On Mon, 14 Apr 1997, Tom Weinstein wrote:
In the eyes of some, the referer header is a privacy violation. It allows a site to see what site you visited before coming there. In the case of Navigator, we ONLY send the referer header when you click on a link. Not when you select a bookmark. Not when you type a URL into the location field. This allows web sites to see who links to them. I think that's something that a web author is entitled to know.
So, you think we're doing something bad. Why don't you tell me what you think we should do?
Thanks for the chance to address the issue. I think that perfectly reasonable "features" often can become "security flaws" or "privacy lapses" when the user is not aware of the potential danger. In this case I think much of the flak over the referer header is driven by the fact that no one really appreciated the danger until it was pointed out. This gives rise to the "My god! What have I been giving out all these months while accessing www.hotchicks.com?" panic. Of course the next step is anger. "Why the hell does <netscape> do that? Why wasn't I told?" This melds into another software annoyance of mine. Sacrificing the needs of the user who knows what he is doing for the novice when both can be easily satisified. Of course the reverse is also true. Take, for example, Mr. Stewart's comment:
I basically agree with Microsoft. It works as specified, and everyone should know that handling sensitive form posts via GET is a bad idea.
Well, those of us who know what we are doing should know better but (and I'm not sure this is Mr. Weinstein's mission or concern) if you want to educate the public you need to assume the user does not know and create and option to streamline operation for the user who does. Having said the above, what I would like to see is an option to surpress the referer header explicitly like with cookies. "You are about to forward a referer header to the page you have selected. Forwarding the referer header to this site may reveal more about your web browsing habits than you would prefer. Should <netscape> surpress the referer header? Yes/No/Always Surpress/Never Surpress." I might add that I would like an option on cookie supression to bypass that annoying dialog such to never allow cookies. It gets a bit much when a page askes for 9 cookies in a row and the only way to prevent them is to get beeped at repeatedly. Again, don't confuse the novice, don't slow down the expert.
-- You should only break rules of style if you can | Tom Weinstein coherently explain what you gain by so doing. | tomw@netscape.com
-- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland