On 08/31/2013 03:04 AM, bm-2d8jtri23dyth7whmaldhsvhdfwp91z...@bitmessage.ch wrote:
>>>> My suggestion is to install >>>> https://addons.mozilla.org/en-us/firefox/addon/smart-referer/ I >>>> believe it doesn't break anything major (it has a whitelist feature >>>> which is very short and includes disqus.com and github.com) and >>>> just adds another protection against tracking. This would be an >>>> easy and general solution for both hidden and clearnet websites. >>> >>> +1 for the quick and already-tested-elsewhere solution, if feasible. >> >> That's a cool add-on. >> >> I've used RefControl, by default forging referrers as root of sites >> being visited. It doesn't break many sites. >> >> Which is riskier, sending no referrer, or forging as RefControl does? >> >> A quick search suggests that no referrer is worse than a forged one. > > Yes, it's better to forge the referer, smart referer does that by default. Well, the short description is "Send referers [sic] only when staying on the same domain." But I see at https://github.com/meh/smart-referer that Smart Referer defaults to "self [which] replaces the referer with the page you're going to thus making the server think you're either refreshing or going to the page from a link on the same page." Which sort of forging is better, same page or site root? > What do you people think about the idea to implement smart referer as > default for hidden services, but integrate the option to use it for all > websites (including clearnet) in the proposed security slider. > > https://trac.torproject.org/projects/tor/ticket/9623#comment:5 > https://trac.torproject.org/projects/tor/ticket/9387#comment:15 I like the idea -- or RefControl, depending on which type of forging causes the least problems. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
