X-Mailer removing
Rostislav
4.79, for email and usenet services. Every email or usenet message
sended by this program contains "X-Mailer: ..." in the headers.
According to RFC this line is non-standard therefore useless one. I
produced a patch that will disable adding of this line to the header of
all outgoing messages. It will increase your privacy and, in the same
time, decrease message size... a little :-))
===== netscape.exe patch =====
0014A724: BF E9
0014A725: E0 78
0014A726: 27 00
0014A727: 8A 00
===== netscape.exe patch =====
FYI:
To see your message in source format use [Ctrl]+[U] keys combination.
The patch done with English 4.79 Win32 version of Netscape Communicator,
so be careful with others.
Good luck
those who know me have no need of my name
>I use Netscape Messenger, that is a part of Win32 Netscape Communicator
>4.79, for email and usenet services. Every email or usenet message
>sended by this program contains "X-Mailer: ..." in the headers.
>According to RFC this line is non-standard therefore useless one. I
>produced a patch that will disable adding of this line to the header of
>all outgoing messages. It will
do nothing to
>increase your privacy and, in the same
>time, decrease message size... a little :-))
--
bringing you boring signatures for 17 years
Rostislav
X-Mailer: Mozilla 3.01Gold (Win16; I)
X-Mailer: Mozilla 4.71 [en] (Win95; I)
X-Mailer: Mozilla 3.01 (X11; I; Linux 2.2.14-5.0 i686)
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.18 i686)
X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.29 i586)
D'you think that lines like these do nothing with your privacy? Do you
really want send such information to everybody? What for you send this
one?
User-Agent: Gnus/5.090007 (Oort Gnus v0.07) XEmacs/21.4 (Informed
Management
(RC1), i686-redhat-linux)
those who know me have no need of my name <not-a-rea...@usa.net>
wrote:
those who know me have no need of my name
>X-Mailer: Mozilla 4.75 [en] (Win95; U)
>X-Mailer: Mozilla 3.01Gold (Win16; I)
>X-Mailer: Mozilla 4.71 [en] (Win95; I)
>X-Mailer: Mozilla 3.01 (X11; I; Linux 2.2.14-5.0 i686)
>X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.18 i686)
>X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.29 i586)
>
>D'you think that lines like these do nothing with your privacy?
yes.
>Do you really want send such information to everybody?
what does it tell them about *me*, personally?
Rostislav
It tells about the software that you'd use.
Maybe the word "privacy" confused you a little. If so, change it to
"personal security" if you want. Anyway, what for you must send such
information to everybody?
And about privacy. If I know what software you use, I, probably, exactly
know what security hole you have. So theoretically I can produce a
trojan-horse message that will infect your computer and open the way to
private data stored there.
those who know me have no need of my name
>those who know me have no need of my name <not-a-rea...@usa.net>
>wrote:
>> in comp.mail.headers i read:
>> >Do you really want send such information to everybody?
>>
>> what does it tell them about *me*, personally?
>
>It tells about the software that you'd use.
>Maybe the word "privacy" confused you a little. If so, change it to
>"personal security" if you want.
one should use the words they intend. it does disclose the software i use,
and that has some people worried that it says something about themselves
which they don't want disclosed. what one types in their messages
discloses as much, probably more. if one is this worried about privacy
they probably shouldn't post.
>Anyway, what for you must send such information to everybody?
perhaps my software produces slightly out-of-spec messages, in that case
quick and simple access to that information can allow your software to
apply a correction (so that the message can be handled correctly).
>And about privacy. If I know what software you use, I, probably, exactly
>know what security hole you have.
that's security, again. general attacks don't tend to care which software
an individual uses, they write the exploit for the one that provides the
environment they want or need, and don't care that nobody else is
susceptible. specific attacks can fingerprint your software, or just wait
for you to tell everyone when asking a question in news.software.readers or
comp.mail.*, though that can (but does not necessarily) require multiple
messages.
Rostislav
>
> in comp.mail.headers i read:
> >those who know me have no need of my name <not-a-rea...@usa.net>
> >wrote:
> >> in comp.mail.headers i read:
>
> >> >Do you really want send such information to everybody?
> >>
> >> what does it tell them about *me*, personally?
> >
> >It tells about the software that you'd use.
> >Maybe the word "privacy" confused you a little. If so, change it to
> >"personal security" if you want.
>
> one should use the words they intend. it does disclose the software i use,
> and that has some people worried that it says something about themselves
> which they don't want disclosed. what one types in their messages
> discloses as much, probably more. if one is this worried about privacy
> they probably shouldn't post.
This one writes different things in different messages to different
people. But "X-Mailer: " is not different in all of the posts and it is
always there. So yes, I agree with you, partially. One shouldn't post
such messages.
> >Anyway, what for you must send such information to everybody?
>
> perhaps my software produces slightly out-of-spec messages, in that case
> quick and simple access to that information can allow your software to
> apply a correction (so that the message can be handled correctly).
I don't know much software that use X-Mailer or User-Agent information
for such purpose. If your software have bugs you must fix them or chage
the software. If it use some different data format than information
about this format must be send but not about you email software,
operating system, processor family, etc.
X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.18 i686)
Remember this example?
> >And about privacy. If I know what software you use, I, probably, exactly
> >know what security hole you have.
>
> that's security, again. general attacks don't tend to care which software
> an individual uses, they write the exploit for the one that provides the
> environment they want or need, and don't care that nobody else is
> susceptible. specific attacks can fingerprint your software, or just wait
> for you to tell everyone when asking a question in news.software.readers or
> comp.mail.*, though that can (but does not necessarily) require multiple
> messages.
I Don't understand you. Are you talking about kids playing with exploits
or about directional attacks against _specific_ targets?
Barry Margolin
those who know me have no need of my name <not-a-rea...@usa.net> wrote:
>in comp.mail.headers i read:
>>those who know me have no need of my name <not-a-rea...@usa.net>
>>wrote:
>>> in comp.mail.headers i read:
>
>>> >Do you really want send such information to everybody?
>>>
>>> what does it tell them about *me*, personally?
>>
>>It tells about the software that you'd use.
>>Maybe the word "privacy" confused you a little. If so, change it to
>>"personal security" if you want.
>
>one should use the words they intend. it does disclose the software i use,
>and that has some people worried that it says something about themselves
>which they don't want disclosed. what one types in their messages
>discloses as much, probably more. if one is this worried about privacy
>they probably shouldn't post.
You get to choose what words appear in the text of your message. The
privacy violation that bothers people about automatic headers is that it's
out of their control. Information is being disclosed about them whether
they want it to or not.
I've seen people respond to posts on Usenet by making fun of the author
because of the software they use. For instance, if someone posts to a Unix
newsgroup using Outlook Express, they're subject to ridicule because
they're obviously using a Windows system instead of Unix.
--
Barry Margolin, bar...@genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
those who know me have no need of my name
>You get to choose what words appear in the text of your message. The
>privacy violation that bothers people about automatic headers is that it's
>out of their control. Information is being disclosed about them whether
>they want it to or not.
i believe i understand the reason to dislike what is automatically sent,
but i don't see that it's a privacy issue. for those that do believe it's
an issue, be it privacy and/or security, there are proxies that will remove
anything they like, down to the bare minimum necessary to send/post at all.
Barry Margolin
>
>>You get to choose what words appear in the text of your message. The
>>privacy violation that bothers people about automatic headers is that it's
>>out of their control. Information is being disclosed about them whether
>>they want it to or not.
>
>i believe i understand the reason to dislike what is automatically sent,
>but i don't see that it's a privacy issue.
Any time information is divulged about you or your computer system that you
don't want divulged and without your explicit permission, it's a privacy
violation. Some are more serious than others, of course; if there were an
"X-Annual-Salary:" header, that would be worse than "X-Mailer:".
> for those that do believe it's
>an issue, be it privacy and/or security, there are proxies that will remove
>anything they like, down to the bare minimum necessary to send/post at all.
The fact that such proxies are needed is an indication that many people
consider this an unwanted invasion of their privacy.
those who know me have no need of my name
>In article <uga0p6r...@news.supernews.com>,
>those who know me have no need of my name <not-a-rea...@usa.net> wrote:
>>in comp.mail.headers i read:
>>>You get to choose what words appear in the text of your message. The
>>>privacy violation that bothers people about automatic headers is that
>>>it's out of their control. Information is being disclosed about them
>>>whether they want it to or not.
>>
>>i believe i understand the reason to dislike what is automatically sent,
>>but i don't see that it's a privacy issue.
>
>Any time information is divulged about you or your computer system that you
>don't want divulged and without your explicit permission, it's a privacy
>violation.
that is what some contend. is it not obvious that i don't agree?
Barry Margolin
those who know me have no need of my name <not-a-rea...@usa.net> wrote:
>in comp.mail.headers i read:
>>don't want divulged and without your explicit permission, it's a privacy
>>violation.
>
>that is what some contend. is it not obvious that i don't agree?
Yes, it's obvious you don't agree, but not so obvious why. Why is your
choice of mail reader not a private matter? Where do you draw the line
between private information and public information?
Sami Sihvonen
>> X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.18 i686)
>> D'you think that lines like these do nothing with your privacy?
> what does it tell them about *me*, personally?
Nothing about you, only about software you use. See above example
about X-Mailer line: If somebody finds a security hole in Mozilla
4.72 or GNU/Linux kernel 2.2.18 then you might not wan't it to be
public informartion that public internet machine X is using those...
--
Sami Sihvonen,
Chief Executive Officer,
Janiika Networks Corporation.
Simon Josefsson
> In article <ug5e8r...@news.supernews.com>,
> those who know me have no need of my name <not-a-rea...@usa.net>
> wrote:
>
>>> X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.18 i686)
>>> D'you think that lines like these do nothing with your privacy?
>> what does it tell them about *me*, personally?
>
> Nothing about you, only about software you use. See above example
> about X-Mailer line: If somebody finds a security hole in Mozilla
> 4.72 or GNU/Linux kernel 2.2.18 then you might not wan't it to be
> public informartion that public internet machine X is using those...
Whether that information is public or not is not correlated to whether
the application is secure or not. If you believe you are secure if
you hide what software and version you use, you are making a mistake.
Public information _might_ be correlated to increased number of
attacks though, when an attacker scans for X-Mailer: and send those
people exploits.
Public information _might_ also be correlated to increased security
awareness, because a nice person could also scan for X-Mailer: and
send those people a warning.
el...@jpberlin.de
Hello!
For those people who use the message format ZConnect:
I'm working on a DOS program which is able to delete header lines form
ZConnect-messages. My program is a non-commercial project, does'not
cost something and can be used as filter before sending or for
incomming messages. (Or to archive messages without unnecessary header
lines.) I've the idea to enable the program to work with messages in
the RFC 822 conform format too, but I'm not sure if I will have the
time to do it.
Todays version number of my program is "1.9c" and I'm looking for
people, who are interested to test it.
I' sorry if my message is not the English of Shakespeare,
English is not my native language.
My program has many features which I could not describe in 10
sentences and which will only interest those who will test it.
Regards Elek