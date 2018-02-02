Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com) 99

Posted by msmash from the moving-forward dept.
Firefox 59 will reduce how much information websites pass on about visitors in an attempt to improve privacy for users of its private browsing mode. From a report: When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value." While this helps websites understand where visitors are coming from, it can also leak data about the individual browsing, because it tells the site the exact page you were looking at when you clicked the link, said Mozilla. Browsers also send a referrer value when requesting other details like ads, or other social media snippets integrated in a modern website, which means these embedded content features also know exactly what page you're visiting.

  • Finally (Score:1)

    by Anonymous Coward

    This privacy issue has been known for as long as browsers have been around. Nevertheless, this is good news.

  • Change doesn't stop snooping of where you've been (Score:5, Informative)

    by JoeyRox ( 2711699 ) on Friday February 02, 2018 @10:29AM (#56054957)
    The headline implies this change will prevent sites from knowing what site you linked from. That's incorrect. From the article:

    To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.

    • Re:Change doesn't stop snooping of where you've be (Score:5, Interesting)

      by Kjella ( 173770 ) on Friday February 02, 2018 @10:59AM (#56055223) Homepage

      Meh, in private browsing mode they really should kill the referrer from any top level page. If it's an <img>, <iframe> or <video> tag it's cool... but if I go from foo.com to bar.com via an <a href> it shouldn't secretly tell bar.com I came from foo.com. Transparency in what information you're exposing is essential to security and most people aren't aware it's happening.

    • To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.

      Hopefully this is just the first step toward a proper solution. Step 2 is to apply the same policy for intra-site links, to prevent sites from filtering on the exact page address. Step 3 is to always send the requested resource's domain, regardless of the source.

  • Ruining my fun.. (Score:4, Funny)

    by sqorbit ( 3387991 ) on Friday February 02, 2018 @10:42AM (#56055051)
    This will ruin my fun of constantly going to pornhub then moving right to the Christian Coalition site to fill their logs up with porn referrals

    • Re:Ruining my fun.. (Score:5, Informative)

      by StormReaver ( 59959 ) on Friday February 02, 2018 @10:47AM (#56055101)

      Unless Pornhub links to the Christian Coalition, the referrer field will be blank. The "referer" field only gets set when you click on a link. Just typing in the new address on the address bar doesn't do it.

      • Re: (Score:3)

        by afidel ( 530433 )

        So you just drop a link to christian coalition in a pronhub comment and click it from there, problem solved =)

      • Re: (Score:2)

        by Kjella ( 173770 )

        Yeah... not really a problem on any site that allows user comments with links though. In fact this traffic would be more confusing, like okay I'm seeing a lot of traffic from reddit but what sub-board has linked me now or what celeb linked me on Facebook or what video is going viral on YouTube. Then again you'll probably see a substantial amount of any traffic in non-private mode, so not really a big deal I guess.

  • When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value."

    This is how the web has always worked and it's a public specification. There's nothing so called or nefarious here.

    • Re: (Score:1)

      by Anonymous Coward
      They never said it was nefarious, only that it could be used for "nefarious" purposes, ie tracking. And just because it's in the spec and how it's always been done, doesn't mean its necessarily good.

  • Give the middle finger to google (Score:1)

    by Anonymous Coward

    Google itself removes the referer (an url with a query) when I use open source statistics software like Piwik, for "privacy reasons", except they do show what people searched for on their own analytics services, so in reality it was just to give the middle finger to competition, using the near monopoly of the search engine. So I'd like Firefox to return the favor and not hand the complete referer to any 3rd parties loaded on websites. Just do this in the header to Google:

    Referer: -_-*,,|,

  • Old Opera (the Presto engine, versions 7-12) had an option to disable this years ago. (Of course years ago, since it is no longer available.)
    • I see comments like this all of the time. Does Opera have a feature that automatically recognizes new stories about things it's been capable of doing for years and then smugly post about it?

  • TFS, TFA don't say.

  • How about a new tab before navigating, I would imagine that would not send the referer. Is this correct?

