[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Referers being sent from hidden service websites



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

BM-2D8jTRi23DYth7WhMALDHSVhdFWP91ZcqA@xxxxxxxxxxxxx:
> I also opened a ticket:
> https://trac.torproject.org/projects/tor/ticket/9623
> 
> Currently, when browsing on a hidden service website, when you
> click on a clearnet/hidden service link it sends the current
> address as referer.
> 
> This is not only an issue about users being tracked.
> 
> It's also bad for owners of hidden services as the addresses are
> getting discovered. Maybe the user was on a private website which
> nobody should learn, or at least on a private webpage on a public
> website.

Ouch. Yes, this definitely needs attention.

> My suggestion is to install 
> https://addons.mozilla.org/en-us/firefox/addon/smart-referer/ I
> believe it doesn't break anything major (it has a whitelist feature
> which is very short and includes disqus.com and github.com) and
> just adds another protection against tracking. This would be an
> easy and general solution for both hidden and clearnet websites.

+1 for the quick and already-tested-elsewhere solution, if feasible.

Best,
- -Gordon M.

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJSIUvIAAoJED/jpRoe7/ujraYIAJOowcUQFSZPZUyPqaYWNt9V
EQx6K34jAJyfRXAwUjRFKHWIKgeuoYAoqFwJvwsAwyPHrZk8t61/PBgmJX3CUagM
k4wupgTS/moSBdQ6eLznY1gwLH4XS7XleFSLdtiUY9YsSAVzNWkV4LWiAdm7P9gv
YxtO/4ct13L4fUA3zw2EGNxpElAcqfMNYwl/4Ez6vBliF0GGA+tevwY9DvcebQ2D
jDTWShxhcIr92n9uAuXZ7pxO8W3IkJxZcgqM00m8XJHGFmM8rwjlzeRUTN3bK1M8
ykCO3DDg4ScQAh5gRl8yT2gkZlkoTMrKYoyya+letbgdVRxJR8lWebBY/gJvETE=
=ELZa
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk