From: Eli Zaretskii <eliz@gnu.org>
To: Stefan Kangas <stefankangas@gmail.com>
Cc: rms@gnu.org, philipk@posteo.net, akib@disroot.org, emacs-devel@gnu.org
Subject: Re: Making package.el talk over Tor
Date: Sun, 17 Dec 2023 11:12:35 +0200 [thread overview]
Message-ID: <83v88xjipo.fsf@gnu.org> (raw)
In-Reply-To: <CADwFkm=25J06VRJNgZFh87vg7HBRHMY1uy4mj5aMLhTXZNCOcg@mail.gmail.com> (message from Stefan Kangas on Sun, 17 Dec 2023 00:23:27 -0800)
> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Sun, 17 Dec 2023 00:23:27 -0800
> Cc: akib@disroot.org, emacs-devel@gnu.org
>
> Richard Stallman <rms@gnu.org> writes:
>
> > > 185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test HTTP/1.1" 301 169 "https://amodernist.com/" "URL/Emacs Emacs/30.0.50 (PureGTK; x86_64-pc-linux-gnu)"
> >
> > > As you can see the User-Agent indicates that I am using Emacs, what
> > > version and even my architecture. Compare that to the user agent that
> > > you'd regularly encounter from an average browser:
> >
> > We should (1) let users specify what User-Agent to send, and (2) maybe
> > choose a different default.
> >
> > Icecat, by default, identifies itself as some widely used proprietary
> > browser running on Windows.
>
> Should we bump the default to 'paranoid'? Do what icecat does?
>
> Does the remote ever need to know if we're using X11 or PureGTK?
> I think they don't, and we should never add that information, in any
> configuration.
>
> > > Other than the user-agent, there are certainly other bits of behaviour
> > > that a malicious actor can use to track a user, such as the order in
> > > which HTTP headers are transmitted, the size of chunks by which the
> > > client sends and receives data and of course what requests aren't being
> > > sent (e.g. due to a lack of Javascript in EWW).
> >
> > We could work on making Emacs-based browsing more similar to the most
> > common browsers, in such aspects of visible behavior.
>
> If you are very concerned about your privacy, it's probably better to
> browse the web using the Tor web browser and eschew Emacs altogether.
>
> How about telling users about this in the EWW manual?
It looks like a changeset was installed on master which changes how
URL behaves in this matter, see commit 346e571230. I'm worried that
this is a backward-incompatible change which doesn't seem to have any
way for users to get back old behavior. I think we should provide
such a way, and I think this change should be called out in the
"Incompatible changes" section of NEWS.
Thanks.
next prev parent reply other threads:[~2023-12-17 9:12 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-16 2:04 Making package.el talk over Tor Richard Stallman
2023-10-16 6:54 ` Akib Azmain Turja
2023-10-16 7:10 ` Emanuel Berg
2023-10-18 1:42 ` Richard Stallman
2023-11-17 3:53 ` Richard Stallman
2023-11-17 7:03 ` Philip Kaludercic
2023-11-19 3:39 ` Richard Stallman
2023-11-19 6:17 ` Eli Zaretskii
2023-12-09 4:06 ` Richard Stallman
2023-12-09 7:40 ` Eli Zaretskii
2023-12-13 4:58 ` Richard Stallman
2023-12-14 12:25 ` Philip Kaludercic
2023-12-17 3:21 ` Richard Stallman
2023-12-18 4:12 ` Richard Stallman
2023-12-18 8:05 ` Tomas Hlavaty
2023-12-18 8:10 ` Tomas Hlavaty
2023-12-21 4:20 ` Richard Stallman
2023-12-21 9:52 ` Philip Kaludercic
2023-12-21 9:55 ` Philip Kaludercic
2023-12-21 19:15 ` Tomas Hlavaty
2023-12-24 3:57 ` Richard Stallman
2023-12-24 13:36 ` Tomas Hlavaty
2023-12-24 15:19 ` Philip Kaludercic
2023-12-24 20:37 ` Tomas Hlavaty
2023-12-14 12:41 ` Philip Kaludercic
2023-12-14 12:54 ` Emanuel Berg
2023-12-14 13:06 ` Emanuel Berg
2023-12-17 3:21 ` Richard Stallman
2023-12-17 8:23 ` Stefan Kangas
2023-12-17 9:12 ` Eli Zaretskii [this message]
2023-12-17 12:02 ` Never send user email address in HTTP requests Stefan Kangas
2023-12-17 12:34 ` Eli Zaretskii
2023-12-17 14:05 ` Yuri Khan
2023-12-17 14:44 ` Eli Zaretskii
2023-12-17 17:30 ` T.V Raman
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:53 ` Making package.el talk over Tor Richard Stallman
2023-12-17 11:51 ` Philip Kaludercic
2023-12-17 14:10 ` Yuri Khan
2023-12-19 3:51 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-12-19 3:52 ` Richard Stallman
2023-11-18 3:03 ` Richard Stallman
2023-11-18 7:21 ` Eli Zaretskii
2023-11-21 2:39 ` Richard Stallman
2023-10-16 7:12 ` Stefan Kangas
2023-10-16 9:15 ` Philip Kaludercic
-- strict thread matches above, loose matches on Subject: below --
2023-12-18 14:22 Andrea Monaco
2023-12-18 14:29 ` Emanuel Berg
2023-12-18 14:49 ` F. Jason Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83v88xjipo.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=akib@disroot.org \
--cc=emacs-devel@gnu.org \
--cc=philipk@posteo.net \
--cc=rms@gnu.org \
--cc=stefankangas@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.