Quoth Tomer Altman: > It occurred to me that the HTTP 'referer' header field leaks information > about your browsing history.
Privoxy also can hide the referrer header (I can't remember if it does by default). > I figured that if any project would be sensitive to this kind of leak, > it would be the TOR project. So, using the latest version of the TOR > Browser, I created a hyperlink to the following URL on a test web page > of mine: > > http://www.whatismyreferer.com/ > > Sure enough, clicking on the test link on my personal webpage took > that URL, and the webpage dutifully reported the HTTP 'referer' header > information. It was not blocked nor obscured. That's interesting, and surprising. Perhaps you should file a bug to Tor project. It may be by design (probably there are a few sites out there that break without the referer, but very few; I've had it disabled for years and not noticed much at all), but maybe they just haven't considered it yet. > The problem is that people might visit websites that fully or > partially identify them, and then follow links to sites that will then > track/log the HTTP 'referer' information. Yeah, sounds like a reasonable concern to me. Nick -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
