Closed Bug 467257 Opened 16 years ago Closed 16 years ago

Should we disable http referers in private browsing mode?

Categories

(Firefox :: Private Browsing, enhancement)

enhancement
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: pascalc, Unassigned)

References

Details

Some extensions like https://addons.mozilla.org/fr/firefox/addon/953 allow not sending referers in http headers for privacy concern.

It was suggested today in a FLOSS event Mozilla Europe attended top that it should be taken into account when we go into private browsing mode.
Personally I like this idea, however it has been known to break certain sites that check referrers. Most browsing would be fine, however there would be a certain minority of pages that would get errors or redirects with referrers disabled. For example, there are sites that use the referrer to attempt to control hotlinking and block if the referrer is not from within their site. This is problematic but it's done. Doing any sort of generalized block to referrers would cause these (often not obvious) problems to confuse some users. To do this sort of blocking correctly you need more detailed control and have to be aware of and manage things more. This is what that extension does. I used it for quite a while myself, however I eventually decided that it just wasn't worth it.

The other possibility is to disable only cross-domain referrers. (i.e. called "block 3rd-party referrers" in the RefControl extension) Allow normal referrers within a site and block them between sites. However, while this does work better it's not guaranteed to be perfect either. If I remember correctly, RefControl worked better using the "forge" setting where it faked a referrer for the destination site when the initial referrer would have been from another. This wouldn't be a good idea to do in Firefox by default, either.

So long as we're not carrying over referrers between private and normal browsing mode (or vice versa) I think we'll be fine. There are many people who don't like referrers (myself included) but we need them to work normally in all instances.
(In reply to comment #1)
> So long as we're not carrying over referrers between private and normal
> browsing mode (or vice versa) I think we'll be fine. There are many people who
> don't like referrers (myself included) but we need them to work normally in all
> instances.

How can we do that?  All tabs and windows are closed before entering the private browsing mode, so I think this can't happen at all.  We only want to separate the private and public sessions, and I think we already do that as far as the referrer header is concerned.
(In reply to comment #2)
> (In reply to comment #1)
> > So long as we're not carrying over referrers between private and normal
> > browsing mode (or vice versa) I think we'll be fine.
> 
> How can we do that?  All tabs and windows are closed before entering the
> private browsing mode, so I think this can't happen at all.

Yes, I know, the sessions are already separated as you mentioned. That's why it's not a problem. It's just the only other issue beyond blocking/spoofing I could think of and it's already been dealt with. If at some point in the future we allow private and normal browsing sessions up at the same time then this might somehow conceivably come up, but right now it's a non-issue.
(In reply to comment #3)
> Yes, I know, the sessions are already separated as you mentioned. That's why
> it's not a problem. It's just the only other issue beyond blocking/spoofing I
> could think of and it's already been dealt with. If at some point in the future
> we allow private and normal browsing sessions up at the same time then this
> might somehow conceivably come up, but right now it's a non-issue.

Even then that won't be a problem, unless we change the status of one tab from non-private to private on the fly, which I don't think we'll ever do.

So is it safe to WONTFIX this?
(In reply to comment #4)
> So is it safe to WONTFIX this?

In my opinion, yes. This functionality isn't really necessary for the built in private browsing mode and is provided by an extension for those who want it.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WONTFIX
Mass moving of all Firefox::General private browsing bugs to Firefox::Private Browsing.
Component: General → Private Browsing
QA Contact: general → private.browsing
now that we have private browsing per window, is this relevant?
Hmm, what do you think, Sid?
Flags: needinfo?(sstamm)
FWIW, i don't think we should disable referer in private browsing mode - private browsing mode is not a _privacy_ browsing mode. If we wanted to create an 'anonymous browsing mode' with a different use case than the current private browsing mode, disabling referer there would make sense. I think it's important to keep private browsing mode focused on its current use case.
Yeah, I agree with Ian.  If we want to change private browsing to focus harder on non-local adversaries, we can.  It's gonna be a lot more work to change the threat model like that -- more than just fixing this bug.

Instead, I'd rather make it easier for users to turn off bits of referrer as they want (https://wiki.mozilla.org/Privacy/Features/Shortened_HTTP_Referer_header).
Flags: needinfo?(sstamm)
Sounds good to me!
You need to log in before you can comment on or make changes to this bug.