Interesting People mailing list archives
retraction re Google referer lines
From: David Farber <dave () farber net>
Date: Wed, 11 Jan 2006 09:37:55 -0500
Begin forwarded message: From: "Steven M. Bellovin" <smb () cs columbia edu> Date: January 10, 2006 5:07:16 PM EST To: dave () farber net Subject: retraction re Google referer lines As several people have pointed out, it's my *browser* that's sending along the Referer line, not Google. Yup -- I got it wrong; mea culpa. (I used to have a browser extension that would let me control whether or not Referer was sent; I really should have known better.) What this does point out, of course, is that security (and that includes privacy) is a systems property. Just looking at one piece of the puzzle will not tell you what's going on. Here, part of the issue is Google's choice -- probably, but not definitely, correct -- to put the query in the URL, rather than using HTTP POST. If they'd done the latter, all the receiving site would know is that I came there from Google. Nor do I know what happens if I click on a link that goes via Google's site (behavior which they do document) -- that's another part of the system. (I assume that they note the statistics and send a redirect to my browser. I have no idea what my browser will do for a referer line in that case.) So -- again, my apologies to Google. I think they do need to be a lot more careful about privacy, but in this case they're innocent. --Steven M. Bellovin, http://www.cs.columbia.edu/~smb ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- retraction re Google referer lines David Farber (Jan 11)