[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4783 [Tor Browser]: Set Referrer to loaded website

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4783 [Tor Browser]: Set Referrer to loaded website
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Wed, 29 Feb 2012 19:09:43 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 29 Feb 2012 14:09:56 -0500
In-reply-to: <054.6a72c2eac259aed7302248fe861325f6@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <054.6a72c2eac259aed7302248fe861325f6@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4783: Set Referrer to loaded website
-------------------------------+--------------------------------------------
    Reporter:  ancientmariner  |       Owner:  mikeperry
        Type:  defect          |      Status:  closed   
    Priority:  normal          |   Milestone:           
   Component:  Tor Browser     |     Version:           
  Resolution:  wontfix         |    Keywords:           
      Parent:                  |      Points:           
Actualpoints:                  |  
-------------------------------+--------------------------------------------
Changes (by mikeperry):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 Proper referer spoofing is harder than it seems. The policy you suggest
 does break actual sites (iirc the washington post was among them).

 We tried a more nuanced policy (see #2148 for its evolution), but at the
 end of the day, we were devoting so much effort to maintaining this policy
 we decided to abandon it, because referer spoofing does not stop bad
 actors in the first place. Consider for example that Google+ encodes the
 referer in the GET parameters of +1 buttons. Ad networks also do this,
 too.

 See also the middle chunk of https://lists.torproject.org/pipermail/tor-
 dev/2011-June/002806.html and
 http://archives.seul.org/or/dev/Jul-2011/msg00019.html for more
 discussion.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4783#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #4782 [Tor Browser]: Firefox gives confusing error message when TBB is run from a directory which it cannot write to
Next by Author: Re: [tor-bugs] #5189 [Company]: Host torstatus (atlas?) instance on the tor site
Previous by thread: Re: [tor-bugs] #4936 [Vidalia]: "Vidalia was unable to authenticate to the Tor software. (Control socket is not connected.)"
Next by thread: Re: [tor-bugs] #4797 [Tor Browser]: Find some font snobs to test font-limiting patches (was: Find some font snobs to test font-limiting patch)
Index(es):
- Author
- Thread