I agree with Remco.
IMHO any information about a users system (like PID) is irrelevant for a
Message-ID and therefore should not be in there. If you consider this
information sensitive or not is entirely subjective. If only one user
considers it sensitive, we should not generate and transmit it by
default.
A similar argument can be made about generating Message-IDs in a way
that's unique to Mutt. In line with IETF recommendations [1] and people
landing in jail because of metadata leakage [2], we are now only sending
"User-Agent" headers with explicit user consent. [3]
1. https://tools.ietf.org/html/rfc7258
2.
http://www.justice.gov/sites/default/files/opa/press-releases/attachments/2015/03/30/criminal_complaint_forcev2.pdf
3. https://gitlab.com/muttmua/mutt/-/issues/159
IMHO all the arguments also apply here. IMHO we should chose a form of
Message-ID that (a) does not include unneccessary system information and
(b) matches that of other MUAs. Maybe we should follow these
"Recommendations for generating Message IDs"?
https://tools.ietf.org/html/draft-ietf-usefor-message-id-01
Best
Remco Rijnders:
This can lead to information being leaked as to an users email habits
and activities, which might be undesirable.
--
ilf
If you upload your address book to "the cloud", I don't want to be in it.
