From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Philip Kaludercic Newsgroups: gmane.emacs.devel Subject: Re: Making package.el talk over Tor Date: Thu, 14 Dec 2023 12:41:08 +0000 Message-ID: <87o7etlzx7.fsf@posteo.net> References: <8734ybkqf4.fsf@disroot.org> <87sf54q2t8.fsf@posteo.net> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="40694"; mail-complaints-to="usenet@ciao.gmane.io" Cc: akib@disroot.org, emacs-devel@gnu.org To: Richard Stallman Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Thu Dec 14 13:42:16 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1rDl2d-000ALV-79 for ged-emacs-devel@m.gmane-mx.org; Thu, 14 Dec 2023 13:42:15 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rDl1q-0008Km-AA; Thu, 14 Dec 2023 07:41:30 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDl1o-0008KS-7B for emacs-devel@gnu.org; Thu, 14 Dec 2023 07:41:24 -0500 Original-Received: from mout01.posteo.de ([185.67.36.65]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rDl1i-0000yl-3s for emacs-devel@gnu.org; Thu, 14 Dec 2023 07:41:23 -0500 Original-Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 5DB95240035 for ; Thu, 14 Dec 2023 13:41:15 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.net; s=2017; t=1702557675; bh=BecrooZCaToWLiS5Q9Oo8JAj1CZLk6qn2OmTuBpN3lY=; h=From:To:Cc:Subject:Autocrypt:Date:Message-ID:MIME-Version:From; b=qULqTDmARFgGc5k+k0f9nfFO2BUTVtHxvhdMvI2xZnH9iWtJ2uWdwUvM47Opx+5wQ olnBScmUzAltK/nqIUxOfmrE3O90t1hbWzEau/PhnnJeyNW6slpYnX5eiUxeDPC0q5 sqjaMXSlOBUksd+nDOafjXr4H0GQZIUPfxMcapKptyClomNjr1OPbRn4wf5uTznWAB N0DAJncHYw3VjXgxH2itxcKqvjPJ8nZucew80yBkd3qgXhvQTiVjQ/pskKAr3jYvRx bZuwp5MqVLcQObBMDTnngDH6ukyuCM+MtfKShmOdGoSztUzOGrHH6T+jpSNtPW5bTY LzHuKmWXFJjnA== Original-Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4SrX5d2x3Rz6tvk; Thu, 14 Dec 2023 13:41:09 +0100 (CET) In-Reply-To: (Richard Stallman's message of "Sat, 18 Nov 2023 22:39:36 -0500") Autocrypt: addr=philipk@posteo.net; keydata= mDMEZBBQQhYJKwYBBAHaRw8BAQdAHJuofBrfqFh12uQu0Yi7mrl525F28eTmwUDflFNmdui0QlBo aWxpcCBLYWx1ZGVyY2ljIChnZW5lcmF0ZWQgYnkgYXV0b2NyeXB0LmVsKSA8cGhpbGlwa0Bwb3N0 ZW8ubmV0PoiWBBMWCAA+FiEEDg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwMFCQHhM4AFCwkI BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ8xYDWXahwulikAEA77hloUiSrXgFkUVJhlKBpLCHUjA0 mWZ9j9w5d08+jVwBAK6c4iGP7j+/PhbkxaEKa4V3MzIl7zJkcNNjHCXmvFcEuDgEZBBQQhIKKwYB BAGXVQEFAQEHQI5NLiLRjZy3OfSt1dhCmFyn+fN/QKELUYQetiaoe+MMAwEIB4h+BBgWCAAmFiEE Dg7HY17ghYlni8XN8xYDWXahwukFAmQQUEICGwwFCQHhM4AACgkQ8xYDWXahwukm+wEA8cml4JpK NeAu65rg+auKrPOP6TP/4YWRCTIvuYDm0joBALw98AMz7/qMHvSCeU/hw9PL6u6R2EScxtpKnWof z4oM Received-SPF: pass client-ip=185.67.36.65; envelope-from=philipk@posteo.net; helo=mout01.posteo.de X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:313774 Archived-At: Richard Stallman writes: > > because one will continue to leak fingerprintable > > metadata (specially inside of Emacs) > > Could you give me an example of what you mean? As mention in my other message, I was testing what my web server was logging when accessing the server via Tor, and this was the log entry: 185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test HTTP/1.1" 301 169 "https://amodernist.com/" "URL/Emacs Emacs/30.0.50 (PureGTK; x86_64-pc-linux-gnu)" As you can see the User-Agent indicates that I am using Emacs, what version and even my architecture. Compare that to the user agent that you'd regularly encounter from an average browser: 31.10.139.153 - - [14/Dec/2023:00:18:33 +0100] "GET / HTTP/1.1" 200 10585 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36" This can be remedied by setting the `url-privacy-level' user option to 'paranoid, but in that case you are still identifiable because there is no user agent, which carries some information. Other than the user-agent, there are certainly other bits of behaviour that a malicious actor can use to track a user, such as the order in which HTTP headers are transmitted, the size of chunks by which the client sends and receives data and of course what requests aren't being sent (e.g. due to a lack of Javascript in EWW). The EFF has more information on the topic here: https://coveryourtracks.eff.org/learn. That being said: All of this doesn't matter that much for package.el, since most people are accessing it via Emacs.