Silk Road forums

Discussion => Security => Topic started by: summer on February 12, 2013, 04:40 pm

Title: Tormail's referer - security risk?
Post by: summer on February 12, 2013, 04:40 pm
This is how it looks like if I open a link from an email in my mailbox.
http://jhiwjjlqpyawmpjx.onion/squirrelmail/src/read_body.php?mailbox=INBOX&passed_id=39&startMessage=61

61 = the number of the mail in my mailbox sorted by date. So the next email I will receive will be 62

I tried to set "extensions.torbutton.refererspoof" to 2 in Tor Browser Bundle's about:config page, but doesn't do shit, referer still shows up.

Ended up setting
network.http.sendRefererHeader to 0

But not sure if this is the best solution.

Title: Re: Tormail's referer - security risk?
Post by: masterblaster on February 13, 2013, 03:36 am
First why would you open a link through tor? Just copy and paste it in your address bar and there are no referer issues. Second why do you care if a site knows how many emails you have? This doesnt reveal your email account or anything else.