Conversation

Notices

1. Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🦝🐙 🇱🇧🧯 🇨🇦 (jeffcliff@shitposter.world)'s status on Monday, 14-Oct-2024 20:36:33 JST Jeff "never puts away anything, especially oven mitts" Cliff, Bringer of Nightmares 🦝🐙 🇱🇧🧯 🇨🇦

   in reply to

   • frogzone
   @frogzone sorry what's the question?
   • frogzone@wizard.casa's status on Monday, 14-Oct-2024 20:36:48 JST frogzone

     • Terry Hendrix II 🏹
     • iced quinnsmas :blobcatsanta:
     • smallcircles (Humanity Now 🕊)
     • silverpill
     • The Tor Project
     • Ian Campbell
     • Libre Solutions Network

     Dear tor browser and privacy-interested people, i have come across a curious website that tries to fetch a (css) resource not just with an integrity hash, but also anonymously.

     eg.

     <link rel="stylesheet" href="https://bigtech-site.com/bootstrap/4.1.3/css/bootstrap.min.css" integrity="sha384-MCw98/SFnGE8fJT3GXwEOngsV7Zt27NXFoaoApmYm81iuXoPkFOJwJ8ERdknLPMO" crossorigin="anonymous" media="">

     bizarrely though tor browser seems to ignore the attempt at anonymity and offers not just a referrer header, but ALSO an "origin" header with the same info supplied as the "referrer"! so it doubles down on outing the site?

     is there an actual trick to telling a browser not to provide a referrer header in the request, i realize its probably a bad idea and that the best thing to do is to self-host (or use ipfs) but am just curious.

     everyone should be untagged in any subsequent post that doesn't directly answer the question... unless interest is expressed. thanks

     @torproject @icedquinn @jeffcliff @lsn @neurovagrant @silverpill @thendrix @smallcircles