I just found this out recently. So this isn’t actually Nautilus itself but it’s the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, any third-party requests will leak out the clearnet.
This is an open issue and I don’t expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the sushi package). On atomic distros if Gnome Sushi is installed as a flatpak you might be able to revoke internet permissions for it using Flatseal, though I have not tested this.
Edit: I’m aware that KDE also has file previewers, but I’m not sure if they have the same issue. If anybody else knows please leave a comment letting us know
Good thing I use the Flatpak version of Sushi, I’ll just remove the network permission.
Thanks for the tip! Despite never actually using sushi, I had it installed so now I’ve uninstalled it to avoid using it by accident.
Thanks for tipping the previewer’s name. Not concerned with the (valid) sec aspect personally, but I’ve accidentally hit space a couple of times since meta+shift+space is Sway’s default for floating / tiling a window and I don’t use the preview anyway. Let’s uninstall.
Thunar is a much better alternative, in my opinion.
When in doubt, avoid anything gnome.
Agreed. I fucking hate Nautilus - especially the way it fucking tries to filter everything instead of jumping me to where I’m typing. It makes navigation so much slower
Still not worse than the simple act of having to use gnome for longer than it takes to install something, anything else
They know what’s good for the user, be greatful.
What’s good to the user is what the user wants its device to do. Simple as.
I have the sneaking suspicion this was supposed to be sarcastic, but the Internet doesn’t carry “tone”… Am I correct? 😂
Yep
Well its also a simple browser so it will preview the HTML page like any other browser would. But I don’t know about audio files though.
Yes but an HTML file is very different from a website. At the very least I’d like an option to disable all remote requests, or disable previews for certain file formats.
Oh no! Anyways …
People say Qt sucks. But there is literally no better alternative to the KDE environment. Either Dolphin or tons of other apps just have more features and settings compared to GTK ones.
Unsure if they have the same issue
While good for privacy, this sounds like an awful UX change for the average person. Some sort of nice toggle to disable it would be good, but removing it all together would probably annoy more people than it benefits.
It could be implemented the same as most email clients do. A simple message “load external content” with an option to always load.
A setting that pulls information from the clear net should be up to the user and not a default setting, IMO.
Woah there! This is GNOME. You don’t get choices.
