incrediBILL - 8:11 pm on Oct 10, 2010 (gmt 0)

Since it's easy, it is entirely reasonable that search engines offer the option to hide referrer data.

That still doesn't give you privacy on the rest of the internet. Trying to pass the blame to individual websites when the entire internet does the same thing is silly. The genie is out of the bottle so the only way to universally fix the problem is to put the simple privacy option back in the hands of the users, and not waste time tilting at search engines or Google bashing just because it's popular.

Directories pass a lots of information as well because of the explicit URLs, regardless of using GET or POST, such as this link from DMOZ:
http://www.dmoz.org/Society/Gay%2C_Lesbian%2C_and_Bisexual/Gay_Men/Family_and_Relationships/Personal_Pages/

Directories also have search so clicking any link from most directories after a search will reveal your private search terms, even on DMOZ, BOTW, BUSINESS.COM, thousands more:

http://search.botw.org/search?q=kinky+widgets
http://www.business.com/search/rslt_default.asp?vt=all&type=web&query=kinky+widgets

So on and so forth...

Maybe some sites use POST, my directory uses POST, but it still doesn't matter if you clicked through from a page with an explicit URL describing the content as the above example provided.

Even popular blog software like WORDPRESS shows the query in the URL, and there are hundreds of thousands of WORDPRESS blogs out there that will expose your search terms.

Why is it so hard to get across that the query string privacy issue is so large that the simple solution exists SOLELY in the browser?

Railing against all the sites that are sources of this so-called "privacy issue" is a silly waste of time. Sure you'll get Google or Bing to cave to pressure while thousands, maybe tens of thousands, maybe even millions of sites will continue to gleefully violate your privacy. Of course that won't matter because big bad Google will have solved their problem and now, without a real solution, everyone will happily bury their heads in the sand with the privacy issue (NOT!) solved.

The REAL QUESTION that people should be asking, and demanding an easy-to-access solution for, is why don't most BROWSERS give any easy way to disable it from passing the referrer?

When all the browsers have a simple checkbox to disable HTTP_REFER, only then do you have a real privacy solution to this particular problem.

Simplest solution, universal privacy, done.

there has never been any real demand for referrer blocking even among the people who know about it.

That's because they haven't seen what can be done with it yet and have no clue how much data those 3rd party universal tracking cookies from ad agencies can learn about an individual.

You can learn a lot from ANY referrer, not just ones with search terms, as I pointed out above.