On Fri, Feb 01, 2008 at 12:39:41AM +0000, place wrote:
Jorge wrote:
From the updated dillorc2:
# Set the HTTP Referer information (WARNING: affects privacy) * # We use the same URI, not the refering page (to avoid cross-site tracking). # none : No referer at all (full privacy). # host : Default value. Send same URI's hostname (no sensible info is sent). # path : same URI is sent (NO PRIVACY). http_referer=host
What do you mean by "NO PRIVACY"?
I meant that if we send the referring page's path, there would be no privacy. Later I changed the referer approach by using the same URI, which worked surprisingly well on tests, and this new approach obsoleted the comments. Note that "path" is not sending the same URI, it strips the query and fragment parts. In brief, using the same URI, the three options offer good privacy (because no new information is sent), and if we ever enable using the referring page, the old comments apply. i.e. Using Same URI: # none : No referer at all (nothing is sent) # host : Default value. Send same URI's hostname (no new info is sent). # path : same URI is sent (no new info is sent). Using referring page (not implemented): # none : No referer at all (nothing is sent) # host : Default value. Send URI's hostname (referring hostname is known). # path : referring URI is sent (NO PRIVACY, fine grained tracking # of the pages/sites you visit). Using referring page only if hostname matches (not implemented): # none : No referer at all (nothing is sent) # host : Default value. Send URI's hostname (no new info is sent). # path : referring URI is sent (NO PRIVACY, fine-grained per-site # tracking of the pages you visit). I'll fix the comments (of implemented part) upon finishing this thread. Thanks for the question. -- Cheers Jorge.-