Time to revisit this feature. I'll keep it simple here as this will be reflected in the other repos: Add support for the fetching and loading of icons. This will default to enabled, so icons will be fetched for most users (as it seems that the preference is to have this, rather than to prevent such requests).
You're the dev, so your call. I just ask that you make it very clear to the end user that you are happily sacrificing their privacy and security for an meaningless _icon_. Letting the users know that the password manager intended to keep secrets safe freely talks on the internet behind their back and without their consent will ensure people who do care about their privacy and security will use some other application.
I will happily move on. Thanks anyway.
Jesus..... first of all looking at around 300 equal icons it's not meaningless at all. Because instead of just seeing what you search for I have to read through everything now.
And then more importantly: If you store passwords from a site you don't trust then you might consider NOT storing the passwords from that site at all.
myself I have no problem getting oicons from my own company sites, from google, Github, other social sites, developer platforms, and so on....
If you're visiting sites where even getting the damn favicon seems a risk for your privacy then I suggest you seriously consider what you're doing in generel.
It's understandable that you want to be noticed about this, but I really don't understand this kind of paranoia with sites that provide me with accounts anyway. If they want my IP than I'm already logging into their systems - so they have this information already IF they want it.
People who are so very much concerned should use a VPN anyway. And then it doesn't matter if Buttercup fetches a frickin icon.
It's hard to please both sides on topics like this, and our choice will always mean that someone's unhappy. That being said, the benefits still outweigh the the hypothetical and highly subjective risks, so I still feel that fetching the icons by default is harmless. As mentioned it will be possible to have it switched off before even unlocking your vault - So there's no chance of requests being made.
If they want my IP than I'm already logging into their systems - so they have this information already IF they want it.
This is a very good point - Why bother storing information about how to log in to a site if you can't even risk a favicon lookup to it?
Heck, in the future we could even consider releasing a secondary version of buttercup, set in paranoid mode so that all possible privacy features are enabled. That's a long way off, though.
EDIT: Forgot to mention that the long term plan will be fetching icons via our hosted service, anonymising the requests - as we wouldn't store any logs for such a system.
Well a future switch like "Download icons directly | or via anonymous gateway " would certainly satisfy both sides. But making it switchable at all should probably have the same effect for now 馃槃
Any news here? I'd really like to get my icons back.
Hi guys. Is there any update yet?
This feature already worked - so I guess it should be fairly easy to let the user switch to "probably unsafe icon load mode" somewhere in his settings.
We're using literally hundreds of entries and all look the same.
Can't you please bring back this feature.
Please, what's the status here?
I thought somehow retrieving icons directly from URLs "on demand" was meant to be re-implemented. A simple switch "Fetch Icon" and a little "Warning" popup would suffice.
And if users feel unsafe to click it (because they're obviously storing password for unsafe sites......) then they can simply decide not to click on the "Fetch icon" button in the first place.
Everyone else will be happy to be able to have the icons back.
I want to merge the removed parts for the icon retrieval back into my own fork.
Can someone point me in the right direction here and tell me where to start?
Icons available in 2.0.