* Modifications to protect the privacy of users:

	+ Alpine does not generate Sender or X-X-Sender by default
          by making  [X] Do Not Generate Sender Header the default.
	+ Alpine does not disclose User Agent by default by making
          [X]  Suppress User Agent When Sending the default.
	+ Alpine uses the domain in the From: header of a message
          to generate a message-id and suppresses all information
          about Alpine, version, revision, and time of generation
          of the message-id from this header. This information is
          replaced by a random string.

3 files changed, 34 insertions, 54 deletions

diff --git a/pith/conf.c b/pith/conf.c
index 1835c404..8b977ae2 100644
--- a/pith/conf.c
+++ b/pith/conf.c
@@ -2909,7 +2909,7 @@ feature_list(int index)
 
 /* Sending Prefs */
 	{"disable-sender", "Do Not Generate Sender Header",
-	 F_DISABLE_SENDER, h_config_disable_sender, PREF_SEND, 0},
+	 F_DISABLE_SENDER, h_config_disable_sender, PREF_SEND, 1},
 	{"use-sender-not-x-sender", "Use Sender Instead of X-X-Sender",
 	 F_USE_SENDER_NOT_X, h_config_use_sender_not_x, PREF_SEND, 0},
 	{"quell-flowed-text", "Do Not Send Flowed Text",
@@ -3281,7 +3281,7 @@ feature_list(int index)
 	{"quell-timezone-comment-when-sending", "Suppress Timezone Comment When Sending",
 	 F_QUELL_TIMEZONE, h_config_quell_tz_comment, PREF_MISC, 0},
 	{"suppress-user-agent-when-sending", NULL,
-	 F_QUELL_USERAGENT, h_config_suppress_user_agent, PREF_MISC, 0},
+	 F_QUELL_USERAGENT, h_config_suppress_user_agent, PREF_MISC, 1},
 	{"tab-checks-recent", "Tab Checks for Recent Messages",
 	 F_TAB_CHK_RECENT, h_config_tab_checks_recent, PREF_MISC, 0},
 	{"termdef-takes-precedence", NULL,
diff --git a/pith/pine.hlp b/pith/pine.hlp
index 92f2d9a3..b549bc91 100644
--- a/pith/pine.hlp
+++ b/pith/pine.hlp
@@ -194,19 +194,34 @@ problems you find with this release.
 <LI> Expansion of the configuration screen for XOAUTH2 to include
      username, and tenant.
 
+<LI> If a user has more than one client-id for a service, Alpine tries to
+     asks the user which client-id to use and associates that client-id to
+     the credentials in the XOAUTH2 configuration screen.
+     <A HREF="h_xoauth2_config_screen">Learn more</A>.
+
 <LI> Addition of a link to the Apache License 2.0 (see above). This is 
      available from the Release Notes as well as the welcome screen.
 
+<LI> Modifications to protect the privacy of users:
+<UL>
+<LI> Alpine does not generate Sender or X-X-Sender by default
+     by enabling  <a href="h_config_disable_sender"><!--#echo var="FEAT_disable-sender"--></a>
+     as the default.
+<LI> Alpine does not disclose User Agent by default by enabling
+     <A HREF="h_config_suppress_user_agent"><!--#echo var="FEAT_suppress-user-agent-when-sending"--></A>
+     by default.
+<LI> Alpine uses the domain in the From: header of a message
+     to generate a message-id and suppresses all information
+     about Alpine, version, revision, and time of generation
+     of the message-id from this header. This information is
+     replaced by a random string.
+</UL>
+
 <LI> Alpine will ding the terminal bell when asking  about quitting
      when new mail arrives. This is consistent with Alpine dinging the
      bell when new mail arrives. The bell will not ding if it is disabled
      for status messages. Suggested by Chime Hart.
 
-<LI> If a user has more than one client-id for a service, Alpine tries to
-     asks the user which client-id to use and associates that client-id to
-     the credentials in the XOAUTH2 configuration screen.
-     <A HREF="h_xoauth2_config_screen">Learn more</A>.
-
 <LI> When messages are selected, pressing the &quot;;&quot; command to broaden or narrow
      a search, now offers the possibility to completely replace the search, and
      is almost equivalent to being a shortcut to &quot;unselect all messages, and select
diff --git a/pith/reply.c b/pith/reply.c
index ab4e97c2..702832a0 100644
--- a/pith/reply.c
+++ b/pith/reply.c
@@ -3346,58 +3346,23 @@ second and a single unique character
 char *
 generate_message_id(void)
 {
-    static short osec = 0, cnt = 0;
-    char         idbuf[128], revisionbuf[128];
     char        *id;
-    time_t       now;
-    struct tm   *now_x;
-    char	*revision = NULL;
-    char        *hostpart = NULL;
-    char	*alpine_name = NULL;
-    char	*alpine_version = NULL;
-    char	*system_os = NULL;
-
-    now   = time((time_t *)0);
-    now_x = localtime(&now);
-
-    if(now_x->tm_sec == osec)
-      cnt++;
-    else{
-	cnt = 0;
-	osec = now_x->tm_sec;
-    }
+    char	*leftpart;
+    char        *hostpart;
 
-    get_alpine_revision_number(revisionbuf, sizeof(revisionbuf));
     if(F_ON(F_ROT13_MESSAGE_ID, ps_global)){
-       hostpart       = rot13(ps_global->hostname);
-       alpine_name    = rot13("alpine");
-       alpine_version = rot5n(ALPINE_VERSION);
-       system_os      = rot13(SYSTYPE);
-       revision	      = rot5n(revisionbuf);
+       hostpart  = rot13(ps_global->hostname);
+       leftpart  = rot13(oauth2_generate_state());
     } else {
-       hostpart	      = cpystr(ps_global->hostname);
-       alpine_name    = cpystr("alpine");
-       alpine_version = cpystr(ALPINE_VERSION);
-       system_os      = cpystr(SYSTYPE);
-       revision	      = cpystr(revisionbuf);
+       hostpart	 = cpystr(ps_global->hostname);
+       leftpart  = oauth2_generate_state();
     }
-    
-    if(!hostpart)
-      hostpart = cpystr("huh");
-
-    snprintf(idbuf, sizeof(idbuf), "<%.6s.%.4s.%.20s.%.10s.%02d%02d%02d%02d%02d%02d%X.%d@%.50s>",
-	    alpine_name, system_os, alpine_version, revision,(now_x->tm_year) % 100, now_x->tm_mon + 1,
-	    now_x->tm_mday, now_x->tm_hour, now_x->tm_min, now_x->tm_sec, 
-	    cnt, getpid(), hostpart);
-    idbuf[sizeof(idbuf)-1] = '\0';
-
-    id = cpystr(idbuf);
-
-    if(hostpart) fs_give((void **) &hostpart);
-    if(alpine_name) fs_give((void **) & alpine_name);
-    if(alpine_version) fs_give((void **)&alpine_version);
-    if(system_os) fs_give((void **)&system_os);
-    if(revision) fs_give((void **)&revision);
+
+    id = fs_get(strlen(leftpart) + strlen(hostpart) + 4);
+    sprintf(id, "<%s@%s>", leftpart, hostpart);
+
+    fs_give((void **) &hostpart);
+    fs_give((void **) &leftpart);
 
     return(id);
 }