I also opened a ticket: https://trac.torproject.org/projects/tor/ticket/9623
Currently, when browsing on a hidden service website, when you click on a clearnet/hidden service link it sends the current address as referer. This is not only an issue about users being tracked. It's also bad for owners of hidden services as the addresses are getting discovered. Maybe the user was on a private website which nobody should learn, or at least on a private webpage on a public website. Or maybe the referer could include login credentials, or other dangerous information. The current behavior doesn't really fit well with the "hidden service" idea. My suggestion is to install https://addons.mozilla.org/en-us/firefox/addon/smart-referer/ I believe it doesn't break anything major (it has a whitelist feature which is very short and includes disqus.com and github.com) and just adds another protection against tracking. This would be an easy and general solution for both hidden and clearnet websites. -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
