* bug#58171: 29.0.50; Change gnus-user-agent to nil by default
@ 2022-09-29 16:45 Stefan Kangas
2022-09-29 17:05 ` Stefan Kangas
2022-09-30 13:37 ` Lars Ingebrigtsen
0 siblings, 2 replies; 5+ messages in thread
From: Stefan Kangas @ 2022-09-29 16:45 UTC (permalink / raw)
To: 58171
Severity: wishlist
This is a proposal to set `gnus-user-agent' to non-nil by default.
To save some typing, I'll just quote what Daniel Kahn Gillmor said when
they made this change in notmuch back in 2016:
> The User-Agent: header can be fun and interesting, but it also leaks
> quite a bit of information about the user and their software stack.
>
> This represents a potential security risk (attackers can target the
> particular stack) and also an anonymity risk (a user trying to
> preserve their anonymity by sending mail from a non-associated account
> might reveal quite a lot of information if their choice of mail user
> agent is exposed).
>
> It makes sense to have safer defaults.
https://notmuchmail.org/pipermail/notmuch/2016/022789.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#58171: 29.0.50; Change gnus-user-agent to nil by default
2022-09-29 16:45 bug#58171: 29.0.50; Change gnus-user-agent to nil by default Stefan Kangas
@ 2022-09-29 17:05 ` Stefan Kangas
2022-09-30 13:37 ` Lars Ingebrigtsen
1 sibling, 0 replies; 5+ messages in thread
From: Stefan Kangas @ 2022-09-29 17:05 UTC (permalink / raw)
To: 58171
Stefan Kangas <stefankangas@gmail.com> writes:
> This is a proposal to set `gnus-user-agent' to non-nil by default.
^^^^^^^
Should be "nil", of course, as in the subject.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#58171: 29.0.50; Change gnus-user-agent to nil by default
2022-09-29 16:45 bug#58171: 29.0.50; Change gnus-user-agent to nil by default Stefan Kangas
2022-09-29 17:05 ` Stefan Kangas
@ 2022-09-30 13:37 ` Lars Ingebrigtsen
2022-09-30 13:53 ` Stefan Kangas
1 sibling, 1 reply; 5+ messages in thread
From: Lars Ingebrigtsen @ 2022-09-30 13:37 UTC (permalink / raw)
To: Stefan Kangas; +Cc: 58171
Stefan Kangas <stefankangas@gmail.com> writes:
> To save some typing, I'll just quote what Daniel Kahn Gillmor said when
> they made this change in notmuch back in 2016:
>
>> The User-Agent: header can be fun and interesting, but it also leaks
>> quite a bit of information about the user and their software stack.
>>
>> This represents a potential security risk (attackers can target the
>> particular stack) and also an anonymity risk (a user trying to
>> preserve their anonymity by sending mail from a non-associated account
>> might reveal quite a lot of information if their choice of mail user
>> agent is exposed).
>>
>> It makes sense to have safer defaults.
I think in the case of Gnus, defaulting this header to nil would just be
security theatre -- there so many distinctive features in how
Gnus/Message formats messages that anybody can tell that it's from Emacs
even without that header.
So I don't think it makes sense to do this, and I'm closing this bug
report.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#58171: 29.0.50; Change gnus-user-agent to nil by default
2022-09-30 13:37 ` Lars Ingebrigtsen
@ 2022-09-30 13:53 ` Stefan Kangas
2022-09-30 14:02 ` Lars Ingebrigtsen
0 siblings, 1 reply; 5+ messages in thread
From: Stefan Kangas @ 2022-09-30 13:53 UTC (permalink / raw)
To: Lars Ingebrigtsen; +Cc: 58171
Lars Ingebrigtsen <larsi@gnus.org> writes:
> I think in the case of Gnus, defaulting this header to nil would just be
> security theatre -- there so many distinctive features in how
> Gnus/Message formats messages that anybody can tell that it's from Emacs
> even without that header.
For me, the greater concern is anonymity/privacy, where I do think
it's better to be less specific.
How about removing just the Emacs version? If you announce "29.0.50",
only very few people will be running that version at any given time,
certainly fewer than is running the releases.
^ permalink raw reply [flat|nested] 5+ messages in thread
* bug#58171: 29.0.50; Change gnus-user-agent to nil by default
2022-09-30 13:53 ` Stefan Kangas
@ 2022-09-30 14:02 ` Lars Ingebrigtsen
0 siblings, 0 replies; 5+ messages in thread
From: Lars Ingebrigtsen @ 2022-09-30 14:02 UTC (permalink / raw)
To: Stefan Kangas; +Cc: 58171
Stefan Kangas <stefankangas@gmail.com> writes:
> How about removing just the Emacs version? If you announce "29.0.50",
> only very few people will be running that version at any given time,
> certainly fewer than is running the releases.
That's a good point. I've now removed the `type' and `emacs' from the
default value.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-09-30 14:02 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-29 16:45 bug#58171: 29.0.50; Change gnus-user-agent to nil by default Stefan Kangas
2022-09-29 17:05 ` Stefan Kangas
2022-09-30 13:37 ` Lars Ingebrigtsen
2022-09-30 13:53 ` Stefan Kangas
2022-09-30 14:02 ` Lars Ingebrigtsen
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).