#25484: document.referrer leaks hidden service to clearnet service.
     Reporter:  kkm                   |      Owner:  (none)
         Type:  defect                |     Status:  new
     Priority:  Medium                |  Milestone:
    Component:  - Select a component  |    Version:
     Severity:  Normal                |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |   Reviewer:
      Sponsor:                        |
 Onion services might implement third-parties via clearnet like
 `https://www.nytimes3xbfgragh.onion/` loads

 Most of the times, these third-party scripts collects referrer via
 `document.referrer`. In these cases `document.referrer` gives access to
 the onion url, which is then sent to these third-parties.

 Although, Tor does prevent sending referrer to clearnet sites on
 click(https://trac.torproject.org/projects/tor/ticket/9623), but in cases
 explained above, this does not hold true.

 Also, because these third-parties also sends the current URL home, even in
 that case onion service URL is sent.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25484>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
tor-bugs mailing list

Reply via email to