True, and one thing I thought of after posting that is that if LE is looking at your computer and PGP program, they will probably find your PGP key. Matching the key ID will be much better evidence than the program version. Still, as I said, it's entirely avoidable. Publishing the version makes sense in the normal use case for PGP, which is distributed software development. Those people are not anonymous and have no reason to hide their PGP program. In that case, I understand the argument that posting the version can allow others to alert you if you are using vulnerable software. You have that benefit at no cost. In our case, the cost is a smaller anonymity set, sometimes down to a unique identifier. Think of it this way, most people would not dare to post their first name (even without the last name) publicly. Somehow that's a scary proposition, even though there are millions of Johns and Daniels in the world. But they have no problem posting a PGP version with no more than 1/1350 market share, which is like publicly posting that your first name is Kolten, Jensen or Yurem. http://babyfit.sparkpeople.com/baby_names_top1000.asp?page=2&gender=0 Not a good idea, in my opinion. I literally laughed out loud