bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#58171: 29.0.50; Change gnus-user-agent to nil by default

From: Lars Ingebrigtsen
Subject: bug#58171: 29.0.50; Change gnus-user-agent to nil by default
Date: Fri, 30 Sep 2022 15:37:26 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) 
Stefan Kangas <stefankangas@gmail.com> writes:

> To save some typing, I'll just quote what Daniel Kahn Gillmor said when
> they made this change in notmuch back in 2016:
>
>> The User-Agent: header can be fun and interesting, but it also leaks
>> quite a bit of information about the user and their software stack.
>>
>> This represents a potential security risk (attackers can target the
>> particular stack) and also an anonymity risk (a user trying to
>> preserve their anonymity by sending mail from a non-associated account
>> might reveal quite a lot of information if their choice of mail user
>> agent is exposed).
>>
>> It makes sense to have safer defaults.

I think in the case of Gnus, defaulting this header to nil would just be
security theatre -- there so many distinctive features in how
Gnus/Message formats messages that anybody can tell that it's from Emacs
even without that header.

So I don't think it makes sense to do this, and I'm closing this bug
report.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]