https://www.theregister.com/2025/08/08/ … p_of_week/
Best,
A.
Offline
#2 2025-08-09 01:27:01
- RedGreen925
- Member
- Registered: 2024-12-07
- Posts: 151
Re: Stardict - possibly problematic application?
With some plugins, StarDict sends the user's X11 selection from other applications to some servers: dict.youdao.com and dict.cn
Yes if you enable english to chinese translation which not a lot of people are going to do. Even if they have it installed which checking here I do not. These click-bait fud spreaders are out in full force on this one, I have seen this posted everywhere by them. With the same zero useful information presented as is typical of those postings, as in this posting as well...
Offline
#3 2025-08-09 06:34:52
- steve_v
- Member
- Registered: 2018-01-11
- Posts: 510
Re: Stardict - possibly problematic application?
Yeah, this is pretty much expected behaviour given the purpose of that plugin. Auto-translating the X11 primary selection is a little unusual, but understandable if the intent is to provide live translation in a tooltip.
The only real problem I see here is that this behaviour doesn't appear to be mentioned in the project documentation... But then the website is a mess and I only read English, so it's entirely possible I just missed it.
In any case, this is a clipboard-monitoring online auto-translation tool sending clipboard content to a translation service. So what? How else would it work, magic?
If anyone is actually concerned, consider this a wakeup to exercise some garden-variety due-diligence with the software you run. The source code is right there in plain sight.
All the noise here is really because it's using the "insecure" X clipboard functionality (which must be demonised wherever possible), and the servers in question are in China (which is the current political boogeyman). Boring, predictable, yawn, etc.
Last edited by steve_v (2025-08-09 06:43:42)
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Offline
#4 2025-08-11 16:45:12
Re: Stardict - possibly problematic application?
Looks like it's not the first time this has been reported.
2009: https://bugs.debian.org/cgi-bin/bugrepo … bug=534731
2015: https://bugs.debian.org/cgi-bin/bugrepo … bug=806960
Translated sentence is send even if local dictionary of local central European language is used and even if "Enable Network dictionaries" in setting is disabled.
Offline
#5 2025-08-18 23:27:35
- Devarch
- Member
- Registered: 2022-10-03
- Posts: 104
Re: Stardict - possibly problematic application?
may be just try goldendict-ng (next generation)
Offline
