[tor-bugs] #9623 [TorBrowserButton]: Referers being sent from hidden service websites
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Aug 29 17:47:26 UTC 2013
#9623: Referers being sent from hidden service websites
------------------------------+---------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: new
Priority: major | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Actual Points:
Parent ID: | Points:
------------------------------+---------------------------
Currently, when browsing on a hidden service website, when you click on a
clearnet/hidden service link it sends the current address as referer.
I think Tor Browser should behave for websites on .onion addresses the
same as https:// websites on clearnet in certain cases.
Normally, when you click on a http link from a https website, it doesn't
send any referer.
Tor Browser should at least use this same behavior of https for http
hidden services (both are encrypted right?). No referers should be sent to
clearnet or to other hidden services, this is unacceptable. I believe it
shouldn't send referers for https links as well, so send nothing at all.
Other than a partial solution, I still believe using the
[https://addons.mozilla.org/en-us/firefox/addon/smart-referer/ smart
referer] is a better solution overall.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9623>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list