Dear tor browser and privacy-interested people, i have come across a curious website that tries to fetch a (css) resource not just with an integrity hash, but also anonymously.
eg.
<link rel="stylesheet" href="https://bigtech-site.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous" media="">bizarrely though tor browser seems to ignore the attempt at anonymity and offers not just a referrer header, but ALSO an "origin" header with the same info supplied as the "referrer"! so it doubles down on outing the site?
is there an actual trick to telling a browser not to provide a referrer header in the request, i realize its probably a bad idea and that the best thing to do is to self-host (or use ipfs) but am just curious.
everyone should be untagged in any subsequent post that doesn't directly answer the question... unless interest is expressed. thanks
@torproject @icedquinn @jeffcliff @lsn @neurovagrant @silverpill @thendrix @smallcircles
076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.
All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.