I just found this out recently. So this isn’t actually Nautilus itself but it’s the file previewer (Gnome Sushi) that comes with it. If you select a file and press the spacebar, it will automatically preview the file if it supported. If the file is an audio file, it will automatically fetch album art from the web, and if the file is an HTML file, it can make third-party requests. IMHO this is a huge privacy issue. For example if you were browsing the web using Tor Browser and saved a page to view offline, and then later accidentally opened it using the file previewer, any third-party requests will leak out the clearnet.
This is an open issue and I don’t expect it to be fixed anytime soon, so the easiest solution is to simply uninstall Gnome Sushi (on Fedora, it is the sushi package). On atomic distros if Gnome Sushi is installed as a flatpak you might be able to revoke internet permissions for it using Flatseal, though I have not tested this.
Edit: I’m aware that KDE also has file previewers, but I’m not sure if they have the same issue. If anybody else knows please leave a comment letting us know
Well its also a simple browser so it will preview the HTML page like any other browser would. But I don’t know about audio files though.
IMO a “simple browser” of this sort should display literally only the content in the HTML file itself. It shouldn’t even view CSS stored in a separate local CSS file, let alone reach out to the web to download more content.
Yes but an HTML file is very different from a website. At the very least I’d like an option to disable all remote requests, or disable previews for certain file formats.