On Tuesday, 3 March 2015 13:24:52 CEST, Jason A. Donenfeld wrote:
It also comes in handy for forming targeted attacks against MUAs with zero-day vulnerabilities known to particular adversaries. As a security professional, this additional level of obscurity - of not leaking my UA - is important, as much in principle as in practice.
OK, thanks for explaining this.
Furthermore, the user agent also leaks information as to the version of Qt I'm running and the version and name of my operating system. My god, it's absurd!
This is roughly the same as what Thunderbird has been doing for years (the name of the OS is included, and "Gecko version" roughly matches "Qt version" for practical purposes here). I would not personally call this absurd, but I see why people might not like it.
Now, maybe we could change the pref to switch between "identify Trojita including the Qt version" and "just say it's Trojita". Am I right that this won't be a correct fix from your point of view, and that you absolutely want to have nothing in there if at all possible?
Cheers, Jan -- Trojitá, a fast Qt IMAP e-mail client -- http://trojita.flaska.net/
