[tbb-bugs] #17228 [Applications/Tor Browser]: Consideration for disabling referrers within TBB

Tor Bug Tracker & Wiki blackhole at torproject.org
Sat Feb 10 22:47:01 UTC 2018

#17228: Consideration for disabling referrers within TBB
 Reporter:  cypherpunks               |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  High                      |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:

Comment (by cypherpunks):

 @ gk

 cane recommends setting network.http.referer.XOriginPolicy=2. Why don't
 you agree on his recommendation? The current state means that Tor/Tails
 users are easily identified as such simply by the referer (e.g. by coming
 from the Tails startpage). I know Tor users can also be identified as such
 by looking up the IP addresses of the exit nodes. But storing and
 analyzing referers should be more common for website operators than cross-
 referencing website visitors' IP addresses with the publicy known Tor exit
 nodes addresses. There should be no obvious flag like 'Hey! I'm just
 arriving on your website, coming from Tails' startpage! I'm a Tor/Tails
 user! Now you know, without any sophisticated effort!'.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17228#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tbb-bugs mailing list