#25484: document.referrer leaks hidden service to clearnet service. --------------------------------------+-------------------- Reporter: kkm | Owner: (none) Type: defect | Status: new Priority: Medium | Milestone: Component: - Select a component | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | --------------------------------------+-------------------- Onion services might implement third-parties via clearnet like `https://www.nytimes3xbfgragh.onion/` loads `https://securepubads.g.doubleclick.net/`.
Most of the times, these third-party scripts collects referrer via `document.referrer`. In these cases `document.referrer` gives access to the onion url, which is then sent to these third-parties. Although, Tor does prevent sending referrer to clearnet sites on click(https://trac.torproject.org/projects/tor/ticket/9623), but in cases explained above, this does not hold true. Also, because these third-parties also sends the current URL home, even in that case onion service URL is sent. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25484> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs