On Sat, Apr 18, 2020 at 12:04:05PM -0500, Derek Martin wrote:
OK, please enlighten me: Tell me what you've learned,
nothing, because i don't care. ;)
how it's any worse than all the other information I demonstrated is
necessarily leaked from the headers, and how it is in any way
exploitable.
as the initial mail indicated, this is about data-mining *habits*. i can
use that to make a first guess about how insecure your system is
(judging by a long uptime), or make you feel paranoid by showing that i
know how often you restart your MUA (who knows what _else_ i learned?).
i'm sure one could come up with other data points if one is inclined so.
that my local host's name is revealed is mildly annoying, too. and yes,
i could avoid revealing that anyway by having my MTA suppress/fake the
Received headers appropriately for privacy (i didn't check what
software/config i'd have to use, but i'm willing to bet that there _are_
options).
