Reply to topic

Anonimizing Kmail (user agent & more)

User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS

Anonimizing Kmail (user agent & more)

Fri Jan 15, 2016 10:51 pm
In the post Snowden age we aren't as naive as before, and know that the best way to preserve certain civil rights and liberties is that some info never leaves our computers.
But unfortunately Kmail reveals, in the mails' headers -full view, of course-, a lot of personal information that I don't think is really necessary for a correct functioning: «Message-ID» entry shows my computer's name; «X-KMail-Dictionary» reveals my language, «User-Agent», my email client, operating system, desktop environment and version of KDE frameworks, and of course the type of CPU; «Content-Type» reveals the character set I'm using -this perhaps is necessary to avoid weird characters?-; and finally, there's something which implications I don't know but it's called «X-KMail-Identity» and is folloved by a serie of numbers which I would like to think that aren't unique.
All this creates a rather precise fingerprint that combined with the IP address -privacy respectful providers like Openmailbox, Autistici, RiseUp, ProtonMail and several others, I think even Gmail, don't reveal it, but other providers do- can perfectly track users.

Is there any way to configure Kmail in a "secure mode", even if it must be done tweaking some config files? If not, please, devs, if any of you visits this forum and read this, take it into account.

Last edited by eemantsal on Sat Jan 16, 2016 6:17 pm, edited 1 time in total.
User avatar einar
Administrator
Posts
3400
Karma
7
OS
You may want to file a wishlist request on bugs.kde.org. If you have access to the mail server you're sending mails to, you can (for example using Postfix's "header_checks") remove specific headers from sent mails.


"Violence is the last refuge of the incompetent."
Image
Plasma FAQ maintainer - Plasma programming with Python
User avatar scummos
Global Moderator
Posts
1137
Karma
7
OS
I see your point, but on the other hand, your email address is already a quite precise fingerprint, no? Especially if you combine it with an OpenPGP signature ...


I'm working on the KDevelop IDE.
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
scummos wrote:I see your point, but on the other hand, your email address is already a quite precise fingerprint, no? Especially if you combine it with an OpenPGP signature ...

Well, if you accustom to use aliases and change them from time to time, as most privacy concerned mail providers allow, it'd be somehow better. But my point wasn't to aspire to a totally secure email client; it has been sufficiently explained in tons of articles that email is per se an insecure way of communicacion; we'd better use Signal, or even Telegram "secret chats" for a decent level of privacy. No, what I'd aspire to is that Kmail would only reveal the exclusively necessary info about we, its users, for correct "negotiation" with mail servers and therefore correct functioning. Besides, note that an email address doesn't reveal actually almost anything: without an IP address you can't guess where it's been sent from, without an user agent identificator you can't guess on which hard/software configuration has been sent from, without all that info that Kmail reveals, you can't know what's the preferred language of the sender, ergo probably their mother tonge. In short, a big brotherish annoying advertising company -or a government, for the most paranoid- can't stalk much your digital life with just an email address. Surely there are other methods, and if they want to track and stalk you, they will succeed, but, damn! let's not make it so easy for them, no? Heheh.
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
einar wrote:You may want to file a wishlist request on bugs.kde.org. If you have access to the mail server you're sending mails to, you can (for example using Postfix's "header_checks") remove specific headers from sent mails.

Then the answer is no? Users cant edit some config file to make Kmail not to include personal info in its headers? I thought it would be possible. Modifying the header info doesn't sound like something that needs be obscurely coded in some complicated source code file. :-\
And no, I don't administer any mail server, I'm just a common user; but in any case, it shoult be the mail client that assure that every message that goes out from it is safe and privacy respectful. Later on, different mail servers who know what can do. No, I don't think that "solving" the issue configuring the mail server to do something special would be a solution: the problem is on Kmails side, not on the server's.

Ok, I'll file that bug. I have still pending to file another bug for another question you also answered, but I need to find the time. I hope I can file both it next week.
User avatar einar
Administrator
Posts
3400
Karma
7
OS
Bear in mind that some mail headers are necessary for the proper delivery and parsing of the mail, that's why the best place where they can be adjusted is the Mail Transport Agent (MTA), which is the software which listens on port 25, 587 and 465 for incoming email.


"Violence is the last refuge of the incompetent."
Image
Plasma FAQ maintainer - Plasma programming with Python
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
I'm aware of that, but defnitely my machine's name or my desktop environment, just to cite some examples, I don't think is something my mail provider needs to know.
I'll file a bug and see what do developers think. Thanks for your answers.
regwiz
Registered Member
Posts
2
Karma
0
eemantsal wrote:I'm aware of that, but defnitely my machine's name or my desktop environment, just to cite some examples, I don't think is something my mail provider needs to know.
I'll file a bug and see what do developers think. Thanks for your answers.


I have read this message twice, really I can't believe KMail sends some more unnecessary (additional) information with sent mail headers.

Biggest reasons for my switch to KDE were mainly system integrity (productivity) and privacy. But now I am little bit disappointed.

Did you have any chance to file a feature request with kde forums?

Thanks
User avatar colomar
Registered Member
Posts
944
Karma
2
OS
eemantsal wrote:Is there any way to configure Kmail in a "secure mode", even if it must be done tweaking some config files? If not, please, devs, if any of you visits this forum and read this, take it into account.


I can only second einar here: Your request will be far more likely to be seen by the developers if you post it on bugs.kde.org. Once you've done that, please link to it here and I will support you if the devs fail to see the problem.
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
colomar wrote:I can only second einar here: Your request will be far more likely to be seen by the developers if you post it on bugs.kde.org. Once you've done that, please link to it here and I will support you if the devs fail to see the problem.


I'll do it. I need to find the time, because I don't write english very well nor easily -need to lookup words on dictionaries and such-, and elaborating a good report in english takes me much time. But I promise, I'll do soon and link it here. :) Thanks for you support.
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
Ok, finally I reported the issue. The page is here.
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
regwiz wrote:Did you have any chance to file a feature request with kde forums?

Thanks


Yes, I have posted the link in mi previous message.
You are welcome. :)
User avatar eemantsal
Registered Member
Posts
118
Karma
0
OS
Just for tranquilizing the ones who may read this thread, I in the BKO page, two developers told me that Kmail in fact doesn't sent all those headers that show in the sent mail folder, so, even if you see there all that peronal info I talked about in my first message, the reality i that Kmail only send the user agent info. Anyway, as it isn't necessary for a correct funtioning, developer Laurent Montel will investigate it, for it seems it's not something developer relly want Kmail to do, so they probably will correct it and future versions won't send the user agent info. So, after all, Kmail still leaks some info that should not be revealed, but not as much as it seems if one looks at all the headers in sent mail. Not perfect but much better than if seemed. :)
As soon as new Kmail revisions remove the user agent info too I'll mark this issue as solved.

 
Reply to topic

Bookmarks



Who is online

Registered users: Baidu [Spider], bcooksley, benjaminl, Bing [Bot], cylverbak, Google [Bot], gui-m, kakosf, kde-jriddell, klorax, Mamarok, P3lor, peje, Snudl, zwankfr