[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Making package.el talk over Tor
|
From: |
Eli Zaretskii |
|
Subject: |
Re: Making package.el talk over Tor |
|
Date: |
Sun, 17 Dec 2023 11:12:35 +0200 |
> From: Stefan Kangas <stefankangas@gmail.com>
> Date: Sun, 17 Dec 2023 00:23:27 -0800
> Cc: akib@disroot.org, emacs-devel@gnu.org
>
> Richard Stallman <rms@gnu.org> writes:
>
> > > 185.220.101.26 - - [14/Dec/2023:13:04:00 +0100] "GET /test HTTP/1.1"
> > 301 169 "https://amodernist.com/"; "URL/Emacs Emacs/30.0.50 (PureGTK;
> > x86_64-pc-linux-gnu)"
> >
> > > As you can see the User-Agent indicates that I am using Emacs, what
> > > version and even my architecture. Compare that to the user agent that
> > > you'd regularly encounter from an average browser:
> >
> > We should (1) let users specify what User-Agent to send, and (2) maybe
> > choose a different default.
> >
> > Icecat, by default, identifies itself as some widely used proprietary
> > browser running on Windows.
>
> Should we bump the default to 'paranoid'? Do what icecat does?
>
> Does the remote ever need to know if we're using X11 or PureGTK?
> I think they don't, and we should never add that information, in any
> configuration.
>
> > > Other than the user-agent, there are certainly other bits of behaviour
> > > that a malicious actor can use to track a user, such as the order in
> > > which HTTP headers are transmitted, the size of chunks by which the
> > > client sends and receives data and of course what requests aren't being
> > > sent (e.g. due to a lack of Javascript in EWW).
> >
> > We could work on making Emacs-based browsing more similar to the most
> > common browsers, in such aspects of visible behavior.
>
> If you are very concerned about your privacy, it's probably better to
> browse the web using the Tor web browser and eschew Emacs altogether.
>
> How about telling users about this in the EWW manual?
It looks like a changeset was installed on master which changes how
URL behaves in this matter, see commit 346e571230. I'm worried that
this is a backward-incompatible change which doesn't seem to have any
way for users to get back old behavior. I think we should provide
such a way, and I think this change should be called out in the
"Incompatible changes" section of NEWS.
Thanks.
- Re: Making package.el talk over Tor, (continued)
- Re: Making package.el talk over Tor, Tomas Hlavaty, 2023/12/21
- Re: Making package.el talk over Tor, Richard Stallman, 2023/12/23
- Re: Making package.el talk over Tor, Tomas Hlavaty, 2023/12/24
- Re: Making package.el talk over Tor, Philip Kaludercic, 2023/12/24
- Re: Making package.el talk over Tor, Tomas Hlavaty, 2023/12/24
Re: Making package.el talk over Tor, Philip Kaludercic, 2023/12/14
- Re: Making package.el talk over Tor, Emanuel Berg, 2023/12/14
- Re: Making package.el talk over Tor, Richard Stallman, 2023/12/16
- Re: Making package.el talk over Tor, Stefan Kangas, 2023/12/17
- Re: Making package.el talk over Tor,
Eli Zaretskii <=
- Never send user email address in HTTP requests, Stefan Kangas, 2023/12/17
- Re: Never send user email address in HTTP requests, Eli Zaretskii, 2023/12/17
- Re: Never send user email address in HTTP requests, Yuri Khan, 2023/12/17
- Re: Never send user email address in HTTP requests, Eli Zaretskii, 2023/12/17
- Re: Never send user email address in HTTP requests, T.V Raman, 2023/12/17
- Re: Never send user email address in HTTP requests, Richard Stallman, 2023/12/18
Re: Making package.el talk over Tor, Richard Stallman, 2023/12/18
Re: Making package.el talk over Tor, Philip Kaludercic, 2023/12/17
Re: Making package.el talk over Tor, Yuri Khan, 2023/12/17
Re: Making package.el talk over Tor, Richard Stallman, 2023/12/18