lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV IDENT; any way a single user can turn it off?

From: Klaus Weide
Subject: Re: LYNX-DEV IDENT; any way a single user can turn it off?
Date: Wed, 11 Dec 1996 01:34:05 -0600 (CST) 
On Tue, 10 Dec 1996, Hiram Lester, Jr. wrote:

> On Tue, 10 Dec 1996 address@hidden wrote:
> 
> > I just discovered, courtesy of the SNOOP link at    www.anonymizer.com,
> > that the Lynx at both of my ISPs has IDENT turned on -- any web
> > page I visit gets my email address.

That SNOOP URL uses a number of different methods to get info on the
client.  Among them are ident, finger, ping, and several others.

> Actually, IDENT is a little different.  Ident is a method where the
> machine you are on is running an ident daemon and any machine you connect
> to that requires ident will query that port to be sure that you aren't
> spoofing your IP (and full e-mail address if it's available).  It's
> completely seperate from Lynx.

Yes, it has nothing to do with Lynx.  Lynx has to make a direct TCP 
connection to the server like every browser (or telnet client or ftp
client etc.), unless one is going through a proxy or gateway (or a 
specialized proxy like "The Anonymizer").  From that connection the
server has the IP address and therefore enough info to start an ident
query to the originating machine.
 
> But... you are correct in that Lynx will send your e-mail address if you
> have it defined on the Options screen.  It sends the address with every
> HTTP request as part of the headers: "From: address@hidden"

Excerpt from the lynx.cfg file:

# If NO_FROM_HEADER is TRUE, From headers never will be sent in transmissions
# to servers.  Lynx normally sends the personal_mail_address as a From header,
# if that address has been defined via the 'o'ptions menu.  If left FALSE
# here, it can be set TRUE at run time via the -nofrom switch.
#
#NO_FROM_HEADER:FALSE

The SNOOP URL shows the info from a HTTP "From:" header in the following
form (if it is being sent):

 "Furthermore, your browser also
     reveals 'address@hidden' as your return address."

That, and the info from a Referer header which is shown by the SNOOP URL
as "You just visited ...", is derived from things Lynx is sending.
(Sending of Referer headers can also be turned off in lynx.cfg or with
a command line.  Referer will be sent when following a link, but not
when accessing a page after typing in a 'g'oto URL.)

All other info the SNOOP URL shows is not from Lynx, and Lynx can do
nothing to hide that info.

> > No wonder my junkmail count is rising, at the ISP I Lynx from (Netcom).
> 
> It's possible, but from my experience most junkmail still comes from
> posting to usenet and other discussion lists.

Agreed.

> > Any way an individual user can turn this OFF?
 
> Well, as far as I know, it you set no value for the e-mail address on the
> Options screen, nothing will be sent.  I'm not sure if anything will be
> sent after you use a mailto: URL if you fill in an e-mail address there...

As shown above, sending of From in HTTP requests can be suppressed
while still having a valid From address for mail.

> > Else I'll ask if they'll offer two different configurations here,
> > so people can hide.

I doubt you'll be able to convince Netcom to turn the identd daemon
for shell accounts off for you.

   Klaus

;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;
reply via email to
[Prev in Thread] Current Thread [Next in Thread]