[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2148 [Torbutton]: 1.3.x: RefSpoofer fails on 5 test cases out of 12.

#2148: 1.3.x: RefSpoofer fails on 5 test cases out of 12.
-------------------------------------------------------------------+--------
 Reporter:  T(A)ILS developers                                     |          Owner:  mikeperry     
     Type:  defect                                                 |         Status:  assigned      
 Priority:  blocker                                                |      Milestone:  Torbutton: 1.3
Component:  Torbutton                                              |        Version:  Torbutton: 1.3
 Keywords:  TorbuttonIteration20110305 MikePerryIteration20110305  |         Parent:                
   Points:  6                                                      |   Actualpoints:                
-------------------------------------------------------------------+--------

Comment(by T(A)ILS developers):

 1. About subdomains :

 Ok, first we could recall why in the first place we're spoofing the
 referrer. For me we're spoofing to hide to the admins of site foo.tld (on
 the Apache or the CMS) that I was coming from site bar.tld to visit them,
 right? Hiding that from people sniffing my traffic while going from a
 private HTTPS site to a public HTTP site would is important too.

 So why trying to do smartspoof across subdomains we should first ask
 ourselves: can we expect the admins of some.thing.tld to be the same as
 the admins of some.thing.else.tld and if the answer is  no  then spoof
 it.

 Since I fear there are no simple answer to this question we should base
 our reasoning on what's being done on the Internet, plus take some extra
 precautions.

 And I think it is wrong to assume that the admins of one.domain.tld are
 the same as the admins of two.domain.tld. Because, as I said before :
   - those two sites can be hosted on a different machine, through DNS,
   - even if hosted on the same machine, the admin of the CMS or the people
 able to view the stats of the site usually differ.

 So I'm against sending any referrer while moving between subdomains.

 I'm ok to keep that reasoning for the case www.domain.tld / domain.tld but
 we can usually assume they are administered by the same entity. But that
 might not always be the case so we could also say we don't same the
 referrer. I would be fine with that.

 2. About  Not sending the referrer  :

 I really thing  Not sending the referrer  should mean  we're not
 sending a referrer  (like in the example of case B3 in my last comment)
 and not  we're sending a fake referrer  (like in the example of case B2
 in my last comment). The referrer should just not be sent, the browser
 should behave like if we entered the URL by hand in the location bar or
 clicked on the link from another app.

 So I'm not in favor of sending the  the origin domain of the
 *destination* URL Â because I don't see the point. Even though I don't see
 major differences in the privacy implications of both options.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2148#comment:16>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs