Re: [PATCH v2] Omit User-Agent: header by default

author Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Tue, 9 Aug 2016 15:28:44 +0000 (11:28 +2000)

committer W. Trevor King <wking@tremily.us>

Sat, 20 Aug 2016 23:22:21 +0000 (16:22 -0700)
author Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 9 Aug 2016 15:28:44 +0000 (11:28 +2000)
committer W. Trevor King <wking@tremily.us>
Sat, 20 Aug 2016 23:22:21 +0000 (16:22 -0700)
diff --git a/28/61ee67fa134f9f39358566b8fd980095553550 b/28/61ee67fa134f9f39358566b8fd980095553550

new file mode 100644 (file)

index 0000000..14dea63
--- /dev/null
+++ b/28/61ee67fa134f9f39358566b8fd980095553550
@@ -0,0 +1,94 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id C42046DE01C2\r
+ for <notmuch@notmuchmail.org>; Tue,  9 Aug 2016 08:30:54 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.052\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.052 tagged_above=-999 required=5\r
+ tests=[AWL=-0.052] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id SBtDXSUWiweh for <notmuch@notmuchmail.org>;\r
+ Tue,  9 Aug 2016 08:30:47 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])\r
+ by arlo.cworth.org (Postfix) with ESMTP id DE7E06DE015B\r
+ for <notmuch@notmuchmail.org>; Tue,  9 Aug 2016 08:30:46 -0700 (PDT)\r
+Received: from fifthhorseman.net (unknown [38.109.115.130])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id D202DF98B;\r
+ Tue,  9 Aug 2016 11:30:45 -0400 (EDT)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id 38BA820220; Tue,  9 Aug 2016 11:28:50 -0400 (EDT)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: Gaute Hope <eg@gaute.vetsj.com>, Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: Re: [PATCH v2] Omit User-Agent: header by default\r
+In-Reply-To: <1470722437.astroid.gs96qso15j@strange>\r
+References: <874m6uvpe0.fsf@maritornes.cs.unb.ca>\r
+ <1470699317-30598-1-git-send-email-dkg@fifthhorseman.net>\r
+ <1470722437.astroid.gs96qso15j@strange>\r
+User-Agent: Notmuch/0.22.1+88~g8d09e96 (https://notmuchmail.org) Emacs/24.5.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Tue, 09 Aug 2016 11:28:44 -0400\r
+Message-ID: <8760ravu4z.fsf@alice.fifthhorseman.net>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+ micalg=pgp-sha512; protocol="application/pgp-signature"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 09 Aug 2016 15:30:54 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+\r
+On Tue 2016-08-09 02:02:49 -0400, Gaute Hope wrote:\r
+> Daniel Kahn Gillmor writes on august 9, 2016 1:35:\r
+>> The User-Agent: header can be fun and interesting, but it also leaks\r
+>> quite a bit of information about the user and their software stack.\r
+>\r
+> Is the message-id generated by gnus or notmuch-emacs? I could not find\r
+> the relevant code. I noticed it has an *.fsf@* part as well as the,\r
+> probably customizable, local FQDN.\r
+\r
+agreed, this is another metadata leak that we should fix, but i don't\r
+think it needs to be conflated with this one.\r
+\r
+does anyone know of a useful standard for message-id generation that\r
+would put gnus/notmuch-emacs/mml users into a larger anonymity set?\r
+\r
+      --dkg\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+\r
+iQJ8BAEBCgBmBQJXqfatXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy\r
+NEVDRkY1QUZGNjgzNzBBAAoJECTs/1r/aDcKWn8P/iM+qezlU2BXfqK8SLwPWBn+\r
+9jgFAFspoatcss3be+lUNJO2Lk4mmVlHR5VWwYtQj1VvIehviocORJjfnLi0es1N\r
+D5d1A1XwED9KdzEcGZIYMiCU4PThSA6vGdErZj7MYVinlZu3JTN+vCy+eAE6T4kZ\r
+v/yTeItr5RxNV+D+Yr+1H4x599YMG6ZeWwVsR5SorHGi13FxcjyUbJa0xOOLlj8w\r
+H5JW/pfJwOMOCUHqZc6r/QfB6POU39nkjQf5xGM2InmnE11193uNJR1khkisyQYB\r
+VznE7B11HCFW/AnFCfURtd7C4+6LPU5rMtRRjxCntCfuI/Hrh7DxmGlVbrDaFmK2\r
+wZOxa3h2AWEQ22nGvrYfsqiyWzpnAGOe7zFqhM93Tkq+U8AAcRBj0J8nW8V/03jN\r
+EJ7FPABddrzW6jRJIqSjLctgZjM6bClwFfTwN1KJNPAEvEEhSEFmR8KhdO4yhE2L\r
+BIp5tL8E12DtQ9Tp2bEChCz7KDXe1coHSgS+NGoKGsWmV6YYTv5/i8qHe6h3akkL\r
+cJ3iccyRRa4kLCj7resvsoa66RzNlyFJxtqvgECCh3MjiM/dWNJMO7hz/vU11siB\r
+8w6x740Zkzj+rhVwscrsljByrfOuLbewGv+/NtSmBZYd5TmVFB2EsK9VSQcBkvM5\r
+BMqAC+qtkKQ3J65+uBsG\r
+=bt7Q\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Tue, 9 Aug 2016 15:28:44 +0000 (11:28 +2000)
committer	W. Trevor King <wking@tremily.us>
	Sat, 20 Aug 2016 23:22:21 +0000 (16:22 -0700)