Opened 4 years ago

Closed 4 years ago

#16919 closed defect (not a bug)

Why is HTTP_REFERER enabled?

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I understand TBB aims to make everyone alike but HTTP_REFERER leaks all URLs you clicked from which is easy to track and correlate. Why is it disabled instead?

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by cypherpunks

typos: Why not disable it instead?

comment:2 Changed 4 years ago by someone_else

While disabling HTTP_REFERER may be impractical due to some sites breaking, it would make sense to block it for links opened in new tabs. Most users likely expect that they won't be tracked to a new tab given the circuit isolation TBB has now.

Proposed patch for tor-browser to disable referer passing for links opened in new tabs:

--- a/browser/base/content/utilityOverlay.js
+++ b/browser/base/content/utilityOverlay.js
@@ -358,7 +358,7 @@ function openLinkIn(url, where, params) {
   case "tab":
     w.gBrowser.loadOneTab(url, {
       referrerURI: aReferrerURI,
-      referrerPolicy: aReferrerPolicy,
+      referrerPolicy: Components.interfaces.nsIHttpChannel.REFERRER_POLICY_NO_REFERRER,
       charset: aCharset,
       postData: aPostData,
       inBackground: loadInBackground,

comment:3 Changed 4 years ago by gk

Resolution: not a bug
Status: newclosed

https://www.torproject.org/projects/torbrowser/design/ section 1. The Referer Header in the Deprecation Whitelist has the reasoning.

Note: See TracTickets for help on using tickets.