[tbb-bugs] #17228 [Applications/Tor Browser]: Consideration for disabling referrers within TBB
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Feb 10 22:47:01 UTC 2018
#17228: Consideration for disabling referrers within TBB
--------------------------------------+--------------------------
Reporter: cypherpunks | Owner: tbb-team
Type: defect | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by cypherpunks):
@ gk
cane recommends setting network.http.referer.XOriginPolicy=2. Why don't
you agree on his recommendation? The current state means that Tor/Tails
users are easily identified as such simply by the referer (e.g. by coming
from the Tails startpage). I know Tor users can also be identified as such
by looking up the IP addresses of the exit nodes. But storing and
analyzing referers should be more common for website operators than cross-
referencing website visitors' IP addresses with the publicy known Tor exit
nodes addresses. There should be no obvious flag like 'Hey! I'm just
arriving on your website, coming from Tails' startpage! I'm a Tor/Tails
user! Now you know, without any sophisticated effort!'.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17228#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list