From: Philip Kaludercic <philipk@posteo.net>
To: Richard Stallman <rms@gnu.org>
Cc: akib@disroot.org, emacs-devel@gnu.org
Subject: Re: Making package.el talk over Tor
Date: Thu, 14 Dec 2023 12:41:08 +0000 [thread overview]
Message-ID: <87o7etlzx7.fsf@posteo.net> (raw)
In-Reply-To: <E1r4Yem-0003g1-12@fencepost.gnu.org> (Richard Stallman's message of "Sat, 18 Nov 2023 22:39:36 -0500")
Richard Stallman <rms@gnu.org> writes:
> > because one will continue to leak fingerprintable
> > metadata (specially inside of Emacs)
>
> Could you give me an example of what you mean?
As mention in my other message, I was testing what my web server was
logging when accessing the server via Tor, and this was the log entry:
185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test HTTP/1.1" 301 169 "https://amodernist.com/" "URL/Emacs Emacs/30.0.50 (PureGTK; x86_64-pc-linux-gnu)"
As you can see the User-Agent indicates that I am using Emacs, what
version and even my architecture. Compare that to the user agent that
you'd regularly encounter from an average browser:
31.10.139.153 - - [14/Dec/2023:00:18:33 +0100] "GET / HTTP/1.1" 200 10585 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
This can be remedied by setting the `url-privacy-level' user option to
'paranoid, but in that case you are still identifiable because there is
no user agent, which carries some information.
Other than the user-agent, there are certainly other bits of behaviour
that a malicious actor can use to track a user, such as the order in
which HTTP headers are transmitted, the size of chunks by which the
client sends and receives data and of course what requests aren't being
sent (e.g. due to a lack of Javascript in EWW).
The EFF has more information on the topic here:
https://coveryourtracks.eff.org/learn.
That being said: All of this doesn't matter that much for package.el,
since most people are accessing it via Emacs.
next prev parent reply other threads:[~2023-12-14 12:41 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 2:04 Making package.el talk over Tor Richard Stallman
2023-10-16 6:54 ` Akib Azmain Turja
2023-10-16 7:10 ` Emanuel Berg
2023-10-18 1:42 ` Richard Stallman
2023-11-17 3:53 ` Richard Stallman
2023-11-17 7:03 ` Philip Kaludercic
2023-11-19 3:39 ` Richard Stallman
2023-11-19 6:17 ` Eli Zaretskii
2023-12-09 4:06 ` Richard Stallman
2023-12-09 7:40 ` Eli Zaretskii
2023-12-13 4:58 ` Richard Stallman
2023-12-14 12:25 ` Philip Kaludercic
2023-12-17 3:21 ` Richard Stallman
2023-12-18 4:12 ` Richard Stallman
2023-12-18 8:05 ` Tomas Hlavaty
2023-12-18 8:10 ` Tomas Hlavaty
2023-12-21 4:20 ` Richard Stallman
2023-12-21 9:52 ` Philip Kaludercic
2023-12-21 9:55 ` Philip Kaludercic
2023-12-21 19:15 ` Tomas Hlavaty
2023-12-24 3:57 ` Richard Stallman
2023-12-24 13:36 ` Tomas Hlavaty
2023-12-24 15:19 ` Philip Kaludercic
2023-12-24 20:37 ` Tomas Hlavaty
2023-12-14 12:41 ` Philip Kaludercic [this message]
2023-12-14 12:54 ` Emanuel Berg
2023-12-14 13:06 ` Emanuel Berg
2023-12-17 3:21 ` Richard Stallman
2023-12-17 8:23 ` Stefan Kangas
2023-12-17 9:12 ` Eli Zaretskii
2023-12-17 12:02 ` Never send user email address in HTTP requests Stefan Kangas
2023-12-17 12:34 ` Eli Zaretskii
2023-12-17 14:05 ` Yuri Khan
2023-12-17 14:44 ` Eli Zaretskii
2023-12-17 17:30 ` T.V Raman
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:53 ` Making package.el talk over Tor Richard Stallman
2023-12-17 11:51 ` Philip Kaludercic
2023-12-17 14:10 ` Yuri Khan
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-11-18 3:03 ` Richard Stallman
2023-11-18 7:21 ` Eli Zaretskii
2023-11-21 2:39 ` Richard Stallman
2023-10-16 7:12 ` Stefan Kangas
2023-10-16 9:15 ` Philip Kaludercic
-- strict thread matches above, loose matches on Subject: below --
2023-12-18 14:22 Andrea Monaco
2023-12-18 14:29 ` Emanuel Berg
2023-12-18 14:49 ` F. Jason Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o7etlzx7.fsf@posteo.net \
--to=philipk@posteo.net \
--cc=akib@disroot.org \
--cc=emacs-devel@gnu.org \
--cc=rms@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).