Closed
Bug 1816916
Opened 2 years ago
Closed 2 months ago
Hide Onion Referrers by default
Categories
(Core :: DOM: Security, enhancement, P3)
Core
DOM: Security
Tracking
()
RESOLVED
FIXED
132 Branch
Tracking | Status | |
---|---|---|
firefox132 | --- | fixed |
People
(Reporter: tjr, Assigned: tjr)
References
Details
(Whiteboard: [domsecurity-active])
Attachments
(1 file)
We have a network.http.referer.hideOnionSource
pref we built for Tor that refuses to send a referrer from an onion site. The purpose of this is that an onion address is a secret url. No one knows it until you publicize it. If a private onion site embeds or links to another website (onion or otherwise) - we don't want to leak the onion site address.
This is off in Firefox because we don't use Tor and Tor Browser turns it on.
However... some people use Firefox, with Tor, despite all the recommendations not to do this. These people are risking their own security and privacy. But we shouldn't automatically risk the onion site's privacy also. So let's enable the pref in Firefox by default.
Assignee | ||
Comment 1•2 years ago
|
||
Comment 2•2 years ago
|
||
Yes please :)
Updated•2 years ago
|
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-active]
Pushed by tritter@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/203989862c02
Hide onion referers by default r=freddyb,tjr
Comment 5•2 months ago
|
||
bugherder |
Status: NEW → RESOLVED
Closed: 2 months ago
status-firefox132:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•