Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Mozilla Firefox Privacy

Mozilla Firefox Tweaks Referrer Policy To Shore Up User Privacy (zdnet.com) 24

Mozilla Firefox will soon include a revised Referrer Policy to tighten up queries and better protect user information. From a report: Firefox 87, due to ship on March 23, will cut back on path and query string information from referrer headers "to prevent sites from accidentally leaking sensitive user data." In a blog post on Monday, developer Dimi Lee and security infrastructure engineering manager Christoph Kerschbaumer said the latest browser version will include a "stricter, more privacy-preserving default Referrer Policy." Browsers send HTTP Referrer headers to websites to indicate which location has 'referred' a user to a website server. Full URLs of referring documents are often sent in the HTTP Referrer header with other subresource requests, and while this may contain innocent information used for purposes including analytics, private user data may also be included. Referrer policies aim to protect this data, but if no policy is set by a website, this often defaults to "no-referrer-when-downgrade," an element that Firefox says does trim down the referrer when navigating to a less secure resource, but still "sends the full URL including path and query information of the originating document as the referrer."
This discussion has been archived. No new comments can be posted.

Mozilla Firefox Tweaks Referrer Policy To Shore Up User Privacy

Comments Filter:
  • by Actually, I do RTFA ( 1058596 ) on Monday March 22, 2021 @05:56PM (#61187206)

    Why have Firefox and the various Chromium variants made it harder to simply turn off features I don't want (appropriate example - referrers isn't something I would leave on, but has become harder and harder to find the way to turn off.)

  • by Anonymous Coward

    Where are the privacy-forward browsers?

    It's surprising that browsers still default to sending full referrer URLs but that reflects the emphasis on adding functionality for content producers or trackers rather than adding features only in a way that can preserve or further user privacy.

    Aside from referrer tracking, sites have long used link shimming [eff.org] to hide what you're actually clicking on.

    And browsers like Chrome have added a new hyperlink ping attribute [w3.org] so that JavaScript link rewriting isn't even necessar [eff.org]

  • this might mean that firefox can't be used anymore for beermoney (online money making) since offers rely on referrer tracking and third party cookies for credit. i hope i can disable this with a preference otherwise i will have to keep an old version or switch

  • Referer (Score:4, Insightful)

    by Robert Goatse ( 984232 ) on Monday March 22, 2021 @07:44PM (#61187500)
    Millennials can’t even get the spelling right.
    • Well, to be fair, the protocol spelling is the wrong one. But, yeah, when talking about the header people should know about that and drop the double r to a single.
  • by Kyogreex ( 2700775 ) on Monday March 22, 2021 @08:00PM (#61187556)

    Not that it isn’t their own fault, but some sites use referrers headers for legitimate reasons, such as an additional layer of protection against hotlinking. It’s not pretty, and it already causes problem in some browsers (such as Tor).

    What will be interesting to see IMO is if any (or many) sites simply don’t care if it isn’t Chrome or Safari.

  • And with this, we witness another staggering blow dealt against that most critical of Web 1.0 hallmarks: The update, or occasionally even full-time front-page feature, where the webmaster posts all the insane search terms that led people to the site.

    Came here on a search for "innocent 'developer' leaking on request" btw

UNIX enhancements aren't.

Working...