currency conversion support: privacy, security and future proofing issues
Submitted by Paul Wise
gnome-calculator downloads currency data via an insecure protocol with no user-visible warning:
There are various possible problems with that:
Users do not have any say in when/if the data is downloaded.
It is easy for network-based attackers to manipulate currency conversion results by giving incorrect conversion rates.
It would be easier to exploit parsing/etc bugs for network-based attackers.
The IMF/ECB and any network attackers are notified when users switch to Financial mode or do a currency conversion for the first time and when updates happen.
If the data changes URL or format then the currency functionality will be broken.
Please adjust the feature so that:
All downloads of the currency data are explicitly initiated by the user by default.
There is an option to auto-update the data and an indicator in the UI when data will be downloaded.
Data is downloaded from a trusted server such as via a proxy on gnome.org.
Data is downloaded over https and the certificate is pinned.
Data is downloaded over Tor if it is available.