It occurred to me that the HTTP 'referer' header field leaks information about your browsing history.
In the flurry of recommendations and tips on how to guard your privacy / stay anonymous online that I have seen over the past year (such as the BestVPN.com list), I don't recall seeing the HTTP 'referer' header mentioned. But I could just not have been paying attention to the correct channels. I figured that if any project would be sensitive to this kind of leak, it would be the TOR project. So, using the latest version of the TOR Browser, I created a hyperlink to the following URL on a test web page of mine: http://www.whatismyreferer.com/ Sure enough, clicking on the test link on my personal webpage took that URL, and the webpage dutifully reported the HTTP 'referer' header information. It was not blocked nor obscured. The problem is that people might visit websites that fully or partially identify them, and then follow links to sites that will then track/log the HTTP 'referer' information. It's not clear to me how much damage could be caused by this kind of information leak, but I thought I would ask the experts on this list as to whether this is a legitimate concern or not. Thanks, ~Tomer -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
