Last Comment Bug 467257 - Should we disable http referers in private browsing mode?
: Should we disable http referers in private browsing mode?
Status: RESOLVED WONTFIX
:
Product: Firefox
Classification: Client Software
Component: Private Browsing (show other bugs)
: Trunk
: All All
: -- enhancement with 1 vote (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
: 1056392 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-30 07:55 PST by Pascal Chevrel:pascalc
Modified: 2014-08-22 11:00 PDT (History)
10 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Pascal Chevrel:pascalc 2008-11-30 07:55:13 PST
Some extensions like https://addons.mozilla.org/fr/firefox/addon/953 allow not sending referers in http headers for privacy concern.

It was suggested today in a FLOSS event Mozilla Europe attended top that it should be taken into account when we go into private browsing mode.
Comment 1 Dave Garrett 2008-11-30 08:39:14 PST
Personally I like this idea, however it has been known to break certain sites that check referrers. Most browsing would be fine, however there would be a certain minority of pages that would get errors or redirects with referrers disabled. For example, there are sites that use the referrer to attempt to control hotlinking and block if the referrer is not from within their site. This is problematic but it's done. Doing any sort of generalized block to referrers would cause these (often not obvious) problems to confuse some users. To do this sort of blocking correctly you need more detailed control and have to be aware of and manage things more. This is what that extension does. I used it for quite a while myself, however I eventually decided that it just wasn't worth it.

The other possibility is to disable only cross-domain referrers. (i.e. called "block 3rd-party referrers" in the RefControl extension) Allow normal referrers within a site and block them between sites. However, while this does work better it's not guaranteed to be perfect either. If I remember correctly, RefControl worked better using the "forge" setting where it faked a referrer for the destination site when the initial referrer would have been from another. This wouldn't be a good idea to do in Firefox by default, either.

So long as we're not carrying over referrers between private and normal browsing mode (or vice versa) I think we'll be fine. There are many people who don't like referrers (myself included) but we need them to work normally in all instances.
Comment 2 :Ehsan Akhgari (busy, don't ask for review please) 2008-12-17 13:24:01 PST
(In reply to comment #1)
> So long as we're not carrying over referrers between private and normal
> browsing mode (or vice versa) I think we'll be fine. There are many people who
> don't like referrers (myself included) but we need them to work normally in all
> instances.

How can we do that?  All tabs and windows are closed before entering the private browsing mode, so I think this can't happen at all.  We only want to separate the private and public sessions, and I think we already do that as far as the referrer header is concerned.
Comment 3 Dave Garrett 2008-12-17 13:32:07 PST
(In reply to comment #2)
> (In reply to comment #1)
> > So long as we're not carrying over referrers between private and normal
> > browsing mode (or vice versa) I think we'll be fine.
> 
> How can we do that?  All tabs and windows are closed before entering the
> private browsing mode, so I think this can't happen at all.

Yes, I know, the sessions are already separated as you mentioned. That's why it's not a problem. It's just the only other issue beyond blocking/spoofing I could think of and it's already been dealt with. If at some point in the future we allow private and normal browsing sessions up at the same time then this might somehow conceivably come up, but right now it's a non-issue.
Comment 4 :Ehsan Akhgari (busy, don't ask for review please) 2008-12-17 13:37:14 PST
(In reply to comment #3)
> Yes, I know, the sessions are already separated as you mentioned. That's why
> it's not a problem. It's just the only other issue beyond blocking/spoofing I
> could think of and it's already been dealt with. If at some point in the future
> we allow private and normal browsing sessions up at the same time then this
> might somehow conceivably come up, but right now it's a non-issue.

Even then that won't be a problem, unless we change the status of one tab from non-private to private on the fly, which I don't think we'll ever do.

So is it safe to WONTFIX this?
Comment 5 Dave Garrett 2008-12-17 13:39:49 PST
(In reply to comment #4)
> So is it safe to WONTFIX this?

In my opinion, yes. This functionality isn't really necessary for the built in private browsing mode and is provided by an extension for those who want it.
Comment 6 :Ehsan Akhgari (busy, don't ask for review please) 2008-12-18 01:43:38 PST
Mass moving of all Firefox::General private browsing bugs to Firefox::Private Browsing.
Comment 7 eyal gruss (eyaler) 2013-01-14 13:28:59 PST
now that we have private browsing per window, is this relevant?
Comment 8 :Ehsan Akhgari (busy, don't ask for review please) 2013-01-14 14:13:46 PST
Hmm, what do you think, Sid?
Comment 9 Ian Melven :imelven 2013-01-14 16:48:52 PST
FWIW, i don't think we should disable referer in private browsing mode - private browsing mode is not a _privacy_ browsing mode. If we wanted to create an 'anonymous browsing mode' with a different use case than the current private browsing mode, disabling referer there would make sense. I think it's important to keep private browsing mode focused on its current use case.
Comment 10 Sid Stamm [:geekboy or :sstamm] 2013-01-14 17:00:10 PST
Yeah, I agree with Ian.  If we want to change private browsing to focus harder on non-local adversaries, we can.  It's gonna be a lot more work to change the threat model like that -- more than just fixing this bug.

Instead, I'd rather make it easier for users to turn off bits of referrer as they want (https://wiki.mozilla.org/Privacy/Features/Shortened_HTTP_Referer_header).
Comment 11 :Ehsan Akhgari (busy, don't ask for review please) 2013-01-14 17:01:04 PST
Sounds good to me!
Comment 12 :Ehsan Akhgari (busy, don't ask for review please) 2014-08-22 11:00:57 PDT
*** Bug 1056392 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.