[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Referers being sent from hidden service websites
I also opened a ticket: https://trac.torproject.org/projects/tor/ticket/9623
Currently, when browsing on a hidden service website, when you click on a
clearnet/hidden service link it sends the current address as referer.
This is not only an issue about users being tracked.
It's also bad for owners of hidden services as the addresses are getting
discovered. Maybe the user was on a private website which nobody should
learn, or at least on a private webpage on a public website.
Or maybe the referer could include login credentials, or other dangerous
information.
The current behavior doesn't really fit well with the "hidden service" idea.
My suggestion is to install
https://addons.mozilla.org/en-us/firefox/addon/smart-referer/ I believe it
doesn't break anything major (it has a whitelist feature which is very
short and includes disqus.com and github.com) and just adds another
protection against tracking. This would be an easy and general solution
for both hidden and clearnet websites.
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk