Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox 59 Will Stop Websites Snooping on Where You've Just Been (zdnet.com)

Posted by msmash on from the moving-forward dept.

Firefox 59 will reduce how much information websites pass on about visitors in an attempt to improve privacy for users of its private browsing mode. From a report: When you click a link in your browser to navigate to a new site, the site you go on to visit receives the address of the site you came from, via the so-called "referrer value." While this helps websites understand where visitors are coming from, it can also leak data about the individual browsing, because it tells the site the exact page you were looking at when you clicked the link, said Mozilla. Browsers also send a referrer value when requesting other details like ads, or other social media snippets integrated in a modern website, which means these embedded content features also know exactly what page you're visiting.

6 of 121 comments (clear)

  1. Change doesn't stop snooping of where you've been by JoeyRox · · Score: 4, Informative

    The headline implies this change will prevent sites from knowing what site you linked from. That's incorrect. From the article:

    To prevent this type of data leakage, from Firefox 59, the private browsing option will remove path information from referrer values sent to third parties, effectively stripping out additional data and only leaving the web domain.

  2. Re:Don't break the referrer by halivar · · Score: 5, Informative

    If you RTFA (I know, I know; I must be new around here), you'll see this is only for Private Mode, and leaves the domain portion intact. You can still see if they loaded from your domain.

  3. Ruining my fun.. by sqorbit · · Score: 3, Funny

    This will ruin my fun of constantly going to pornhub then moving right to the Christian Coalition site to fill their logs up with porn referrals

    --
    Sent from my TARDIS
    1. Re:Ruining my fun.. by StormReaver · · Score: 5, Informative

      Unless Pornhub links to the Christian Coalition, the referrer field will be blank. The "referer" field only gets set when you click on a link. Just typing in the new address on the address bar doesn't do it.

  4. Re:Change doesn't stop snooping of where you've be by Kjella · · Score: 5, Interesting

    Meh, in private browsing mode they really should kill the referrer from any top level page. If it's an <img>, <iframe> or <video> tag it's cool... but if I go from foo.com to bar.com via an <a href> it shouldn't secretly tell bar.com I came from foo.com. Transparency in what information you're exposing is essential to security and most people aren't aware it's happening.

    --
    Live today, because you never know what tomorrow brings
  5. Re:Referrer Header by q4Fry · · Score: 5, Informative

    You beat me to the reply. According to the horse itself, this is in fact precisely what they are doing:

    Starting with Firefox 59, Private Browsing will remove path information from referrer values sent to third parties (i.e. technically, setting a Referrer Policy of strict-origin-when-cross-origin).

    I agree that it should be the default, and (I discovered today), you can set it be in Firefox's about:config by setting network.http.referer.userControlPolicy to 2.