[liberationtech] Anonymity / privacy considerations of HTTP 'referer' information
Natanael
natanael.l at gmail.com
Wed May 14 01:46:24 PDT 2014
You're not the first to consider the implications of referrer headers:
https://addons.mozilla.org/en-US/firefox/addon/refcontrol/
You might find that one useful.
- Sent from my phone
Den 14 maj 2014 08:07 skrev "Tomer Altman" <taltman1 at stanford.edu>:
> It occurred to me that the HTTP 'referer' header field leaks information
> about your browsing history.
>
> In the flurry of recommendations and tips on how to guard your privacy
> / stay anonymous online that I have seen over the past year (such as
> the BestVPN.com list), I don't recall seeing the HTTP 'referer' header
> mentioned. But I could just not have been paying attention to the
> correct channels.
>
> I figured that if any project would be sensitive to this kind of leak,
> it would be the TOR project. So, using the latest version of the TOR
> Browser, I created a hyperlink to the following URL on a test web page
> of mine:
>
> http://www.whatismyreferer.com/
>
> Sure enough, clicking on the test link on my personal webpage took
> that URL, and the webpage dutifully reported the HTTP 'referer' header
> information. It was not blocked nor obscured.
>
> The problem is that people might visit websites that fully or
> partially identify them, and then follow links to sites that will then
> track/log the HTTP 'referer' information.
>
> It's not clear to me how much damage could be caused by this kind of
> information leak, but I thought I would ask the experts on this list
> as to whether this is a legitimate concern or not.
>
> Thanks,
>
> ~Tomer
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140514/6e55e575/attachment.html>
More information about the liberationtech
mailing list