- From: Charlie Sorsby <crs@sorsby.org>
- Date: Tue, 4 Apr 2006 16:31:37 -0600 (MDT)
- To: www-validator@w3.org
Hello,
I don't understand why a "referrer header" should be necessary in
order to check the validity of a page.
1. I quote from the Shields Up! web site:
https://www.grc.com/x/ne.dll?rh1dkyd2
What's the "Referer" header?
The web's HTTP protocol was designed with little
concern for a web surfer's privacy and well before
aggressive commercial interests decided to track
surfers across the web, while storing and compiling
any personal information that might leak from their
browser.
[...]
When a web resource is requested from a server, the
"Referer" header line provides the requested server
with the URL of the web page that requested the item.
But if an online web form has just been filled out
and submitted using the most common "GET" method, the
web surfer's potentially personal and private data
will appear in the URL and it will be sent to any
third-party servers, such as advertising, tracking,
or web-bug servers, whose resources appear on the
form's submission confirmation page!
The most common (mostly benign) example of this is
search engine queries where the search terms appear
in the "tail portion" of the search URL. What's not
obvious to the casual surfer is that the sites of any
links they follow from such a search system receive
that entire URL which appears in the address window
as the "referer" to the site. This means that sites
can tell that you came from a web search site, which
web search site, and what you entered into the search
site to bring you to them.
This example, in itself, is probably not much cause
for privacy concern, but it does demonstrate the
potential for personal information leakage through
filling out online web forms.
I've turned off "Enable referrer logging" in my web browser
(opera 8.52); since then, I am unable to revalidate my pages
conveniently.
Before that, I could not do so by simply loading the original
file from my local machine into my web browser and clicking the
revalidate link. (My actual pages are located on my ISP's system
but I create the pages on my local freeBSD machine.)
If I simply load a local file into my browser to check whether
changes have broken validity, I can't just click on the revalidate
link on that page; I must go to your home page and load the file.
A bloody nuisance that does not encourage me to keep my pages
valid.
Now I find that, even if I want to recheck pages on my ISP's
machine -- i.e. my personal web pages -- I much change the
preferances set on my web browser from the privacy-preserving
settings that I normally have set to allow referrer logging.
At best this is annoying.
I see no valid reason that that should be necessary to check a
given page for validity. All that should be necessary for that is
the URL (or file name) of the page to be checked.
I want to check the page whose URL (or file name) I've given you;
Not where it came from.
I grant that I'm anything but an expert but this seems both
unnecessary and counter productive to me.
Unless, of course, the objective is to *permit* other sites to
invade my privacy.
Who's side are y'all on, anyway?
Charlie
--
Charlie Sorsby
crs@swcp.com
P. O. Box 1225
Edgewood, NM 87015
USA
Why HTML in e-mail is evil: http://www.birdhouse.org/etc/evilmail.html
and (possibly) how to turn it off: http://www.expita.com/nomime.html
Received on Wednesday, 5 April 2006 09:16:08 UTC