From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 14 Jul 2019 01:49:05 +0000 (-0400)
Subject: Omit User-Agent: header by default
X-Git-Tag: 2019-10-25~132^2~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=976428c1e90606b9f65fabc097146d6bd89312ca;p=neomutt

Omit User-Agent: header by default

The User-Agent: header can be fun and interesting and useful for
debugging, but it also leaks quite a bit of information about the user
and their software stack.

This represents a potential security risk (attackers can target the
particular stack) and also an anonymity risk (a user trying to
preserve their anonymity by sending mail from a non-associated account
might reveal quite a lot of information if their choice of mail user
agent is exposed).

Users who want to configure `user_agent` to `yes` can still do so, but
it makes sense to have safer defaults.

Co-authored-by: Richard Russon <rich@flatcap.org>
---

diff --git a/init.h b/init.h
index 5402c519f..fd060f85d 100644
--- a/init.h
+++ b/init.h
@@ -4702,7 +4702,7 @@ struct ConfigDef MuttVars[] = {
   ** Normally, the default should work.
   */
 #endif /* HAVE_GETADDRINFO */
-  { "user_agent", DT_BOOL, &C_UserAgent, true },
+  { "user_agent", DT_BOOL, &C_UserAgent, false },
   /*
   ** .pp
   ** When \fIset\fP, NeoMutt will add a "User-Agent:" header to outgoing