- From: Aryeh Gregor <Simetrical+w3c@gmail.com>
- Date: Sun, 29 May 2011 10:20:09 -0400
- To: Nico Williams <nico@cryptonector.com>
- Cc: Adam Barth <w3c@adambarth.com>, Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org, Brandon Sterne <bsterne@mozilla.com>, Sid Stamm <sstamm@mozilla.com>
On Sat, May 28, 2011 at 1:17 AM, Nico Williams <nico@cryptonector.com> wrote: > On Fri, May 27, 2011 at 11:54 PM, Adam Barth <w3c@adambarth.com> wrote: >> Yeah, the sites that leak data in the paper seem like the types that >> would be helped more by on-by-default protection. I'm too scared of >> what would happen if we nuked Referer by default though. :( > > Well, just what would happen? Every analytics tool that provides webmasters with statistics about what sites send them the most traffic, what search terms people use when reaching their site, etc. would immediately break. This would make webmasters very unhappy. On the other hand, Trac would stop uselessly, annoyingly, and non-removably highlighting all the places in the page where search terms appear, when you come from a search engine. This would make me happy, so I guess it's a wash. ;) Seriously, removing Referer (or making it origin-only) probably isn't going to actually break very many sites, since it's already not very reliable. But it would sure upset a lot of webmasters, because it provides a lot of useful info.
Received on Sunday, 29 May 2011 14:20:56 UTC