GNU bug report logs -
#58171
29.0.50; Change gnus-user-agent to nil by default
Previous Next
Reported by: Stefan Kangas <stefankangas <at> gmail.com>
Date: Thu, 29 Sep 2022 16:46:02 UTC
Severity: wishlist
Tags: wontfix
Found in version 29.0.50
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Stefan Kangas <stefankangas <at> gmail.com> writes:
> To save some typing, I'll just quote what Daniel Kahn Gillmor said when
> they made this change in notmuch back in 2016:
>
>> The User-Agent: header can be fun and interesting, but it also leaks
>> quite a bit of information about the user and their software stack.
>>
>> This represents a potential security risk (attackers can target the
>> particular stack) and also an anonymity risk (a user trying to
>> preserve their anonymity by sending mail from a non-associated account
>> might reveal quite a lot of information if their choice of mail user
>> agent is exposed).
>>
>> It makes sense to have safer defaults.
I think in the case of Gnus, defaulting this header to nil would just be
security theatre -- there so many distinctive features in how
Gnus/Message formats messages that anybody can tell that it's from Emacs
even without that header.
So I don't think it makes sense to do this, and I'm closing this bug
report.
This bug report was last modified 2 years and 265 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.