[PATCH] private message id

[PATCH] private message id

[Łukasz Stelmach]

Hi.

I'd like to share an idea, and a patch that implemnts it, to make
Message-ID slightly worse source of data tracking down an individual who
uses multiple accounts on one machine. All message get the same fqdn
part so it is quite obvious they are sent from the same machine.
I know, there are Received headers but they are not as easy to parse,
and may be a lot less accurate behind a NAT.

I propose a Message-ID consiting of unique-id%e-mail-address grabbed
from the From header. Take a look at the ID of this message.

--8<---------------cut here---------------start------------->8---
diff --git a/lisp/message.el b/lisp/message.el
index bff11b2..9fc3eb6 100644
--- a/lisp/message.el
+++ b/lisp/message.el
@@ -5425,6 +5425,13 @@ In posting styles use `(\"Expires\" (make-expires-date 30))'."
     (setf (nth 3 cur) nday)
     (message-make-date (apply 'encode-time cur))))
 
+(defcustom message-make-private-message-id t
+  "Make Message-ID more privacy-aware by replacing the host
+partname with the senders e-mail addres. It makes a bit harder to
+associate message sent from different accounts."
+  :group 'message-headers
+  :type 'boolean)
+
 (defun message-make-message-id ()
   "Make a unique Message-ID."
   (concat "<" (message-unique-id)
@@ -5443,7 +5450,13 @@ In posting styles use `(\"Expires\" (make-expires-date 30))'."
 		 (and psupersedes
 		      (string-match "_-_@" psupersedes)))
 		"_-_" ""))
-	  "@" (message-make-fqdn) ">"))
+	  (let ((pfrom (save-excursion (message-fetch-field "from"))))
+	    (if (and message-make-private-message-id
+		     pfrom)
+		(concat "%"
+			(cadr (mail-extract-address-components pfrom)))
+	      (concat "@" (message-make-fqdn))))
+	  ">"))
 
 (defvar message-unique-id-char nil)
 
--8<---------------cut here---------------end--------------->8---


-- 
Miłego dnia,
Łukasz Stelmach

Re: [PATCH] private message id

[Russ Allbery]

Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:

> I'd like to share an idea, and a patch that implemnts it, to make
> Message-ID slightly worse source of data tracking down an individual who
> uses multiple accounts on one machine. All message get the same fqdn
> part so it is quite obvious they are sent from the same machine.  I
> know, there are Received headers but they are not as easy to parse, and
> may be a lot less accurate behind a NAT.

> I propose a Message-ID consiting of unique-id%e-mail-address grabbed
> from the From header. Take a look at the ID of this message.

In theory, this is a minor violation of best practices for generating
Message-IDs because you're "stealing" message IDs from the space owned by
the e-mail address domain and may conflict with some message ID generation
algorithm used separately by the owner of that domain, thus resulting in
message ID collisions.  In practice, though, the addition of the username
makes that very unlikely, so I doubt it would be a practical problem.

Seems like a fairly good idea to me.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Re: [PATCH] private message id

[Lars Magne Ingebrigtsen]

Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:

> I propose a Message-ID consiting of unique-id%e-mail-address grabbed
> from the From header. Take a look at the ID of this message.

I think the idea is fine, but I'm not sure it's worth adding Yet Another
Customization Variable for this.  If the user wants this, then they can
redefine the function that generates the Message-ID.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: [PATCH] private message id

[Łukasz Stelmach]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:
>
>> I propose a Message-ID consiting of unique-id%e-mail-address grabbed
>> from the From header. Take a look at the ID of this message.
>
> I think the idea is fine, but I'm not sure it's worth adding Yet Another
> Customization Variable for this.  If the user wants this, then they can
> redefine the function that generates the Message-ID.

This is an option. However, there is the whole superseding code which
looks like it should be there. So copying a function just to redefine
two lines in it looks weird, doesn't it? But if you say so.

Best regards,
-- 
Miłego dnia,
Łukasz Stelmach

Re: [PATCH] private message id

[Lars Magne Ingebrigtsen]

Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:

> This is an option. However, there is the whole superseding code which
> looks like it should be there. So copying a function just to redefine
> two lines in it looks weird, doesn't it?

It's really the message-unique-id and/or message-make-fqdn that need
redefinition, isn't it?

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: [PATCH] private message id

[Łukasz Stelmach]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:
>
>> This is an option. However, there is the whole superseding code which
>> looks like it should be there. So copying a function just to redefine
>> two lines in it looks weird, doesn't it?
>
> It's really the message-unique-id and/or message-make-fqdn that need
> redefinition, isn't it?

Not exactly. Let me explain it step by step (and think aloud). By
default you get:

<87vd3dw1fh.fsf@some.host.fqdn>

If you redefine message-unique-id you still get the same fqdn on every
message you send regardless of the account (identity) you use. This
makes them easy to associate. Conclusion message-unique-id is OK as it
is let's change message-make-fqdn. Lets make message-make-fqdn return
sender's address

<87tyixw1au.fsf@lukasz.stelmach@iem.pw.edu.pl>

It is invalid Message-ID because it comprises two `@' characters. The
first `@' comes from message-make-message-id so either we redefine this
function or substitute the second `@' with a character valid for a
domain name. 

<87r5e1w15q.fsf@lukasz.stelmach-iem.pw.edu.pl>

Now message-make-fqdn returns lukasz.stelmach-iem.pw.edu.pl which
preserves ID's uniqueness. And it is a good Message-ID. In fact you in
the latter case it's enough to set message-user-fqdn (but a function
attached somewhere around message-send-hook is required to set it
according to the From header, which in fact is equivalent work to
redefinition of message-make-fqdn). However, in this particular case
everything seems to work fine, it will only as long as no one expects it
to return what its name means.

That's my rationale for the patch.

-- 
Miłego dnia,
Łukasz Stelmach

Re: [PATCH] private message id

[Lars Magne Ingebrigtsen]

Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:

> If you redefine message-unique-id you still get the same fqdn on every
> message you send regardless of the account (identity) you use. This
> makes them easy to associate. Conclusion message-unique-id is OK as it
> is let's change message-make-fqdn. Lets make message-make-fqdn return
> sender's address
>
> <87tyixw1au.fsf@lukasz.stelmach@iem.pw.edu.pl>
>
> It is invalid Message-ID because it comprises two `@' characters. The
> first `@' comes from message-make-message-id so either we redefine this
> function or substitute the second `@' with a character valid for a
> domain name. 
>
> <87r5e1w15q.fsf@lukasz.stelmach-iem.pw.edu.pl>

So just redefine `message-make-fqdn' to return that, then?  Or set the
`message-user-fqdn' variable to be what you want.  It's a separate
function for easy redefinition.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen

Re: [PATCH] private message id

[Łukasz Stelmach]

Lars Magne Ingebrigtsen <larsi@gnus.org> writes:

> Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:
>
>> If you redefine message-unique-id you still get the same fqdn on every
>> message you send regardless of the account (identity) you use. This
>> makes them easy to associate. Conclusion message-unique-id is OK as it
>> is let's change message-make-fqdn. Lets make message-make-fqdn return
>> sender's address
>>
>> <87tyixw1au.fsf@lukasz.stelmach@iem.pw.edu.pl>
>>
>> It is invalid Message-ID because it comprises two `@' characters. The
>> first `@' comes from message-make-message-id so either we redefine this
>> function or substitute the second `@' with a character valid for a
>> domain name. 
>>
>> <87r5e1w15q.fsf@lukasz.stelmach-iem.pw.edu.pl>
>
> So just redefine `message-make-fqdn' to return that, then?  Or set the
> `message-user-fqdn' variable to be what you want.  It's a separate
> function for easy redefinition.

It will work unless somethig else than message-id related function
expect this fqdn to be the fqdn. Are there any? Will there be?

-- 
Miłego dnia,
Łukasz Stelmach

Re: [PATCH] private message id

[Lars Magne Ingebrigtsen]

Łukasz Stelmach <lukasz.stelmach@iem.pw.edu.pl> writes:

> It will work unless somethig else than message-id related function
> expect this fqdn to be the fqdn. Are there any? Will there be?

Give it a try and see.

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen