Hacker News new | past | comments | ask | show | jobs | submit login

> But any webmaster's power ends at the limits of their site.

I guess that's it. User's rights are above webmaster's right. If you don't like them you can start disallowing search engines in your robots.txt or blocking users by referrer.




But search engines shouldn't block referrer by default. Majority of users don't care about telling web masters what they were searching for. So search engines should only let users who do care about privacy to block referrer, block it by default is a poor choice (unless you are DDG and privacy is your differentiator)


It's not Google or the search engines blocking the Referer, it is the browser. From RFC2616:

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.


I would actually really like for my search engine referrer headers to be blocked, even without the privacy concerns, for one simple reason: some web sites highlight the search terms they find in search engine referrer headers. That annoys the crap out of me, and I usually end up either closing the tab or going to the URL bar and adding and deleting a space in there, then reloading the page without referrer headers.

Web developers: please, please don't highlight search terms. What the hell is the point of that? Oh well; I guess it's soon to become moot.


Not only that, but sites like ExpertExchange abuse the referrer header. Since EE uses the referrer to build the content (or at least it's part of the process), can this be a problem to their business?


Honest question: Is adding and deleting a space necessary? I think it is sufficient in all browsers just to focus the address bar and press Enter.


the same reason google do it?

http://www.google.com/search?hl=en&q=terms

people dont like reading stuff, when the search they scan for the relevant content.


It's only blocked if you use https search, not if you use http. Most users don't use https and there doesn't seem to be any evidence that Google is going to redirect http://www.google.com to https, so they seem to be doing what you suggest already.

On the https side, not passing the referrer is the correct behavior, and to do differently would break a great number of RFCs in all likelihood, as well as be unexpected/insecure behavior in an environment where the user has explicitly requested security. User preference trumps webmaster convenience, always.


I'm presuming you don't have any reliable research to back up what "the users" care about in regards to their privacy. (Sounds a bit close to a politician talking about what Americans want, too.)

Its doubtful that most even realize.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: