The assumption is that secure pages are secure for a reason, and that the author of a secure page is linking to other secure pages and has some basis of trust by which the link is provided.
Example.com is the third party. (Example.org and a human user being the first two parties.)
Let me rephrase my question: why the default assumption that example.com is trusted not to misuse referrer information merely because example.org provides a link and the human user follows that link?
Example.com is the third party. (Example.org and a human user being the first two parties.)
I disagree. When you click a link on a page that you retrieved from example.org, one that leads to example.com, there is no communication between you and example.org, nor between example.com and example.org. The communication that takes place is between you (party 1, the initiator of the conversation) and example.com (party 2, the target). The HTTP request mentions example.org, but being a third party, it does not participate in it directly.
The only conversation in which example.org was a party was the one in which you requested the page that contained a link to example.com, which has already finished.
In that light, it seems strange to me that under HTML5 (assuming I understand the article correctly), example.org is given a mechanism to dictate how much information you give to example.com. Should that not be your choice, as the sender of said information?
2) Page from Site A suggests what should be sent in the referrer via the meta referrer
3) User clicks on link from Site A to Site B
4) User's browser requests page from Site B (referrer is set by either user's overriding option or the meta referrer from Site A)
So indeed, at no point does Site A speak to Site B directly. The meta referrer simply asks the user to either send or not send the referrer. If the meta referrer is not present or not supported, it falls back to default HTTP Referrer behaviour.
As the user, you can override this behaviour and force the referrer to do whatever you'd like. This includes refusing to send it, always sending it, or spoofing it. Firefox for example allows you to set network.http.sendRefererHeader and there are various browser extensions for any popular browser that will allow for finer grained referrer control.
Because the source site linked to it directly. That is the basis for trust.
If the destination is untrusted, then the source can just anonymise the redirect by sending it through a point that won't reveal the precise source. This is how services like http://anonym.to/en.html work.
1. Follow link from https://example.org to http://example.com --- can be read by a third party if referrer were added
2. Follow link from https://example.org to https://example.com --- cannot be read by a third party so referrer can be added
The assumption is that secure pages are secure for a reason, and that the author of a secure page is linking to other secure pages and has some basis of trust by which the link is provided.