#4783: Set Referrer to loaded website
-------------------------------+--------------------------------------------
Reporter: ancientmariner | Owner: mikeperry
Type: defect | Status: closed
Priority: normal | Milestone:
Component: Tor Browser | Version:
Resolution: wontfix | Keywords:
Parent: | Points:
Actualpoints: |
-------------------------------+--------------------------------------------
Changes (by mikeperry):
* status: new => closed
* resolution: => wontfix
Comment:
Proper referer spoofing is harder than it seems. The policy you suggest
does break actual sites (iirc the washington post was among them).
We tried a more nuanced policy (see #2148 for its evolution), but at the
end of the day, we were devoting so much effort to maintaining this policy
we decided to abandon it, because referer spoofing does not stop bad
actors in the first place. Consider for example that Google+ encodes the
referer in the GET parameters of +1 buttons. Ad networks also do this,
too.
See also the middle chunk of https://lists.torproject.org/pipermail/tor-
dev/2011-June/002806.html and
http://archives.seul.org/or/dev/Jul-2011/msg00019.html for more
discussion.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4783#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online