Privacy threat in default whitelist?

[rlow0]

The default whitelist (http://meh.schizofreni.co/smart-referer/whitelist.txt) contains many strange looking domains composed of random words. As far as I can tell, these appear to be ad servers. I'm surprised because I imagine people want to use smart-referer to protect their privacy, and sending referer headers to ad servers does the exact opposite. Can you tell me why these servers are whitelisted by default? Thanks

[meh]

You can check the whitelist with comments for their reason here, and check the commit history for more info.

[ntninja]

I just completed a quick survey of all of our current whitelist entries and removed several that do not appear to be used anymore – including the mentioned ad server domains. It should be noted however that the point of the default whitelist is to minimize the impact of this extension on everyday web surfing for our users while still providing the maximum referer privacy possible under these circumstances. As such trade-offs have to be made.

Also please remember that the contents of the Smart Referer whitelist are completely irrelevant if your browser never attempts to establish a connection to the given server in the first place. In particular I expect most of our users to simply use an ad blocker for preventing connections to ad servers and only disable that if they really have to. We do not want to get in their way in that case.

We do try to keep the whitelist as small as possible through.

[grenzor]

Could the whitelist be hosted and grabbed from Github since it supports HTTPS?