tag:blogger.com,1999:blog-16750015.post3043234267632298870..comments2024-01-24T20:01:37.600-05:00Comments on slight paranoia: It is time for the web browser vendors to embrace privacy by defaultChristopher Soghoianhttp://www.blogger.com/profile/08950937382104783909noreply@blogger.comBlogger13125tag:blogger.com,1999:blog-16750015.post-54802386368357792422010-10-27T21:18:23.848-04:002010-10-27T21:18:23.848-04:00Just checked my Firefox and the mentioned network....Just checked my Firefox and the mentioned network.http.sendRefererHeader is set to 2. <br /><br />I'm using 3.6.10 in openSUSE 11.3.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-78798415272076013072010-10-25T03:41:04.752-04:002010-10-25T03:41:04.752-04:00The problem is not so much that browser vendors ar...The problem is not so much that browser vendors are not modifying or forging the referer header but that users are not<br />properly educated to surf the web cautiously. If they were, I bet that either browser vendors would already have included such a feature by default or the users would already deploy such add-ons like JonDoFox (http://anonymous-proxy-servers.net/en/software.html) which have a referer spoofing by default without breaking sites. Either way, you would not need to make your proposal which shows that it just cures a symptom but not the main problem.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-88535844637534914312010-10-22T16:21:56.863-04:002010-10-22T16:21:56.863-04:00A correction: in Firefox one needs to change to 0 ...A correction: in Firefox one needs to change to 0 (zero):<br /><br />See <a href="http://kb.mozillazine.org/Network.http.sendRefererHeader" rel="nofollow">http://kb.mozillazine.org/Network.http.sendRefererHeader</a> for details.Shmerlhttps://www.blogger.com/profile/14404784573198104036noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-70836120688604763822010-10-20T09:23:14.193-04:002010-10-20T09:23:14.193-04:00Interestingly enough, the referenced spec basicall...Interestingly enough, the referenced spec basically points out that the producers/consumers of the refer tag need to be careful in what they put in there: "Because the source of a link may be private information or may reveal an otherwise private information source".<br /><br />While I am a big proponent of the Browsers incorporating more secure/privacy tools and functionality, this is on sites themselves to maintain. <br /><br />The referrer is very important in site to site communication. If two sites need to communicate with one another, whose to say they won't just use a web service between the two to send that data anyway?AppSecnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-45039304774729967522010-10-19T20:55:47.344-04:002010-10-19T20:55:47.344-04:00I think for Firefox 3.6.10 you change the setting ...I think for Firefox 3.6.10 you change the setting from 2 to 0?? http://kb.mozillazine.org/Network.http.sendRefererHeader<br /><br />Browsers should come with reasonable privacy and security enabled. I don't like first run wizards though. I think a secondary tab that opens until you configure it would be better.Stereociliahttps://www.blogger.com/profile/11010575710090051264noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-40784429254993860922010-10-19T16:50:58.804-04:002010-10-19T16:50:58.804-04:00anyone knows how to do it on google chrome for mac...anyone knows how to do it on google chrome for macDxhttps://www.blogger.com/profile/02760730558989040294noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-79514652910977627902010-10-19T15:01:02.508-04:002010-10-19T15:01:02.508-04:00This is a really well thought-out article. Refere...This is a really well thought-out article. Referer requests are an issue. Firefox, IE, Safari, Chrome, and other browsers (like mobile browsers) should all have an easy way to manage this so one can stay private if they chose to.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-51166854307619345812010-10-19T06:48:08.394-04:002010-10-19T06:48:08.394-04:00Opera has a checkmark "Send referrer informat...Opera has a checkmark "Send referrer information" in its normal options menu and you can even set that on a per-site basis with the site preferences (just like cookies, javascript and so on).ShEilanoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-56443309279941951242010-10-19T05:13:51.254-04:002010-10-19T05:13:51.254-04:00Many sites use referral data for fair reasons like...Many sites use referral data for fair reasons like to prevent 'steeling' bandwidth by so called hotlinking to (large) files. The default browser setting should be to send the referrer only within the same domain, and to block it for third party sites. Otherwise browsing the web will become a nightmare for both users and webmasters around the globe.Movermanhttps://www.blogger.com/profile/11246569513632765240noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-37674638410432412082010-10-18T23:00:54.309-04:002010-10-18T23:00:54.309-04:00What are you worrying about in the Google referrer...What are you worrying about in the Google referrer? As far as I can see it ids your search, but not who you are. The referral data is vital to anyone running a web site.<br /><br />Unless of course the referring site is doing something it shouldn't do, like putting your User Name or ID in the URL, I don't see a big issue on referrers.<br /><br />I think if you are concerned about privacy you probably should avoid social media like the plague. The whole idea of a site like Facebook is to share your personal information.Johnnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-18918259200605988932010-10-18T21:20:07.963-04:002010-10-18T21:20:07.963-04:00In fact, RefControl can execute all the things you...In fact, RefControl can execute all the things you recommend on Bugzilla: retaining the referer within sites, disabling referers to third party sites, and truncating referers to top-level domains for third party sites.<br /><br />That said, I very much agree that these features should be implemented by default in private browsing modes.<br /><br />Has the community expressed any interest in your request and recommendation?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-74739834495490444972010-10-18T21:07:05.090-04:002010-10-18T21:07:05.090-04:00As earlier articles in the WSJ series made clear, ...As earlier articles in the WSJ series made clear, the companies that develop and own the major browsers are the same companies that own and operate the major ad networks. The conflict of interest doesn't explain everything, but it doesn't bode well.<br /><br />In the meantime, I recommend RefControl: http://www.stardrifter.org/refcontrol/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-22127138110615180142010-10-18T19:12:08.098-04:002010-10-18T19:12:08.098-04:00Excellent article ... not that it lets FB, Zynga, ...Excellent article ... not that it lets FB, Zynga, and everybody else off the hook of course but it shows how completely the browser world is ignoring the issue.jonhttp://talesfromthe.net/jonnoreply@blogger.com