[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3429 [TorBrowserButton]: Referer blocking option breaks browser navigation



#3429: Referer blocking option breaks browser navigation
------------------------------+---------------------------------------------
 Reporter:  Anna              |          Owner:  mikeperry
     Type:  defect            |         Status:  new      
 Priority:  major             |      Milestone:           
Component:  TorBrowserButton  |        Version:           
 Keywords:                    |         Parent:           
   Points:  2                 |   Actualpoints:           
------------------------------+---------------------------------------------

Comment(by mikeperry):

 joyton: This is not a high priority for us because we believe a determined
 adversary still has the information channels available to transmit referer
 information in other ways. For example, are you aware that the Google+ +1
 buttons already subvert your referer spoofing by transmitting the url in
 the request parameters? They do this so that they can still display the
 count for people who block referers... Since this is impossible to prevent
 in a real sense (imagine encrypted url parameters), our plan is to simply
 prevent them from tracking you between sites.

 I linked you the Tor Blog post that explains this reasoning as part of one
 of it's points in the NoScript bug (for others:
 https://blog.torproject.org/blog/improving-private-browsing-modes-do-not-
 track-vs-real-privacy-design), but we also discussed this particular issue
 on tor-dev in this thread: https://lists.torproject.org/pipermail/tor-
 dev/2011-June/002801.html.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3429#comment:17>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs