From 4ea90bdfdc4c48db3c92d4155381a51e2c350f96 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Wed, 10 Aug 2016 11:28:44 +2000 Subject: [PATCH] Re: [PATCH v2] Omit User-Agent: header by default --- 28/61ee67fa134f9f39358566b8fd980095553550 | 94 +++++++++++++++++++++++ 1 file changed, 94 insertions(+) create mode 100644 28/61ee67fa134f9f39358566b8fd980095553550 diff --git a/28/61ee67fa134f9f39358566b8fd980095553550 b/28/61ee67fa134f9f39358566b8fd980095553550 new file mode 100644 index 000000000..14dea6322 --- /dev/null +++ b/28/61ee67fa134f9f39358566b8fd980095553550 @@ -0,0 +1,94 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id C42046DE01C2 + for ; Tue, 9 Aug 2016 08:30:54 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.052 +X-Spam-Level: +X-Spam-Status: No, score=-0.052 tagged_above=-999 required=5 + tests=[AWL=-0.052] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id SBtDXSUWiweh for ; + Tue, 9 Aug 2016 08:30:47 -0700 (PDT) +Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) + by arlo.cworth.org (Postfix) with ESMTP id DE7E06DE015B + for ; Tue, 9 Aug 2016 08:30:46 -0700 (PDT) +Received: from fifthhorseman.net (unknown [38.109.115.130]) + by che.mayfirst.org (Postfix) with ESMTPSA id D202DF98B; + Tue, 9 Aug 2016 11:30:45 -0400 (EDT) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id 38BA820220; Tue, 9 Aug 2016 11:28:50 -0400 (EDT) +From: Daniel Kahn Gillmor +To: Gaute Hope , Notmuch Mail +Subject: Re: [PATCH v2] Omit User-Agent: header by default +In-Reply-To: <1470722437.astroid.gs96qso15j@strange> +References: <874m6uvpe0.fsf@maritornes.cs.unb.ca> + <1470699317-30598-1-git-send-email-dkg@fifthhorseman.net> + <1470722437.astroid.gs96qso15j@strange> +User-Agent: Notmuch/0.22.1+88~g8d09e96 (https://notmuchmail.org) Emacs/24.5.1 + (x86_64-pc-linux-gnu) +Date: Tue, 09 Aug 2016 11:28:44 -0400 +Message-ID: <8760ravu4z.fsf@alice.fifthhorseman.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=pgp-sha512; protocol="application/pgp-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Tue, 09 Aug 2016 15:30:54 -0000 + +--=-=-= +Content-Type: text/plain + +On Tue 2016-08-09 02:02:49 -0400, Gaute Hope wrote: +> Daniel Kahn Gillmor writes on august 9, 2016 1:35: +>> The User-Agent: header can be fun and interesting, but it also leaks +>> quite a bit of information about the user and their software stack. +> +> Is the message-id generated by gnus or notmuch-emacs? I could not find +> the relevant code. I noticed it has an *.fsf@* part as well as the, +> probably customizable, local FQDN. + +agreed, this is another metadata leak that we should fix, but i don't +think it needs to be conflated with this one. + +does anyone know of a useful standard for message-id generation that +would put gnus/notmuch-emacs/mml users into a larger anonymity set? + + --dkg + +--=-=-= +Content-Type: application/pgp-signature; name="signature.asc" + +-----BEGIN PGP SIGNATURE----- + +iQJ8BAEBCgBmBQJXqfatXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFREIyRTc0RjU2RkNGMkI2NzI5N0I3MzUy +NEVDRkY1QUZGNjgzNzBBAAoJECTs/1r/aDcKWn8P/iM+qezlU2BXfqK8SLwPWBn+ +9jgFAFspoatcss3be+lUNJO2Lk4mmVlHR5VWwYtQj1VvIehviocORJjfnLi0es1N +D5d1A1XwED9KdzEcGZIYMiCU4PThSA6vGdErZj7MYVinlZu3JTN+vCy+eAE6T4kZ +v/yTeItr5RxNV+D+Yr+1H4x599YMG6ZeWwVsR5SorHGi13FxcjyUbJa0xOOLlj8w +H5JW/pfJwOMOCUHqZc6r/QfB6POU39nkjQf5xGM2InmnE11193uNJR1khkisyQYB +VznE7B11HCFW/AnFCfURtd7C4+6LPU5rMtRRjxCntCfuI/Hrh7DxmGlVbrDaFmK2 +wZOxa3h2AWEQ22nGvrYfsqiyWzpnAGOe7zFqhM93Tkq+U8AAcRBj0J8nW8V/03jN +EJ7FPABddrzW6jRJIqSjLctgZjM6bClwFfTwN1KJNPAEvEEhSEFmR8KhdO4yhE2L +BIp5tL8E12DtQ9Tp2bEChCz7KDXe1coHSgS+NGoKGsWmV6YYTv5/i8qHe6h3akkL +cJ3iccyRRa4kLCj7resvsoa66RzNlyFJxtqvgECCh3MjiM/dWNJMO7hz/vU11siB +8w6x740Zkzj+rhVwscrsljByrfOuLbewGv+/NtSmBZYd5TmVFB2EsK9VSQcBkvM5 +BMqAC+qtkKQ3J65+uBsG +=bt7Q +-----END PGP SIGNATURE----- +--=-=-=-- -- 2.26.2