Increase software and version privacy #165

Closed
opened 2026-07-09 16:25:13 +00:00 by jabber.developer · 1 comment

Currently the software in many ways advertises Profanity as a default resource or default client id. In addition, it shows build hash, which constitutes version disclosure, and might be categorized as CWE-200. This disclosure might lead to targeted attacks with known vulnerabilities in previous versions. It simplifies target recon and violates privacy of our users.

As a proposed solution, we might spoof client id with one popular client which can be easier to emulate.

Currently the software in many ways advertises `Profanity` as a default resource or default client id. In addition, it shows build hash, which constitutes version disclosure, and might be categorized as CWE-200. This disclosure might lead to targeted attacks with known vulnerabilities in previous versions. It simplifies target recon and violates privacy of our users. As a proposed solution, we might spoof client id with one popular client which can be easier to emulate.
jabber.developer added this to the Plans (2025-2026) project 2026-07-09 16:35:55 +00:00
jabber.developer self-assigned this 2026-07-09 16:36:23 +00:00
Author
Owner

Resolved by #166

Resolved by #166
jabber.developer moved this to Done in Plans (2025-2026) on 2026-07-10 10:39:50 +00:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: devs/cproof#165
No description provided.