[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Referers being sent from hidden service websites



>>> My suggestion is to install
>>> https://addons.mozilla.org/en-us/firefox/addon/smart-referer/ I
>>> believe it doesn't break anything major (it has a whitelist feature
>>> which is very short and includes disqus.com and github.com) and
>>> just adds another protection against tracking. This would be an
>>> easy and general solution for both hidden and clearnet websites.
>>
>> +1 for the quick and already-tested-elsewhere solution, if feasible.
>
> That's a cool add-on.
>
> I've used RefControl, by default forging referrers as root of sites
> being visited. It doesn't break many sites.
>
> Which is riskier, sending no referrer, or forging as RefControl does?
>
> A quick search suggests that no referrer is worse than a forged one.

Yes, it's better to forge the referer, smart referer does that by default.

-----

What do you people think about the idea to implement smart referer as
default for hidden services, but integrate the option to use it for all
websites (including clearnet) in the proposed security slider.

https://trac.torproject.org/projects/tor/ticket/9623#comment:5
https://trac.torproject.org/projects/tor/ticket/9387#comment:15


-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk