As you visit websites, you are leaving "footprints"
that can identify your organization, and leak details about your search
You should understand the strengths and weaknesses of your
internet persona before you surf the net.
Persona Testers- These websites provide real-time feedback about your
persona. The first link in each row takes you directly from my webpage to the persona
testing web page. The second link (via Bing) takes you to a Bing
search, where you should click on the first hit to arrive at the persona testing page.
Test your persona at work, home, and cell phone. Test your cell phone with wifi
(= home_network provider) and without wifi (= cellular provider)
Consider the Following Diagram:
An researcher is surfing the Internet. This computer has
connection persona such as:
The researcher is looking at a webpage (URL1) and clicks on a link which
leads to another webpage (URL2). With that click, some
of your persona details is trnasmited to the webmaster of
- The employer's firewall: agency.gov, base.branch.mil,
- The researcher's home connection: town.state.isp.com (note that most ISP's name your persona to include a geographic indication)
- Remote Host: This is the persona of your machine or the gateway your
requests pass through. The web server MUST have this information in
order to send the requested web page back to you.
- Http Referrer: This is the address of the web page you were
previously viewing (URL1)
A researcher is online and surfing the Internet. The researcher enters some
"search terms" into a search_tool. The researcher then visits the sites
listed in the search tool's "hits". Look at the following diagram
to see what has just happened:
Thick Red Lines: The Webmaster at searchtool.com knows your “search
terms” and persona. For any search tool that you use, what do you know
about the organization (and webmaster) who runs that specific search tool?
examples: Google trends,
Double Blue Lines: There is now a very good chance that the webmaster
of target.com also knows what search terms you have used to reach them.
How is this possible? Searchtool.com creates a search results page for you which may have a URL such as:
If your browser transmits http_referrer, the webmaster of target.com will now know
exactly what search terms you used to find his site. In fact,
the URL of the search results page often contains all the additional parameters
you used to construct your search query. The target webmaster
easily re-create the
exact same search results page that appeared on your screen. It's
as if the target webmaster has walked into your secure office, and is looking
over your shoulder at your screen.
Here are some example referral URL's taken from my own website statistics.
Click on them to see the search results that visitors used to find my site:
Some referral URL's are simply links from public web pages:
You must also be careful on how you name the web pages in your Intranet.
Here are examples of intranet pages that linked towards my site:
A Manual way to suppress http_referrer...
(you can tell why they link to me)
(notice the "non-revealing" URL = good OPSEC)
Is there a way to avoid passing the referrer information along when selecting
a web page link? YES - Here are some relatively convenient
- Right-click on the link and select "copy link location" This will place
the link's URL into the clipboard. Now you can paste the URL into the
browser's location area, and hit enter on the keyboard.
- Right-click on the link and select "add bookmark" Now you
can select the link from the bookmark listing.
- I've also noticed that a referring URL does not seem to be passed along
when the referring web page is based on your computer. You may want to take
the web page, and "save as" to your hard disk. In the process, you
can also rename the page to something generic like: "page.html" This
should succeed in hiding the Referring URL, or at least give it a less obvious
address like: file:///C|/temp/page.htm
- Important Note: These three previous tips work ONLY if the URL is "direct" to the
web site. Be on the lookout for URLs that are "Hijacked".
In other words, the search result links take you back to the search tool, and then
forwards you to the real destination. (Google does this)
To Automatically suppress http_referrer...
- Your local firewall may offer this option. Norton security Suite is
supposed to offer this feature, as does Zone Alarm Pro (from
Zonelabs) Directions for Zone
Alarm Pro: Open up Zone Alarm --> Click on "privacy" in the left column --> Click
on the "Main" tab along the top --> In the "cookies" section click on
"custom" --> in the "3rd Party cookies" section check box "Remove Private
- In Firefox, you can alter your browser using the following
- in the browser's address bar, type: about:config
- Scroll down to the line called: network.http.sendRefererHeader
- Right-click on the line and select "modify"
- Change the "2" to a "0" (zero) and then click OK.
A note about Google's Cached search links.... See this
page: Google Cached
See also my
connection persona page.
Contact me at 703-729-1757 or Russ
If you use email, put "internet training" in the subject of the
Copyright © Information Navigators