Users should be able to disable this feature. I overhreard in a dark alley way: "User [redacted] uses buggy client [redacted]? Great. Now I can focus my attack on that client's bugs."
Discussion
What should be configurable is really up to the app developer. Some apps are all about configuration, others pick settings and design for them.
Sure, that's fine. I'm just offering my opinion, not something I think should be part of the protocol.
I mean, it’s optional text that can be included in an event. I agree we shouldn’t put a nip in which says it’s required. I think this should be a clients MAY add “client”: “app name” to events. There’s no nip for it right now, which might be why some clients dropped it. But that’s easy enough to fix.
Yeah, the privacy implications are significant.
Such a targeted attack is meant to be possible through client fingerprinting, I don’t think making the client explicit (and yes, obviously configurable!) is too problematic