I know that privacy is different from anonymity, but assume Whonix devs and community care about both quite a bit!
Two possible concerns about opening PDF files in Whonix:
-
When clicking on a hyperlink inside a PDF file, is it possible that ‘HTTP referrer’ info (e.g. with the PDF filename in the referrer) is leaked to the hyperlink’s webserver and thus being a privacy concern (and also anonymity, if the user has ever clicked on the link outside of Whonix and the conditions are obscure enough)? I don’t have a webserver to test my own test link with but am very curious. What could be done if this is the case? A warning message inside the existing ‘confirm open’ dialog at the very least?
-
In Okular, Whonix’s PDF reader by default, in settings ‘Obey DRM limitations’ is ticked by default. Now, I have come across this alarming PDF technology: https://www.locklizard.com/track-pdf-monitoring/. It appears to be a way to track users opening a PDF via PDF DRM technology. Can anyone find or generate a PDF with DRM tracking code in it and confirm that this priv/anon risk? Suggestion: at the very least, please Whonix devs change the Workstation template VM to have that Okular setting unticked by default (if that is possible via .conf files in the filesystem).
Thanks and stay safe