[tor-bugs] #32948 [Applications/Tor Browser]: Make referer behavior consistent regardless of private browing mode status

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Jan 14 14:53:40 UTC 2020 

#32948: Make referer behavior consistent regardless of private browing mode status
-------------------------------------+-------------------------------------
 Reporter:  cypherpunks              |          Owner:  tbb-team
     Type:  enhancement              |         Status:  new
 Priority:  Medium                   |      Component:  Applications/Tor
                                     |  Browser
  Version:                           |       Severity:  Normal
 Keywords:  referer, referrer,       |  Actual Points:
  private browsing, pbm              |
Parent ID:                           |         Points:
 Reviewer:                           |        Sponsor:
-------------------------------------+-------------------------------------
 Tor Browser's default [https://developer.mozilla.org/en-
 US/docs/Web/HTTP/Headers/Referrer-Policy referrer policy] when in private
 browsing mode is ''strict-origin-when-cross-origin'', but when private
 browsing mode is turned off its referrer policy is ''no-referrer-when-
 downgrade''. This is governed by the
 `network.http.referer.defaultPolicy.pbmode` and
 `network.http.referer.defaultPolicy` preferences, documented
 [https://wiki.mozilla.org/Security/Referrer here].

 This means that by default Tor Browser strips the path component from the
 referer header when making cross-origin requests. But if private browsing
 mode is turned off, it sends the complete URL instead.

 __Example__
 User navigates to `https://example.org/page.html` and the browser makes a
 request for an embedded image located at
 `https://static.cdn.com/image.gif`

 PBM = on, Referer = !https://example.org/
 PBM = off, Referer = !https://example.org/page.html

 This is undesirable because it makes it easy to passively detect TB users
 who have turned PBM off with nothing more than standard web server logs.

 And although it is advised against, it is apparent from comments and
 discussions online that a number of users with relaxed security
 requirements turn off private browsing mode to take advantage of features
 such as the browser password manager and URL bar history suggestions.

 For this reason, I think it would be good to remove this inonsistency.
 This can be accomplished by changing the default value of
 `network.http.referer.defaultPolicy` to 2 so that it matches that of its
 PBM counterpart (`network.http.referer.defaultPolicy.pbmode`). This would
 be in the interest of all TB users, not just those who turn off private
 browsing mode, because it increases uniformity.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32948>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list