A vtuber got to know about this site because of Youtube stats. In other words people automatically know when they get linked from this place! This is BAD and must be avoided!
A few solutions I can think of:
Add a site-wide Referrer-Policy: same-origin header. This will make modern browsers not send the referrer when we click a link in the forums and people won’t know we linked to them.
Add a rel="noreferrer" to all links in the website
Use an anonymizer website for links
Make links non-clickable altogether and forcing people to copypaste links in their browser to open them (most reliable but also most bothersome)
I’d use 1 or 4 myself but all should work.
I will avoid using links in this forum until this is fixed and I’d advise others to do the same, this could seriously creep some people out. I hope you take this as constructive criticism and as a way to improve the website. Thank you.
I’ve seen a few youtubers mention the forums showing up in their stats recently so I guess I’ll use this when sharing links until it’s fixed.
Honestly, I didn’t think this would be an issue since the new forum url is not as obvious as the old one and you must register in order to view it, but if >20% of my traffic would come from one forum I’d definitely be curious about what’s there as well.
Yeah, some people aren’t bothered by it but some others might be creeped out by it if they decide to look it up so I think it should be fixed. For now also opening links could be done by doing Right click -> Copy link address and then pasting it into a new tab. That way the referrer doesn’t get sent.
We had something like this for a while on the old site. It seems that discourse doesn’t have any way to trivially change any of those other than number 4, but even then it seems that old posts still retain their links. We’d also have to remove the ability to embed videos in pages.
Personally I don’t think we should be so afraid of being found out. Let people find the forums and then be nice to them so that they know we’re not so scary. I’m interested in what others have to say too though.
I don’t see a scenario where many women take kindly to knowing that this place exist and it’s where a lot of traffic is coming from so I get the concern. But if it can’t be stopped without removing something like embedded videos, then we’ll just have to deal with it
There’s no need to change anything in Discourse to apply number 1, that is done in the web server’s (nginx in this case) configuration. In fact it seems you are already sending a Referrer-Policy header:
Changing it to same-originshould fix the issue in most, if not all, cases.
Regarding embedding, I always prefer to open things in a new tab so I wouldn’t mind it getting removed.
how/where are you hosting this site? if it’s a conventional vps or shared hosting (godaddy, etc.) you just edit nginx’s config file for the bfforums site and add the line
add_header Referrer-Policy: 'no-referrer'
(or change it if it already is set to something else). If you don’t know how to do it I could do it for you, but I know I’m new so you probably wouldn’t trust me with the keys to your host. i could also just walk you through it in DMs or something. i agree with douteiful that this is important to fix.
edit: by the way, I think the “add rel="noreferrer" to all links” option should be achievable by modifying discourse’s theme, so that’s a (somewhat annoying but still feasible) option if you don’t have access to nginx config.
any updates to this? i’m also very bothered about youtubers being able to see so much traffic coming from this website, and believe it would be better for all of us if you disable referrer sending
While you wait for a resolution from above, perhaps start a political/cultural campaign to encourage us to only add links as text. That way, I and others would have to enter them as unassociated requests in the address bar of the browser.
Well in the mean time if any of you are using firefox you can prevent your browser from leaking the link source in the following way:
Type about:config into your address bar
If it gives you a scary warning just click through. As long as you don’t go rooting around in other settings you won’t break anything.
At the top of the page there will be a search bar thing. Use it to find the network.http.referer.XOriginPolicy preference.
Set the value to 1 (it should be 0 by default). Here is the relevant documentation, if you want to see what this and other similar settings do. This one makes it so that the referrer header is only set if the “origin” (aka the domain name) of the target link is the same as the site you’re currently on. I would recommend this instead of completely disabling this functionality, because it’s less likely to break other websites. If you do run into some website not loading correctly you can always revert the setting.
Note that I don’t believe this does anything for embedded videos. I can look into a mitigation at some point, but honestly even this is probably pointless since most people won’t read this post and even fewer will do it. Still, I think it’s worth mentioning.
Idk much tech stuff but a good solution I seen was just hyperlinking YouTube then pasting the video ID separately. But barely anyone on here is doing it
