Opened 5 months ago

Closed 4 months ago

#32948 closed enhancement (fixed)

Make referer behavior consistent regardless of private browing mode status

Reported by: cypherpunks Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-fingerprinting, TorBrowserTeam202001R
Cc: Actual Points: .1
Parent ID: Points:
Reviewer: acat Sponsor:

Description

Tor Browser's default referrer policy when in private browsing mode is strict-origin-when-cross-origin, but when private browsing mode is turned off its referrer policy is no-referrer-when-downgrade. This is governed by the network.http.referer.defaultPolicy.pbmode and network.http.referer.defaultPolicy preferences, documented here.

This means that by default Tor Browser strips the path component from the referer header when making cross-origin requests. But if private browsing mode is turned off, it sends the complete URL instead.

Example
User navigates to https://example.org/page.html and the browser makes a request for an embedded image located at https://static.cdn.com/image.gif

PBM = on, Referer = https://example.org/
PBM = off, Referer = https://example.org/page.html

This is undesirable because it makes it easy to passively detect TB users who have turned PBM off with nothing more than standard web server logs.

And although it is advised against, it is apparent from comments and discussions online that a number of users with relaxed security requirements turn off private browsing mode to take advantage of features such as the browser password manager and URL bar history suggestions.

For this reason, I think it would be good to remove this inonsistency. This can be accomplished by changing the default value of network.http.referer.defaultPolicy to 2 so that it matches that of its PBM counterpart (network.http.referer.defaultPolicy.pbmode). This would be in the interest of all TB users, not just those who turn off private browsing mode, because it increases uniformity.

Child Tickets

Attachments (1)

0001-fixup-TB4-Tor-Browser-s-Firefox-preference-overrides.patch (1.0 KB) - added by boklm 4 months ago.

Download all attachments as: .zip

Change History (6)

comment:1 Changed 4 months ago by boklm

Keywords: tbb-fingerprinting TorBrowserTeam202001 added; referer referrer private browsing pbm removed

This sounds like a good idea to me.

comment:2 Changed 4 months ago by boklm

Actual Points: .1
Keywords: TorBrowserTeam202001R added; TorBrowserTeam202001 removed
Status: newneeds_review

I attached a patch doing this.

comment:3 Changed 4 months ago by pili

Reviewer: acat

comment:4 Changed 4 months ago by acat

Looks good to me.

comment:5 in reply to:  4 Changed 4 months ago by boklm

Resolution: fixed
Status: needs_reviewclosed

Replying to acat:

Looks good to me.

Thanks. After fixing conflict with #27268 I merged the patch to tor-browser-68.4.1esr-9.5-1 as commit e8411693ccfa757557eecd97baaa8bb12a5c87dc.

Note: See TracTickets for help on using tickets.