Closed Bug 1816916 Opened 2 years ago Closed 2 months ago

Hide Onion Referrers by default

Categories

(Core :: DOM: Security, enhancement, P3)

enhancement

Tracking

()

RESOLVED FIXED
132 Branch
Tracking Status
firefox132 --- fixed

People

(Reporter: tjr, Assigned: tjr)

References

Details

(Whiteboard: [domsecurity-active])

Attachments

(1 file)

We have a network.http.referer.hideOnionSource pref we built for Tor that refuses to send a referrer from an onion site. The purpose of this is that an onion address is a secret url. No one knows it until you publicize it. If a private onion site embeds or links to another website (onion or otherwise) - we don't want to leak the onion site address.

This is off in Firefox because we don't use Tor and Tor Browser turns it on.

However... some people use Firefox, with Tor, despite all the recommendations not to do this. These people are risking their own security and privacy. But we shouldn't automatically risk the onion site's privacy also. So let's enable the pref in Firefox by default.

Yes please :)

Duplicate of this bug: 1744290
See Also: → 1742405
Severity: -- → N/A
Priority: -- → P3
Whiteboard: [domsecurity-active]
Pushed by tritter@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/203989862c02 Hide onion referers by default r=freddyb,tjr
Status: NEW → RESOLVED
Closed: 2 months ago
Resolution: --- → FIXED
Target Milestone: --- → 132 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: