Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Anonymity / privacy considerations of HTTP 'referer' information

Tomer Altman taltman1 at stanford.edu
Tue May 13 23:06:52 PDT 2014


It occurred to me that the HTTP 'referer' header field leaks information
about your browsing history.

In the flurry of recommendations and tips on how to guard your privacy
/ stay anonymous online that I have seen over the past year (such as
the BestVPN.com list), I don't recall seeing the HTTP 'referer' header
mentioned. But I could just not have been paying attention to the
correct channels.

I figured that if any project would be sensitive to this kind of leak,
it would be the TOR project. So, using the latest version of the TOR
Browser, I created a hyperlink to the following URL on a test web page
of mine:

http://www.whatismyreferer.com/

Sure enough, clicking on the test link on my personal webpage took
that URL, and the webpage dutifully reported the HTTP 'referer' header
information. It was not blocked nor obscured.

The problem is that people might visit websites that fully or
partially identify them, and then follow links to sites that will then
track/log the HTTP 'referer' information. 

It's not clear to me how much damage could be caused by this kind of
information leak, but I thought I would ask the experts on this list
as to whether this is a legitimate concern or not.

Thanks,

~Tomer



More information about the liberationtech mailing list