From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Kangas Newsgroups: gmane.emacs.devel Subject: Re: Making package.el talk over Tor Date: Sun, 17 Dec 2023 00:23:27 -0800 Message-ID: References: <8734ybkqf4.fsf@disroot.org> <87sf54q2t8.fsf@posteo.net> <87o7etlzx7.fsf@posteo.net> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33432"; mail-complaints-to="usenet@ciao.gmane.io" Cc: akib@disroot.org, emacs-devel@gnu.org To: rms@gnu.org, Philip Kaludercic Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Dec 17 09:24:27 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rEmRn-0008Ys-GR for ged-emacs-devel@m.gmane-mx.org; Sun, 17 Dec 2023 09:24:27 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rEmQv-0000TB-Na; Sun, 17 Dec 2023 03:23:33 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rEmQt-0000Sz-Md for emacs-devel@gnu.org; Sun, 17 Dec 2023 03:23:32 -0500 Original-Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rEmQs-0000aI-28; Sun, 17 Dec 2023 03:23:31 -0500 Original-Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-553032f17cfso825476a12.0; Sun, 17 Dec 2023 00:23:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1702801408; x=1703406208; darn=gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=moIuqCuceYC05q4sW6XIPfld8HSvLigK2UFfvnP5YeY=; b=Z7ywrwXTUJ2m6bqowbJvlcZjqJHW2iyOrZeEHmXD2h8gcWnvhsdEC64WCX3I/MYaN2 35YDDTdWDSToigUzUILKiWUjxi/5HJAb3fhExVLZyTd+lHjy708An33SS8+6C/QznX1O YF3BwPHj9WxnBg/qqKjdANXi2Sf4GeyR4I58EuUZ9S3HRsDgyWnFzb4VF53YHn1A2Wm+ RJWM6Gmy7d0W24O++M17mmxEzB+u+rkx6v7OGXBXX5Okxl04zoUMb5GiLaMo2J5eWk3H lyUjUS+SBWaSLAUtLkGz8+10glRtAxkO1+t63n34olbeg9z+t8TqFxqf7788D5Jji9ng PwVw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1702801408; x=1703406208; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=moIuqCuceYC05q4sW6XIPfld8HSvLigK2UFfvnP5YeY=; b=s0XvQaLKHby/DDPaflFiW4lY6kCLaGqwXqabmfucbsd0me+AObyfib5nojzXCIRLRt VcPxi0L+d9M9AZk57FX1HezFEAKUklsvEFIZyRXMMva6CTr9lqj28uE0PneRUbUo1VSz KxymVkfExqLLByF98PTxo+4BhyZm9afpNOsbeJEKPbmpI7gsI4X5K5SSBpXBXLJMvg2c iT1wdfCtkzochvan7EvzlYP5sdmfr/6Rm3gUps/dH700PJbgmBCx0Lk4PNSP3rnQoclR aSP4oabXDeGxbwvQHjbbaOnV5+b1mFCQlHSOk4T8fVS/CNu4k5jMkGs+44gLw+FoQaCc AcqQ== X-Gm-Message-State: AOJu0YxM3shzmUfRkRH1wME8rBgeXlWMeGcdIGBW7OJfEbZN1KeRpxJv LHe/igBPvTJU++Ygyv+efJ5gTerHtnut/ys1mcdESsJ9gk8A1Q== X-Google-Smtp-Source: AGHT+IE5/78ZYQ2frAC3qq4hOwlhsFBpvQE6Lo2LSAZI8gXFQRGNUe1czn8xvhjXv3i6sDEhzsj8zmVgyJLWlvE47O8= X-Received: by 2002:a50:9fe6:0:b0:552:fd38:a9fa with SMTP id c93-20020a509fe6000000b00552fd38a9famr1178067edf.8.1702801408097; Sun, 17 Dec 2023 00:23:28 -0800 (PST) Original-Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Sun, 17 Dec 2023 00:23:27 -0800 In-Reply-To: Received-SPF: pass client-ip=2a00:1450:4864:20::52c; envelope-from=stefankangas@gmail.com; helo=mail-ed1-x52c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:313907 Archived-At: Richard Stallman writes: > > 185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test HTTP/1.1" 301 169 "https://amodernist.com/" "URL/Emacs Emacs/30.0.50 (PureGTK; x86_64-pc-linux-gnu)" > > > As you can see the User-Agent indicates that I am using Emacs, what > > version and even my architecture. Compare that to the user agent that > > you'd regularly encounter from an average browser: > > We should (1) let users specify what User-Agent to send, and (2) maybe > choose a different default. > > Icecat, by default, identifies itself as some widely used proprietary > browser running on Windows. Should we bump the default to 'paranoid'? Do what icecat does? Does the remote ever need to know if we're using X11 or PureGTK? I think they don't, and we should never add that information, in any configuration. > > Other than the user-agent, there are certainly other bits of behaviour > > that a malicious actor can use to track a user, such as the order in > > which HTTP headers are transmitted, the size of chunks by which the > > client sends and receives data and of course what requests aren't being > > sent (e.g. due to a lack of Javascript in EWW). > > We could work on making Emacs-based browsing more similar to the most > common browsers, in such aspects of visible behavior. If you are very concerned about your privacy, it's probably better to browse the web using the Tor web browser and eschew Emacs altogether. How about telling users about this in the EWW manual?