Search Mailing List Archives
[liberationtech] Anonymity / privacy considerations of HTTP 'referer' information
taltman1 at stanford.edu
Tue May 13 23:06:52 PDT 2014
It occurred to me that the HTTP 'referer' header field leaks information
about your browsing history.
In the flurry of recommendations and tips on how to guard your privacy
/ stay anonymous online that I have seen over the past year (such as
the BestVPN.com list), I don't recall seeing the HTTP 'referer' header
mentioned. But I could just not have been paying attention to the
I figured that if any project would be sensitive to this kind of leak,
it would be the TOR project. So, using the latest version of the TOR
Browser, I created a hyperlink to the following URL on a test web page
Sure enough, clicking on the test link on my personal webpage took
that URL, and the webpage dutifully reported the HTTP 'referer' header
information. It was not blocked nor obscured.
The problem is that people might visit websites that fully or
partially identify them, and then follow links to sites that will then
track/log the HTTP 'referer' information.
It's not clear to me how much damage could be caused by this kind of
information leak, but I thought I would ask the experts on this list
as to whether this is a legitimate concern or not.
More information about the liberationtech