From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Yuri Khan <yuri.v.khan@gmail.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Never send user email address in HTTP requests
Date: Sun, 17 Dec 2023 21:05:00 +0700
Message-ID: <CAP_d_8U9FZ3qK2Gj-dNJ9m5Hffk-AZ1DAhkp32DLqCq3Xz5Zow@mail.gmail.com>
References: <E1qsCy3-0005lX-EC@fencepost.gnu.org> <8734ybkqf4.fsf@disroot.org>
 <E1r3pvB-0007bF-51@fencepost.gnu.org> <87sf54q2t8.fsf@posteo.net>
 <E1r4Yem-0003g1-12@fencepost.gnu.org> <87o7etlzx7.fsf@posteo.net>
 <E1rEhiL-000269-TZ@fencepost.gnu.org>
 <CADwFkm=25J06VRJNgZFh87vg7HBRHMY1uy4mj5aMLhTXZNCOcg@mail.gmail.com>
 <83v88xjipo.fsf@gnu.org>
 <CADwFkmn8t4UTFcw=f0LMXYD1Os+fRY0yGf5-QBOJ6j6PJbYSsg@mail.gmail.com>
 <83il4xj9cc.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="27080"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Stefan Kangas <stefankangas@gmail.com>, rms@gnu.org, philipk@posteo.net, 
 akib@disroot.org, emacs-devel@gnu.org, monnier@iro.umontreal.ca
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sun Dec 17 15:06:17 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1rErmb-0006n6-5c
	for ged-emacs-devel@m.gmane-mx.org; Sun, 17 Dec 2023 15:06:17 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1rErln-0007M6-I9; Sun, 17 Dec 2023 09:05:27 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <yurivkhan@gmail.com>)
 id 1rErlc-0007L1-Iw
 for emacs-devel@gnu.org; Sun, 17 Dec 2023 09:05:18 -0500
Original-Received: from mail-vs1-xe30.google.com ([2607:f8b0:4864:20::e30])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <yurivkhan@gmail.com>)
 id 1rErla-0006Di-Rz; Sun, 17 Dec 2023 09:05:16 -0500
Original-Received: by mail-vs1-xe30.google.com with SMTP id
 ada2fe7eead31-4668e67a868so311144137.1; 
 Sun, 17 Dec 2023 06:05:13 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1702821912; x=1703426712; darn=gnu.org;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:from:to:cc:subject:date
 :message-id:reply-to;
 bh=3IbNSZv7KROQTbCIS1f1atCBKrsGgMNcgZ8eEv7S0Cc=;
 b=Bjx4fKnsWqsOkS9FCOp1VI4p2iFNZuVjg5DcUkd1xInwy2nfQtAy8jiuaxM4c9hMZj
 UX/jMkwmROLgoPYxzwN27hNxEcRNpslDb6FMICnVktQCVIr9n56fQg6/p4PhZJ3nAAYH
 0UIdVLShpSpiDiqgIUsf9XRfBVNHQ+qesUd1joPCG30kYfI4y3AZUJfn9HDoVx8nqX73
 YTkr0GffQSnVBmv2P325qWOl/fbrKc+azRBWueKgcfsqtUKJ1XDWp3aUkEFIPIm/wD6H
 8Po6O68NKvt2ZvObp3/iH9LeAUVgsKwWECjjpb+YYYF4/rDZQr/NmGo+TZx7tvS+7+++
 26Rg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1702821912; x=1703426712;
 h=content-transfer-encoding:cc:to:subject:message-id:date:from
 :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=3IbNSZv7KROQTbCIS1f1atCBKrsGgMNcgZ8eEv7S0Cc=;
 b=S9guPUXpOWXNfWOzkDRIYSLU9gr+49uvOCR8D7IxxJGlxDja7PFajYJgUFYlb2bjoq
 fLw2mn59bK24r7vUStvkXWhfLcLSDK000P1DxF3wrM9htlUpj88e86pHz9rcVgzu9kMI
 LbPzM7Q/Xh1u+DT0StR6wjweYfjp7phDDHMGhS+og8BbUbPV8nmsB09wHIso70PjG+9F
 tHBlxsDTpZC4DTnpSFWrKg9IHKpr52TnQUvNaOrldasynCzakd362rue8gHeUBMkJ1Lm
 qgz8+gV0403gXVzzENHzbCkmAZ9v1q71Z5wnvKBd/Aj4IIz6yqZzvdpvN4FLqD+QlDmQ
 A4/g==
X-Gm-Message-State: AOJu0YyZkklYd2qRpWoc86ouHHs5WyuKru0fA4NgYrvugQyTWAuSCKO8
 NGfStf+eWzhweHMu38xlS2Gq08N32eFS82omR3i/BUHF4nc=
X-Google-Smtp-Source: AGHT+IE76OZyaeL0qBqOElX0zRDJtSc8M60/FI8k747yWyx8xgcxzt7rZNHFtuzQkegws9+sVdpJWcEOVtdghKtVavo=
X-Received: by 2002:a67:f8c2:0:b0:466:8542:3a7 with SMTP id
 c2-20020a67f8c2000000b00466854203a7mr1108511vsp.13.1702821912462; Sun, 17 Dec
 2023 06:05:12 -0800 (PST)
In-Reply-To: <83il4xj9cc.fsf@gnu.org>
Received-SPF: pass client-ip=2607:f8b0:4864:20::e30;
 envelope-from=yurivkhan@gmail.com; helo=mail-vs1-xe30.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:313927
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/313927>

On Sun, 17 Dec 2023 at 19:36, Eli Zaretskii <eliz@gnu.org> wrote:

> Sorry, but I disagree.  Emacs should not second-guess the users, and
> should certainly NOT force them into what we consider to be the secure
> environment.  It is okay to behave securely by default, but if someone
> wants to be insecure, for whatever reasons, we should let them have
> the old, insecure behavior.  Certainly when we first change the
> default, since there's a possibility that something will break for
> someone due to this change, and we need to let users have a fire
> escape in those cases, until we get our act together in the next
> release.

The header in question, From, is governed by RFC 9110 =C2=A7 10.1.2[0], whi=
ch says:

    The From header field is rarely sent by non-robotic user agents.
    A user agent SHOULD NOT send a From header field
    without explicit configuration by the user,
    since that might conflict with the user's privacy interests
    or their site's security policy.

    A robotic user agent SHOULD send a valid From header field
    so that the person responsible for running the robot can be contacted
    if problems occur on servers,
    such as if the robot is sending excessive, unwanted, or invalid request=
s.

[0]: https://www.rfc-editor.org/rfc/rfc9110.html#section-10.1.2

That is, it=E2=80=99s not intended for web browsers or interactive
applications acting on the user=E2=80=99s behalf. It=E2=80=99s for spiders =
and other
automation.

Surely a user who is writing a spider in Elisp can take the extra
conscious step of filling out the general fire escape,
=E2=80=98url-request-extra-headers=E2=80=99, and deciding which email addre=
ss to
expose.

It is good that the default value of =E2=80=98url-privacy-level=E2=80=99 is=
 (email),
preventing the leak by default, but there is no reason to make it
possible to configure url.el to leak it with every request made from
Emacs. If you=E2=80=99re running a spider and also just browsing the Web wi=
th
EWW, you probably only want requests from your spider to be attributed
to you as the spider maintainer.