1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lack of Interest Links in private forums

Discussion in 'Closed Suggestions' started by Spenser, Jun 20, 2011.

  1. Spenser

    Spenser Active Member


    I would really appreciate to hide links in private/hidden forums from appearing in the referer.
    In some circumstances it would be better if the link target doesn't get to know from where the visitor was coming.
    Links in public areas don't bother, they can be viewed anyway. But links in hidden areas should stay hidden.
    Ingenious likes this.
  2. Brogan

    Brogan XenForo Moderator Staff Member

    Just an FYI, but all links are no follow, except those posted by Administrators and Moderators.

    I believe there is already a suggestion to allow for no follow links to be configured for those too.
  3. Spenser

    Spenser Active Member

    It's not about "no follow", which (if I got this right) is for search engines.

    What is needed from my point of view is a de-referer for outgoing links that are used by users in private forums.

    An example: I made a thread name "Something stupid" (also could say "legal claim" or something like that). In the first post there is a link to some website.
    If I click on this link, that's what is written to target server's log about me:
    So they see that
    a) we have a non-public area
    b) we consider their website to be stupid (or: want to go to court against them or something else)
    c) the exact address of the page that contains the link

    This is not the best way to include links in private areas...
  4. Spenser

    Spenser Active Member

  5. Ryan Kent

    Ryan Kent Well-Known Member

    Basically you wish to hide the referrer URL information.

    I would make the suggestion that you do not want to do this, but you seem to know what you want.

    On a page level you can modify the PAGE_CONTAINER template. You would wrap the code in a conditional statement so only the private forums are affected.

    Your request is a very unique customization that simply would not be provided by any mainstream software.

    As a thought, if the forums are indeed private then it shouldn't matter. If the target website sees your site contains the referring page, they can't access your private forums unless you grant them access.
  6. Ingenious

    Ingenious Well-Known Member

    Spenser has a very good point actually. I never thought of that myself either, in all the years of running a forum. Maybe this would be best as a plugin?
  7. Spenser

    Spenser Active Member

    As this was included in vb, I don't think that this is so unique and thus it was included in some mainstream software.
    vb provided a de-referer for links in private forums. I don't think this would be a great deal in xenForo.
  8. Spenser

    Spenser Active Member

    BTW: why do you think that I should not want this?
  9. Ryan Kent

    Ryan Kent Well-Known Member

    Because it adds customized code to your site which does not offer you or your members any value except to increase your perceived privacy. It's a step above disabling right-click on your forum. You already said your forums were private so THAT is your privacy protection.

    If you desired to hide this information, a better approach would be rewriting it on outbound request to be the same as the HTTP_REQUEST URL. This approach offers the privacy you seek, and provides an valid response so bad server scripts which use this data will still work, and it maintains the idea that no data coming from the client should be depended upon.

    There a so many important issues with creating a website and life in general, that this item seems like an absolutely silly way to invest your time and energy. It's my personal view. You are welcome to yours.
  10. akia

    akia Well-Known Member

    I agree, this is a standard feature with VB and I'm pretty sure all the other ones as well.

    I'd have thought it would have been common sense that a private forum is private and that you don't want to go leaking thread titles to external sites.
  11. Spenser

    Spenser Active Member

    There are many forums out there that have to deal with legal problems. We get sued every now and then by people who do not like what we do (we offer information about internet related fraud and different kinds of internet related crime).
    When getting sued we have to discuss our strategy and lots of different things to get prepared. Many times we collect evidence and information by adding links to our articles. I consider it to be important to keep as much of these private until we get to court. It is not impossible to do this without links, but it's uncomfortable.

    OK, there are lots (probably most) forums out there, that don't have to care about things like referrer data in HTTP requests. But for some it is essential. Everything is "customized code" from some point of view, no matter what you do. I really don't think the integration of a de-referrer is a huge problem (especially others have it, too).

    I wish I could say it was a "nice to have", but in fact for some customers this may be an essential function.
  12. Spenser

    Spenser Active Member

    I must admit that I was a little bit suprised when I saw that this was not included in xenForo. Not a big deal in this state of development, but I think it's important to talk about such a privacy function for later releases.
  13. Mike

    Mike XenForo Developer Staff Member

    I have to admit that I'm scratching my head about saying this is included in other software as I simply haven't seen it - though maybe I've missed it. It's a fundamental element of browsers, so it's not something that software itself can just turn off.

    The issue may not be as obvious in other software if that software doesn't include anything other than a thread ID. You can turn off titles in links in XenForo, though that's probably too aggressive.

    Another way is to use SSL (https), as browsers don't send outside referrers then.

    Otherwise, the only real method is to rewrite links through an anonymizer service (which really just sends you to a particular page and shows that as the referrer). This is probably the only generally applicable way.
  14. Netsultants

    Netsultants Active Member

    Interesting, I always thought everything inside a private forum would be "private". I never considered "follow / no follow" an issue. I could definitely see how this could be beneficial. In fact, I would think the toggle would be reversed as something you could turn on if you wanted and not off.
  15. Spenser

    Spenser Active Member

    To your first point: that is partly wrong. You can't tell a browser from a forum software's point of view not to give a referrer to the link target. But you can rewrite the referrer by directing links through a de-referrer. That is - in the simplest way - a quite neutral looking web page.

    You can apply it globally, that is right. vb does it only in private forums. I think that this is done while loading the articles from the database (as it changes while moving articles). The links in the article are rewritten as they are displayed, I think.
    Instead of www.target.com they say www.myforum.com/dereferrer/www.target.com. So the target server only sees www.myforum.com/dereferrer/www.target.com in the logs.

    Doing this globally is a to hard way as normally a referrer is an important information and it belongs to the internet as it works. But in some circumstances referrers can be a danger. And this is why I am posting this.
  16. Spenser

    Spenser Active Member

    This is an issue, but the smaller one in the context.
  17. Ryan Kent

    Ryan Kent Well-Known Member

    How can this be a privacy related issue in any way?

    Follow / Nofollow is specifically a search engine metric. It's sole purpose is to determine whether you are endorsing the link's target. That tag doesn't offer any form of privacy.
  18. Spenser

    Spenser Active Member

    That depends on the search spider and whether it makes use of referrer headers.
  19. Ryan Kent

    Ryan Kent Well-Known Member

    That is not correct.

    All major search engines follow the link regardless of the "follow/nofollow" tag. The difference between search engines is whether they provide page ranking value to the linked page.
  20. Spenser

    Spenser Active Member

    When a spider follows a link and provides a referrer header to the target server, this IS a threat to privacy.
    When a spider follows a link and does not provide referrer information, this is no threat to privacy.

    What is wrong about that? There is/can be a privacy issue.

    Passing referrer information is subject to the client - in this case the spider. The client decides, what information it delivers to the target.

Share This Page