|Summary:||"Kmailleaks", or what to improve to make Kmail more privacy friendly.|
|Product:||[Applications] kmail2||Reporter:||eemantsal <infmtk>|
|Component:||general||Assignee:||kdepim bugs <kdepim-bugs>|
|Severity:||wishlist||CC:||johannes.klick, lbeltrame, malvin, montel, thomas.pfeiffer|
|Latest Commit:||http://commits.kde.org/messagelib/6296818e9c7003bec9911c0ee702dc1851ab33e1||Version Fixed In:||5.4.0|
Description eemantsal 2016-03-01 18:39:25 UTC
Comment 1 Laurent Montel 2016-03-02 05:55:27 UTC
you look at mail in sent-mail not mail really send to other user: => X-KMail-Identity is never sent X-KMail-Dictionary is never sent. It's removed for mail which is sent. => Message-ID: you can customize it in kmail configuration. => user-agent I don't know why we export them indeed. I will investigate.
Comment 2 eemantsal 2016-03-02 14:40:59 UTC
Yes, but where should I look at to see what has been sent? I think the logic thing is to believe that sent mail folder contains sent mail, exactly what Kmail sents, nothing more and nothing less. Why should a program do something different to what its name says? Anyway I, of course don't deny what you say, but then, how can we know what has really been sent?
Comment 3 eemantsal 2016-03-02 15:04:47 UTC
Silly form... I can't edit my message, so I have to write this reply and spam your mailbox inncessarily >:-( Ok, 3 seconds after sending my previus message I realized that I just have to send an email to myself and look at the headers. So, then, if Kmail wouldn't send the user agent nor the Message-ID it will be as privacy friendly as the privacy friendly webmail apps. Great. But, where can be disabled or customize Message-ID? I've been looking in identities' and accounts' preferences but haven't found it. Also, don't you think that if it can be disabled or customized with a generic name like "localhost", "PC", or whatever generic name is used by the majority, it should be the default? Shouldn't privacy be preserved just out of the box, not tell users to change something that besides is not very visible? Anyway, is more tranquilizing to see that only user agent and Message-ID are sent. Thanks for indicating, if not, I'd been convinced that Kmail sends many other personal info, like I think everyone who may read my post at KDE forum must be thinking. :-/ I'll write a comment to tranquilize the readers. Thanks, and I hope it's improved as soon as possible.
Comment 4 Laurent Montel 2016-03-02 16:18:56 UTC
(In reply to eemantsal from comment #2) > Yes, but where should I look at to see what has been sent? I think the logic > thing is to believe that sent mail folder contains sent mail, exactly what > Kmail sents, nothing more and nothing less. Why should a program do > something different to what its name says? > Anyway I, of course don't deny what you say, but then, how can we know what > has really been sent? We keep it in sent-mail folder as when we want to reply/reedit we need to know why identity was used for example etc.
Comment 5 Luca Beltrame 2016-03-04 06:41:46 UTC
(In reply to eemantsal from comment #3) > identities' and accounts' preferences but haven't found it. Also, don't you > think that if it can be disabled or customized with a generic name like You can find it in Configure KMail > Composer > Headers.
Comment 6 eemantsal 2016-03-04 13:13:00 UTC
I was yesterday having a look to all those options and thought that perhaps this user Message-ID issue was related to this Headers tab you mention, but I didn't understand what a "suffix" could be -of course I know what it means in lingüistics, but remember that most of us aren't informatics nor are really accustomed to informatic terminology- and didn't pay much attention to it. Now I see that effectively that was the key. Thank you. Nevertheless, probably a little tooltip reading something like «This is the identifier that will be shown in the Message-ID header» when hovering the pointer would sensitively improve the user friendliness. Also, probably a suffix, as common and widespread as possible, should be preset by default, so the average user doesn't have to search on the Internet how to do it. Don't you agree? Anyway, then there's only the user agent leak. All in all Kmail is not such a "blabbermouth", hehe, but see how an average user like me has had to ask to you, developers and try a couple of things that most users aren't willing to try. I sincerely believe this is way afar from user friendly. If you allow me the suggestions, please add a default preset, and consider an option to see truly sent headers, not excluding the actual option to see all that extra info that Laurent said in comment 4, but adding one more perhaps in the View/Headers menu, «Real headers», or whatever you think is more descriptive and accurate. Again, all this surely sounds obvious and silly to you, but, once again, remember that the majority of users don't know/want to have to read and write in forums nor fiddle and dig amoung not so clear options, tabs, menues, etc. A couple of simple things would make users' life way easier. Regards, and I think that once the user agent issue is solved this bug report can be closed.
Comment 7 eemantsal 2016-03-04 14:28:04 UTC
Sorry if I'm being too insistent, but it has come to mind that for that hypothetical Message-ID suffix could be a per-account or per-identity setting that, by default, would use the mail sender's domain, so, if someone uses a Protonmail, Gmail, whatever account, Kmail may set as prefix protonmail.com, gmail.com, and so on; all without any need for the user to touch anything, and not adding any extra info ince the mail sender's domain is already known in the From header. i think it'd be an elegant and efficacious solution. What do you think?
Comment 8 Thomas Pfeiffer 2016-07-24 17:38:20 UTC
The User Agent does indeed reveal more information about the sender's system than necessary (why would one need to know which application in which version on which operating system was used to send an email?). Is there anything that speaks against leaving the User-Agent string completely out by default, or maybe reducing it to just "KMail"? Most email clients do send user-agent information by default, but since the sender's user agent does not really have practical relevance in an email (in contrast to a web browser where the server uses it to apply workarounds for specific browsers' shortcomings, for example), we could just be better then others in that regard.
Comment 9 Johannes Klick 2016-09-07 14:48:01 UTC
HI, i totally agree with Thomas Pfeiffer. Kmail sends by default the OS type, kernel version and the desktop environment by default. It is very useful for an attacker, who wants to send you an email with a malicious attachment... Please remove the User-Agent field by default or is it really necessary?
Comment 10 Johannes Klick 2016-09-07 14:55:57 UTC
(In reply to Luca Beltrame from comment #5) > (In reply to eemantsal from comment #3) > > > identities' and accounts' preferences but haven't found it. Also, don't you > > think that if it can be disabled or customized with a generic name like > > You can find it in Configure KMail > Composer > Headers. For making it more precise: It is possible to override the User-Agent field by adding the field "User-Agent" under "Configure KMail > Composer > Headers" but this is not intuitive. Disable User-Agent field by default and provide a menu that shows all default Headers and its values. This would make it easy for an user to edit the values.
Comment 11 malvin 2016-09-07 15:00:46 UTC
(In reply to Johannes Klick from comment #10) > > You can find it in Configure KMail > Composer > Headers. > > For making it more precise: > It is possible to override the User-Agent field by adding the field > "User-Agent" under "Configure KMail > Composer > Headers" but this is not > intuitive. Does this also allow the user to completely remove the User-Agent header? (Which I also think should be the default nowadays.)
Comment 12 Laurent Montel 2016-11-04 22:22:38 UTC
Git commit 6296818e9c7003bec9911c0ee702dc1851ab33e1 by Montel Laurent. Committed on 04/11/2016 at 22:20. Pushed by mlaurent into branch 'master'. Fix Bug 359964 - "Kmailleaks", or what to improve to make Kmail more privacy friendly. FIXED-IN: 5.4.0 M +17 -30 messagecomposer/autotests/messagefactorytest.cpp M +0 -9 messagecomposer/src/job/skeletonmessagejob.cpp http://commits.kde.org/messagelib/6296818e9c7003bec9911c0ee702dc1851ab33e1