zlacker

>>6a74+(OP)
I noticed the URL was updated for this post. Previously it linked to asahilinux.org which showed an anti-HN manifesto from the HN referral. Curious as I haven’t seen this before. Seems it has been covered by previous commenters: >>36227103

>>hentre+WV
How can the site even detect where a user is coming from? Browsers leaking this information seems like a huge privacy issue to me.

>>ginko+2X
Referer (misspelled in the spec) has been a part of HTTP from day 1.

>>robin_+fX
Feels crazy this isn’t disabled by default

>>ginko+0Y
See[1] the Referrer-Policy header, <meta name="referrer">, <a referrerpolicy> and <a rel="noreferrer">.

But generally, webmasters have found it useful to know who caused their server to fall over^W^W^W^W^W^W is linking to their pages. This was even used as a predecessor to pingbacks once upon a time, but turned out to be too spammable (yes, even more so than pingbacks).

After the HN operators started adding rel=noreferrer to links to the Asahi Linux website, Marcan responded[2] by excluding anyone who has the HN submit form in their browser history, which feels like a legitimate attack on the browser’s security model—I don’t know how it’d be possible to do that. (Cross-origin isolation is supposed to prevent cross-site tracking of this exact kind, and concerns about such privacy violations are why SRI has not been turned into a caching mechanism along the lines of Want-Content-Digest, and so on and so forth.) ETA: This is no longer in place, it seems.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...

[2] https://social.treehouse.systems/@marcan/110503331622393719