Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Anonymity / privacy considerations of HTTP 'referer' information

Tomer Altman taltman1 at
Wed May 14 12:58:54 PDT 2014

Thanks for your feedback Nick. I have dropped the TOR folks a line here:

And, as Natanael pointed out, there are Firefox extensions to stop this particular information leak. I'm using this one:



----- Original Message -----
From: "Nick" <nick at>
To: "liberationtech" <liberationtech at>
Sent: Wednesday, May 14, 2014 7:03:47 AM
Subject: Re: [liberationtech] Anonymity / privacy considerations of HTTP 'referer' information

Quoth Tomer Altman:
> It occurred to me that the HTTP 'referer' header field leaks information
> about your browsing history.

Privoxy also can hide the referrer header (I can't remember if it 
does by default).

> I figured that if any project would be sensitive to this kind of leak,
> it would be the TOR project. So, using the latest version of the TOR
> Browser, I created a hyperlink to the following URL on a test web page
> of mine:
> Sure enough, clicking on the test link on my personal webpage took
> that URL, and the webpage dutifully reported the HTTP 'referer' header
> information. It was not blocked nor obscured.

That's interesting, and surprising. Perhaps you should file a bug to 
Tor project. It may be by design (probably there are a few sites out 
there that break without the referer, but very few; I've had it 
disabled for years and not noticed much at all), but maybe they just 
haven't considered it yet.

> The problem is that people might visit websites that fully or
> partially identify them, and then follow links to sites that will then
> track/log the HTTP 'referer' information. 

Yeah, sounds like a reasonable concern to me.

Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: Unsubscribe, change to digest, or change password by emailing moderator at companys at

More information about the liberationtech mailing list