Mostly Harmless

Mostly about my amusement

Menu Close

Tag: data leakage

Tin Foil Hat Gravatars

Sometimes I do overthink things. I wrote a plugin to protect Gravatar image URLs.

Read more

Get Your Tin Foil Hats Right Here!

Update: Sometimes I DO over think a problem and a solution. Which is odd because SSL is also one of my (supposedly!) strong points. Skip to the comments below for something that Andrew Nacin pointed out. 😀

——————————–

Part of my professional life is to think about topics like data leakage. That’s when you do something and, without realizing it, you transmit information that you hadn’t intended to.

For example, my company may have an internal web page with this URL:

And on that page is a link to a NY Times DealBook blog posting as a reference. One of the readers in my company clicks on that link without hesitation. Why wouldn’t they click? That’s what the link is there for.

When Dealbook processes their web access logs, they’ll see a URL as the HTTP referer (I’m spelling it correctly after this) that the company or person who clicked that link may not want them to see.

How to prevent sensitive referrers from being sent from your WordPress blog?

  1. Install and configure YOURLS (svn revision 703). Get that working with a short domain, it’s easy to do.
  2. Install and activate my short Force Javascript Redirection YOURLS plugin. [download id=”1″]The useful bit is only one line.
  3. Install my WordPress Convert Links to Yourls plugin but don’t activate it yet.[download id=”3″]
  4. Modify two lines in that WordPress plugin for your  configuration. Sorry, I’m not up to making an options page (yet).
  5. Active that WordPress plugin.

And poof! the Tin Foil Hat is in place. Any links in your post content or comment text will have their links sent to your very own link shortner and the remote site will only see the short link as the referrer.

Read on to see how it works. Read more