“Firefox 87 trims HTTP Referrers by default to protect user privacy”

My thoughts on Firefox' referrer policy change as an "innocent" blogger.

Be aware this is a draft post — please adjust your expectations accordingly. Get in touch if this post could use an improvement.

This is a part of the 100 Days To Offload challenge.

Referrers as a way to discover content.

I used to enjoy looking at my Plausible Analytics dashboard and see if someone had written about my content on their own blog and linked to it. I discovered quite a few bloggers through this route, and read up on “related content” or responses this way.

I can’t recall ever receiving an email just to let me know someone linked to a post on my blog. It’s just so much hassle.

Websites can use referrer information for many fairly innocent uses, including analytics, logging, or for optimizing caching.

Mozilla Security Blog

Because HTTP referrer headers were a browser built-in, there was virtually no user configuration or opt-in required. This isn’t true for pingbacks and webmentions both of which suffer for adoption due to either its archaic nature, or difficulty and lack of awareness in using it, respectively.

Browser vendors make a change.

Just a few months after I took blogging seriously, Chrome announced its Referrer Policy change and my analytics became pretty bare-bones. Chrome after all “controls” more than 60% of the web.

strict-origin-when-cross-origin offers more privacy. With this policy, only the origin is sent in the Referer header of cross-origin requests.

This prevents leaks of private data that may be accessible from other parts of the full URL such as the path and query string.

Google Web Developers

Mozilla is now following up and changing its default policy too.

Starting with Firefox 87, we set the default Referrer Policy to ‘strict-origin-when-cross-origin’ which will trim user sensitive information accessible in the URL. […] thereby providing a significantly more private browsing experience.

Mozilla Security Blog

My thoughts.

As a blogger who is strictly interested in writing and sharing her thoughts? This isn’t the best Monday. I imagine what little info I get now will disappear too — it just isn’t fun opening someone’s all posts page and start looking for that one little linkback.

I’ve always gotten a kick out of this aspect of the web: independent publishers and bloggers linking to each other. These analytics will be missed.

As a privacy-conscious internet user, I recognize that small bits of information can be pretty damning as far as a user’s privacy goes. I understand and empathize with these changes. Anything that prevents leakages across different origins sounds like a good idea.

Perhaps this highlights the need for an IndieWeb or peer-to-peer small tech. And, I hope these projects will mature with time. 🤞

For now, maybe I’ll stop watching my analytics feed so much, and that might be better for my mental health too.


Comment via email.