[tor-bugs] #3809 [TorBrowserButton]: Hide referer spoofing option

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Thu Aug 25 22:35:26 UTC 2011

#3809: Hide referer spoofing option
 Reporter:  mikeperry                   |          Owner:  mikeperry                    
     Type:  defect                      |         Status:  new                          
 Priority:  normal                      |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  TorBrowserButton            |        Version:                               
 Keywords:  MikePerryIteration20110828  |         Parent:                               
   Points:  3                           |   Actualpoints:                               
 Referer spoofing breaks browser navigation due to an interaction with our
 content policy. We could alter the content policy, but that would make the
 toggle model even less safe, because of Firefox API limitations. Basically
 the fix would increase the probability that some requests might leak
 through from one torbutton state to another.

 I am kind of torn. On the one hand, since we're don't really support the
 toggle model, it might be fine to make it (more) insecure. However, I
 don't really think the referrer blocking feature is very useful, and I am
 planning on removing it in the next major release.. So to break it for
 this reason seems kind of silly.

 Hence, let's hide the referer spoofing option, demoting it to an
 about:config pref only, to prevent people from breaking their TBBs with

 We will remove the pref entirely in a future release.

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3809>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list