It’s Called the Referer!
by Jitesh Gandhi on May 22, 2010 7:46 PM, under News, Technology
Yesterday, the Wall Street Journal published a story about a “Privacy Loophole” in many social sites. I’m not sure if they just wanted to pile onto the the whole privacy fire or if they really don’t quite understand what it is.
The bottom line is this is nothing new. It’s called the Referer (I do know this is spelled wrong, but somehow this is how it was spelled in the actual standard) and it is very simple. It is part of the standard that is essentially the basis of the “world wide web”. When you click a link, part of the information that is sent to the site that link points to is the address of the page where the link originated. So when anyone clicks the link to the WSJ article in the previous paragraph, the people at the WSJ will know how you arrived at that article.
This is how I know ~75% of the traffic to my site is from Google searches. So, if I’m on my Facebook homepage (http://www.facebook.com/jhgandhi) and I click an advertisement (it has to be a direct link to the advertiser’s site) they will know where I came from and could visit my facebook page (of course, they’d have to be my friend to see more than basic information).
The simple solution (which Facebook and MySpace implemented quickly) is to just have the ads link to a page on their own site that then redirects to the advertisement’s site.
This “loophole” is everywhere a page with personally identifiable information links to another page. It has been around since 1990. Other information a web site gets includes your IP Address (can be used to get a rough location), what Operating System (Type and Version) you are running, what your screen resolution is, what fonts are installed on your machine, what browser you are using and a bunch of other things. This site has a good summary of what it can capture when you visit their site (this site will read all of the information that you transmit and display it to you).
It is good that they published the article, but it comes across as somewhat sensational when it is something very common all over the web. It likely took only a few minutes for them to make the changes to their ads so that the potential for people to use the referer is eliminated. So remember, when you click a link from my blog, wherever it takes you, they could find out you read my blog. :)