Open RollingStar opened 3 years ago
Your assumption is correct. This is the default behaviour for most mail applications I believe, so I'm just following that here.
The purpose of the From field is to identify the user sending the message. Setting it to some fixed value would mean that anyone, who doesn't set that option, would all be the same user - not the point of the From field.
If you don't want to expose this information for privacy reasons, you should override that value (also note that the Date field could expose your timezone, if that's important to you).
Setting it to some fixed value would mean that anyone, who doesn't set that option, would all be the same user - not the point of the From field.
What about a random string per user, either readable (diceware style) or not? And I think the horse has bolted here - yEnc or some other program set a global default, and other programs perhaps mimicked that style. There are seemingly millions of posts by "yEncBin@Poster.com (yEncBin)".
https://nzbking.com/poster/yEncBin@Poster.com%20(yEncBin)/
Based on your opinions on ex. rarring uploads, I suspect your answer will be "but that's not what the standard is for".
Although Usenet has its roots in mail and personal communications, surely you'd agree that binary posting has branched out far from those roots. I can't imagine a single use case where a user will say "I wish the program would take my PC username as the default". But I can imagine use cases where a user would say "I wish the program wasn't so eager to expose my personal information to the whole world, retained till perhaps the end of time". It's dead simple to change from the default, so it just comes down to what's more useful/expected for most users.
This is the default behaviour for most mail applications I believe
To illustrate your point, do you have an example of an application that goes out to the whole world (not p2p like mail) that fills in username info without prompting?
Posting via a unique name doesn't seem like an alien concept in this day and age - I mean, you've posted that comment with a unique name (as far as Github is concerned), and I presume it doesn't contain sensitive info. I wouldn't be surprised if many would like their posts to be attached to some recognisable identity that isn't something like "7d97e98f8af710c7" or "Nyuu User". Pulling random English words makes more sense, but seems like way too much effort for a default value.
The premise of your concern seems to be rooted in the idea that the local username could contain sensitive information. I'm not sure that's necessarily a given, particularly for privacy conscious users. Even if it does contain something you'd rather not be public, it's unlikely that anyone could verify that the info is accurate, as anyone could've posted with that name.
Realistically though, Nyuu won't work without configuration. The default behaviour is documented, so anyone concerned should change it.
Keep in mind that the defaults are meant to be rather conservative as opposed to being useful - other than server settings, which must be configured for it to work, I think a bunch of the options should be changed (e.g. few would post with only 3 connections, or to alt.binaries.test). Although Nyuu has a lot of options, the ones a user would likely want to change is featured more prominently (in the config JSON and the simple help), so I would think it be unlikely someone would accidentally trigger the default without knowing.
Nevertheless, I am interested in helping prevent users make mistakes, so if it seems likely and you have a suggestion on how to more prominently warn users, I'm all ears.
Also, privacy conscious users would likely have many other things to keep in mind, other than masking their username, such as the use of a VPN, which Nyuu provides no default for, or even such functionality or warning. In a sense, it is expected that the end user is aware of this, and as such, Nyuu isn't exactly a beginner application, in a way. Perhaps if it was aiming to be an application which handholds users through the process the whole process, I'd agree more with you.
do you have an example of an application that goes out to the whole world (not p2p like mail) that fills in username info without prompting?
I'm not sure why you specifically exclude mail, since NNTP and SMTP are closely related, and hence, why I referenced it. But most modern platforms where information gets posted (forums, social media etc) will auto display the poster's username/information alongside authored content without prompting (and in fact, with no option of even opting out). This even includes torrent index sites and Usenet forums.
Places which allow anonymous (as opposed to pseudononymous) posting, like 4chan for example, seem to be more of a rarity these days.
With that in mind, perhaps an alternative default could be the login username supplied to the NNTP server, then the host name of the server. For multiple servers, it'd just pick the first one, and if no username was supplied (for some weird unauthenticated server), it'd use the local username.
I'm a little uncomfortable with using the NNTP server's host name though, as it could indicate someone from the Usenet service itself, so maybe sticking to the local host name may make more sense. What do you think of that?
By the way, thanks for bringing up the topic and advocating your perspective - I really like hearing these sorts of suggestions (since most people wouldn't even bother) and it brings up interesting conversation.
If I specify in my config.js that:
From: RollingStar <RollingStar@RollingStar.org>
Then info won't be pulled from my local environment for From?
My suggestion for all the defaults is to make harassment harder. On average, most people probably don't want to be contacted over their posts. (Again, this differs from the old days where Usenet was for having conversations and not posting binaries). So the default shouldn't hurt the one user in 100 who happens to name their account MyRealFullName. Just copy yEnc Powerpost and make the default Nyuu@github.com or something.
The problem with your theory is the concept of threat models. Someone could make a username for their OS in 2015 and not decide to post to usenet until 2021. They wouldn't be thinking that their username would be used for anything public. (Especially on Windows, this is rare.)
Posting via a unique name doesn't seem like an alien concept in this day and age - I mean, you've posted that comment with a unique name (as far as Github is concerned)
I view my personal computer as a tool, or a room in my house. I have no issues posting personal photos or documents to a wall in my house. In contrast, when I make a GitHub account, I know it is public - like the clothes I wear to shop for groceries. I might not put medical records on my clothing, even though I have no problem putting them on a desk in my room.
Someone could have a sensitive username and a malicious ISP or government could cross reference it with other data for harassment. For example, if any other app on your PC knows your username and hostname, the ISP or government can reasonably assume that the same username+hostname combo was used to post to usenet. This assumption won't work for common names or people being intentionally misleading, but it could lead to bad outcomes for little gain. The government can get more information about a poster through a court order (depending on the country), but there's no reason to make it easier for them. Court orders have to meet certain standards of evidence, and a simple username combination might not meet that threshold. Police in some countries have much greater leeway - they can stand outside your house without any proof that you're doing anything wrong. So a hunch that you're posting stuff to usenet that they don't like could lead to further harassment. For example, prosecution for jaywalking, failing to stop at a stop sign, or failing to shovel your walkway when it snows. Maybe it's paranoid, but I just don't see the benefit. I've never tracked down a user who posted to usenet (no positive outcome for a unique name), but there are documented cases around the world of governments tracking down people who have (negative outcomes).
Then info won't be pulled from my local environment for From?
Correct. More specifically, you'd have to delete the existing default for that to be set.
Just copy yEnc Powerpost and make the default Nyuu@github.com or something.
As mentioned earlier, I do not wish to use a fixed value as default (or something that's purely random) as it isn't representative of a user.
Someone could make a username for their OS in 2015 and not decide to post to usenet until 2021.
I mean, that's not too different from someone leaving the geo-location setting for their camera on, then forgetting to turn it off when they want to post a photo online.
As far as Nyuu is concerned, the option is prominently there, and you can't really use Nyuu without going through the options. If you don't think it's obvious enough, I'm happy to hear suggestions on how it can be made more obvious.
I view my personal computer as a tool, or a room in my house. I have no issues posting personal photos or documents to a wall in my house. In contrast, when I make a GitHub account, I know it is public
Microsoft is heavily pushing users to sign into Windows with Microsoft online accounts, so you might find the lines between "local account" and "online activity" is getting rather blurry these days.
Someone could have a sensitive username and a malicious ISP or government could cross reference it with other data for harassment
Your ISP likely already knows your name - they don't need to pluck it out of a Usenet posting.
If the government is your threat model, then I think usernames are the least of your concerns - if you're not using a completely isolated environment and being anal about every detail that is exposed, I'd think you'd be bound to lose.
I previously made the suggestion of using NNTP details as the default. I still haven't received a response to the idea.
https://github.com/animetosho/Nyuu/blob/master/config.js#L99
This feature seems ill-advised if I'm understanding it correctly. User / username, hostname, and perhaps localdomain could all expose user information for little gain. Ex. if my linux username is rollingstar, won't my posts have "rollingstar" in the poster field?
I think the default json config will override some/all of these values, but for opsec reasons there's no reason to have this in the program at all.
A more sensible default could be a generic Nyuu string.