Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Anonymity / privacy considerations of HTTP 'referer' information

Nick nick at njw.me.uk
Wed May 14 07:03:47 PDT 2014


Quoth Tomer Altman:
> It occurred to me that the HTTP 'referer' header field leaks information
> about your browsing history.

Privoxy also can hide the referrer header (I can't remember if it 
does by default).

> I figured that if any project would be sensitive to this kind of leak,
> it would be the TOR project. So, using the latest version of the TOR
> Browser, I created a hyperlink to the following URL on a test web page
> of mine:
> 
> http://www.whatismyreferer.com/
> 
> Sure enough, clicking on the test link on my personal webpage took
> that URL, and the webpage dutifully reported the HTTP 'referer' header
> information. It was not blocked nor obscured.

That's interesting, and surprising. Perhaps you should file a bug to 
Tor project. It may be by design (probably there are a few sites out 
there that break without the referer, but very few; I've had it 
disabled for years and not noticed much at all), but maybe they just 
haven't considered it yet.

> The problem is that people might visit websites that fully or
> partially identify them, and then follow links to sites that will then
> track/log the HTTP 'referer' information. 

Yeah, sounds like a reasonable concern to me.

Nick



More information about the liberationtech mailing list