Persona

As you visit websites, you are leaving "footprints" that can identify your organization, and leak details about your search methods. 
You should understand the strengths and weaknesses of your internet persona before you surf the net.

Russ Portrait

Persona Testers- These websites provide real-time feedback about your persona.  The first link in each row takes you directly from my webpage to the persona testing web page.  The second link (via Bing) takes you to a Bing search, where you should click on the first hit to arrive at the persona testing page. Test your persona at work, home, and cell phone. Test your cell phone with wifi (= home_network provider) and without wifi (= cellular provider)

Consider the Following Diagram:

An researcher is surfing the Internet.  This computer has connection  persona such as:

The researcher is looking at a webpage (URL1) and clicks on a link which leads to another webpage (URL2).  With that click, some of your persona details is trnasmited to the webmaster of  URL2:
  1. Remote Host: This is the persona of your machine or the gateway your requests pass through.  The web server MUST have this information in order to send the requested web page back to you.
  2. Http Referrer: This is the address of the  web page you were previously viewing (URL1) 
Another concern...
A researcher is online and surfing the Internet. The researcher enters some "search terms" into a search_tool.  The researcher then visits the sites listed in the search tool's "hits".   Look at the following diagram to see what has just happened:


Thick Red Lines:  The Webmaster at searchtool.com knows your “search terms” and persona.  For any search tool that you use, what do you know about the organization (and webmaster) who runs that specific search tool? examples: Google trends Aolstalker,

Double Blue Lines: There is now a very good chance that the webmaster of target.com also knows what search terms you have used to reach them.  How is this possible? Searchtool.com creates a search results page for you which may have a URL such as:

If your browser transmits http_referrer, the webmaster of target.com will now know exactly what search terms you used to find his site.  In fact, the URL of the search results page often contains all the additional parameters you used to construct your search query.  The target webmaster can easily re-create the exact same search results page that appeared on your screen.  It's as if the target webmaster has walked into your secure office, and is looking over your shoulder at your screen.  

Here are some example referral URL's taken from my own website statistics.  Click on them to see the search results that visitors used to find my site:

http://www.google.com/search?hl=en&q=isp+backbone+maps  ,
http://search.yahoo.com/bin/search?p=russ+haynal ,

Some referral URL's are simply links from public web pages:

http://en.wikipedia.org/wiki/Internet_backbone
http://www.theshulers.com/whitepapers/internet_whitepaper/

You must also be careful on how you name the web pages in your Intranet.  Here are examples of intranet pages that linked towards my site:

  1. http://doc.uunet.ca:2001/tutorial/ispinfo.html (you can tell why they link to me)
  2. http://www.oen.siemens.de/projects2/p203/pub/links.html (notice the "non-revealing" URL = good OPSEC)
  3. http://insidefs.mcln.federal.unisys.com/misc/links/main.htm .
A Manual way to suppress http_referrer...
Is there a way to avoid passing the referrer information along when selecting a web page link?    YES -  Here are some relatively convenient methods:
  1. Right-click on the link and select "copy link location"   This will place the link's URL into the clipboard. Now you can paste the URL  into the browser's location area, and hit enter on the keyboard. 
  2. Right-click on the link and select "add bookmark"   Now you can select the link from the bookmark listing.
  3. I've also noticed that a referring URL does not seem to be passed along when the referring web page is based on your computer. You may want to take the web page, and "save as" to your hard disk.  In the process, you can also rename the page to something generic like: "page.html"  This should succeed in hiding the Referring URL, or at least give it a less obvious address like:   file:///C|/temp/page.htm
  4. Important Note: These three previous tips work ONLY if the URL is "direct" to the web site.  Be on the lookout for URLs that are "Hijacked".  In other words, the search result links take you back to the search tool, and then forwards you to the real destination. (Google does this)

To Automatically suppress http_referrer...

  1. Your local firewall may offer this option. Norton security Suite is supposed to offer this feature, as does Zone Alarm Pro (from Zonelabs)  Directions for Zone Alarm Pro: Open up Zone Alarm --> Click on "privacy" in the left column --> Click on the "Main" tab along the top -->  In the "cookies" section click on "custom" --> in the "3rd Party cookies" section check box "Remove Private Header Information"
  2. In Firefox, you can alter your browser using the following steps:
    - in the browser's address bar, type:  about:config
    - Scroll down to the line called: network.http.sendRefererHeader
    - Right-click on the line and select "modify"
    - Change the "2" to a "0" (zero) and then click OK.

A note about Google's Cached search links.... See this page: Google Cached Issues,

See also my connection persona page.


Russ Haynal -  Internet Instructor and Speaker

Contact me at 703-729-1757 or  Russ 'at' navigators.com  
If you use email, put "internet training" in the subject of the email.
Copyright ©  Information Navigators