[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#58171: 29.0.50; Change gnus-user-agent to nil by default
From: |
Lars Ingebrigtsen |
Subject: |
bug#58171: 29.0.50; Change gnus-user-agent to nil by default |
Date: |
Fri, 30 Sep 2022 15:37:26 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Stefan Kangas <stefankangas@gmail.com> writes:
> To save some typing, I'll just quote what Daniel Kahn Gillmor said when
> they made this change in notmuch back in 2016:
>
>> The User-Agent: header can be fun and interesting, but it also leaks
>> quite a bit of information about the user and their software stack.
>>
>> This represents a potential security risk (attackers can target the
>> particular stack) and also an anonymity risk (a user trying to
>> preserve their anonymity by sending mail from a non-associated account
>> might reveal quite a lot of information if their choice of mail user
>> agent is exposed).
>>
>> It makes sense to have safer defaults.
I think in the case of Gnus, defaulting this header to nil would just be
security theatre -- there so many distinctive features in how
Gnus/Message formats messages that anybody can tell that it's from Emacs
even without that header.
So I don't think it makes sense to do this, and I'm closing this bug
report.