[tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sun Feb 27 08:35:49 UTC 2011
#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
Reporter: T(A)ILS developers | Owner: mikeperry
Type: defect | Status: assigned
Priority: blocker | Milestone: Torbutton: 1.3
Component: Torbutton | Version: Torbutton: 1.3
Keywords: TorbuttonIteration20110305 MikePerryIteration20110305 | Parent:
Points: 6 | Actualpoints:
-------------------------------------------------------------------+--------
Comment(by T(A)ILS developers):
1. About subdomains :
Ok, first we could recall why in the first place we're spoofing the
referrer. For me we're spoofing to hide to the admins of site foo.tld (on
the Apache or the CMS) that I was coming from site bar.tld to visit them,
right? Hiding that from people sniffing my traffic while going from a
private HTTPS site to a public HTTP site would is important too.
So why trying to do smartspoof across subdomains we should first ask
ourselves: can we expect the admins of some.thing.tld to be the same as
the admins of some.thing.else.tld and if the answer is « no » then spoof
it.
Since I fear there are no simple answer to this question we should base
our reasoning on what's being done on the Internet, plus take some extra
precautions.
And I think it is wrong to assume that the admins of one.domain.tld are
the same as the admins of two.domain.tld. Because, as I said before :
- those two sites can be hosted on a different machine, through DNS,
- even if hosted on the same machine, the admin of the CMS or the people
able to view the stats of the site usually differ.
So I'm against sending any referrer while moving between subdomains.
I'm ok to keep that reasoning for the case www.domain.tld / domain.tld but
we can usually assume they are administered by the same entity. But that
might not always be the case so we could also say we don't same the
referrer. I would be fine with that.
2. About « Not sending the referrer » :
I really thing « Not sending the referrer » should mean « we're not
sending a referrer » (like in the example of case B3 in my last comment)
and not « we're sending a fake referrer » (like in the example of case B2
in my last comment). The referrer should just not be sent, the browser
should behave like if we entered the URL by hand in the location bar or
clicked on the link from another app.
So I'm not in favor of sending the « the origin domain of the
*destination* URL » because I don't see the point. Even though I don't see
major differences in the privacy implications of both options.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list