Exploring the Ecosystem of Referrer-Anonymizing Services

  • Nick Nikiforakis
  • Steven Van Acker
  • Frank Piessens
  • Wouter Joosen
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7384)


The constant expansion of the World Wide Web allows users to enjoy a wide range of products and services delivered directly to their browsers. At the same time however, this expansion of functionality is usually coupled with more ways of attacking a user’s security and privacy. In this arms race, certain web-services present themselves as privacy-preserving or privacy-enhancing. One type of such services is a Referrer-Anonymizing Service (RAS), a service which relays users from a source site to a destination site while scrubbing the contents of the referrer header from user requests.

In this paper, we investigate the ecosystem of RASs and how they interact with web-site administrators and visiting users. We discuss their workings, what happens behind the scenes and how top Internet sites react to traffic relayed through such services. In addition, we present user statistics from our own Referrer-Anonymizing Service and show the leakage of private information by others towards advertising agencies as well as towards ‘curious’ RAS owners.


referrer anonymization online ecosystem 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Aggrawal, G., Bursztein, E., Jackson, C., Boneh, D.: An analysis of private browsing modes in modern browsers. In: Proc. of 19th Usenix Security Symposium (2010)Google Scholar
  3. 3.
  4. 4.
    Barth, A.: The Web Origin Concept,
  5. 5.
    Barth, A., Jackson, C., Mitchell, J.C.: Robust defenses for cross-site request forgery. To appear at the 15th ACM Conference on Computer and Communications Security, CCS 2008 (2008)Google Scholar
  6. 6.
    Beverloo, P.: List of Chromium Command Line Switches, –no-referrers,
  7. 7.
    Bowen, B.M., Hershkop, S., Keromytis, A.D., Stolfo, S.J.: Baiting Inside Attackers Using Decoy Documents. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 51–70. Springer, Heidelberg (2009), CrossRefGoogle Scholar
  8. 8.
    Chu, Z., Wang, H.: An investigation of hotlinking and its countermeasures. Computer Communications 34, 577–590 (2011)CrossRefGoogle Scholar
  9. 9.
    Clayton, R.C., Murdoch, S.J., Watson, R.N.M.: Ignoring the Great Firewall of China. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 20–35. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    P. Developers. Privoxy,
  11. 11.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. In: Proceedings of the 13th USENIX Security Symposium (2004)Google Scholar
  12. 12.
    ebricca. refspoof Firefox extension,
  13. 13.
    Eckersley, P.: How Unique Is Your Web Browser? In: Atallah, M.J., Hopper, N.J. (eds.) PETS 2010. LNCS, vol. 6205, pp. 1–18. Springer, Heidelberg (2010), CrossRefGoogle Scholar
  14. 14.
    Recent referer xss vulnerabilities,
  15. 15.
    Fioravanti, M.: Client fingerprinting via analysis of browser scripting environment. Technical report (2010)Google Scholar
  16. 16.
    I2P Anonymous Network,
  17. 17.
    ietf-http-wg mailinglist. Re: Referer (sic) from Phillip M. Hallam-Baker (March 09, 1995),
  18. 18.
    MozillaZine. Network.http.sendRefererHeader - MozillaZine Knowledge Base,
  19. 19.
    Murphey, L.: Secure session management: Preventing security voids in web applications (2005)Google Scholar
  20. 20.
    Nikiforakis, N., Balduzzi, M., Van Acker, S., Joosen, W., Balzarotti, D.: Exposing the lack of privacy in file hosting services. In: Proceedings of the 4th USENIX Conference on Large-Scale Exploits and Emergent Threats, LEET 2011. USENIX Association, Berkeley (2011)Google Scholar
  21. 21.
    Opera. Disabling referrer logging - Opera Knowledge Base,
  22. 22.
    Provos, N.: A virtual honeypot framework. In: Proceedings of the 13th Conference on USENIX Security Symposium, SSYM 2004, vol. 13, pp. 1–1. USENIX Association, Berkeley (2004)Google Scholar
  23. 23.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1, 66–92 (1998)CrossRefGoogle Scholar
  24. 24.
    RFC 2616 - Hypertext Transfer ProtocolGoogle Scholar
  25. 25.
    Tor Project: Anonymity Online,
  26. 26.
  27. 27.
  28. 28.
    Wondracek, G., Holz, T., Platzer, C., Kirda, E., Kruegel, C.: Is the internet for porn? an insight into the online adult industry. In: Proceedings of the Ninth Workshop on the Economics of Information Security, WEIS (2010)Google Scholar
  29. 29.
    Yuill, J., Zappe, M., Denning, D., Feer, F.: Honeyfiles: deceptive files for intrusion detection. In: Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, pp. 116–122 (June 2004)Google Scholar
  30. 30.
    Zeller, W., Felten, E.W.: Cross-site request forgeries: Exploitation and prevention. Technical report (2008)Google Scholar
  31. 31.
    Zhou, Y., Evans, D.: Why Aren’t HTTP-only Cookies More Widely Deployed? In: Proceedings of 4th Web 2.0 Security and Privacy Workshop (W2SP 2010) (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Nick Nikiforakis
    • 1
  • Steven Van Acker
    • 1
  • Frank Piessens
    • 1
  • Wouter Joosen
    • 1
  1. 1.IBBT-DistriNetKU LeuvenLeuvenBelgium

Personalised recommendations