Re: scrub-referrer directive?

On Fri, May 27, 2011 at 11:54 PM, Adam Barth <> wrote:
> Yeah, the sites that leak data in the paper seem like the types that
> would be helped more by on-by-default protection.  I'm too scared of
> what would happen if we nuked Referer by default though.  :(

Well, just what would happen?

One guess: sites that want linkees to get referrer info will resort to
redirects, with URLs encoded in URLs (quite possibly via encryption,
to defeat URL cleaning add-ons).

Another guess: site operators will scream bloody murder :)

What else?

But if site operators use referrers as a way to purposefully (yet with
plausible deniability) leak information to selected third parties...
What else can users do but turn off Referrers?


Received on Saturday, 28 May 2011 08:05:42 UTC