Thanks for filing an issue! Please answer the questions below so I can help you.

• iTerm2 version: 3.0.15
• OS version: 10.12.6
• does not seem necessary: Attach ~/Library/Preferences/com.googlecode.iterm2.plist here (drag-drop from finder into this window)
• does not seem necessary: Attach a debug log, if possible. Instructions at https://iterm2.com/debuglog
• does not seem necessary: Are you reporting a performance issue or a hang? Please attach a sample. Instructions at https://gitlab.com/gnachman/iterm2/wikis/HowToSample
• does not seem necessary: Are you reporting a crash? Please attach the crash log. Instructions at https://gitlab.com/gnachman/iterm2/wikis/crash-logs

Detailed steps to reproduce the problem:

1. Install iTerm
2. Hover on things that remotely resemble URLs and touch Cmd
3. Watch iTerm leak things in plain text over DNS

What happened: iTerm sent various things (including passwords) in plain text to my ISP's DNS server

What should have happened: iTerm should not have done that

I monitored my DNS traffic for a while, and I kept noticing lookups that made no sense, for things that had been printed to my terminal. Initially I blamed bash-completion, but when I noticed it also happened for remote ssh sessions, it became obvious that iTerm2 was to blame. A coworker then found #3688 (closed) and #5303 (closed). I immediately disabled this feature.

Having this feature on by default is a terrible security and privacy risk. Please disable it by default. I personally never even noticed the blue vs. white on clickable links, which suggests (n=1) that usability will not be reduced that much by setting this feature disabled by default.

And, to stress the impact, in the act of selecting text and Cmd-C'ing it to Copy, it is very easy to trigger this for passwords (for example, when I generate them using pwgen).