[tor-bugs] #4783 [Tor Browser]: Set Referrer to loaded website

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Wed Feb 29 19:09:43 UTC 2012


#4783: Set Referrer to loaded website
-------------------------------+--------------------------------------------
    Reporter:  ancientmariner  |       Owner:  mikeperry
        Type:  defect          |      Status:  closed   
    Priority:  normal          |   Milestone:           
   Component:  Tor Browser     |     Version:           
  Resolution:  wontfix         |    Keywords:           
      Parent:                  |      Points:           
Actualpoints:                  |  
-------------------------------+--------------------------------------------
Changes (by mikeperry):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 Proper referer spoofing is harder than it seems. The policy you suggest
 does break actual sites (iirc the washington post was among them).

 We tried a more nuanced policy (see #2148 for its evolution), but at the
 end of the day, we were devoting so much effort to maintaining this policy
 we decided to abandon it, because referer spoofing does not stop bad
 actors in the first place. Consider for example that Google+ encodes the
 referer in the GET parameters of +1 buttons. Ad networks also do this,
 too.

 See also the middle chunk of https://lists.torproject.org/pipermail/tor-
 dev/2011-June/002806.html and
 http://archives.seul.org/or/dev/Jul-2011/msg00019.html for more
 discussion.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4783#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list