Do referer checking before adding interests
Short, concise description of the idea
Check the HTTP "Referer" header when adding an interest. This will prevent people from creating links which automatically add an interest to your profile.
Full description of the idea
Check the HTTP Referer header when someone goes to a page to add an interest (for example: http://www.livejournal.com/interests.bml?mode=add&intid=439744) to ensure that the referer is /interests.bml, or a blank referer. This will prevent people from having interests added to their profile without their knowledge just by clicking on a link, as there is currently no confirmation when an ?mode=add interests link is followed.
- More security for interests
- More user trust that they can follow links without having to worry about unexpected side effects
An ordered list of problems/issues involved
- Some browsers/proxies disable or turn off the HTTP referer header
- Will require additional coding/checking for the existence of the header
An organized list, or a few short paragraphs detailing suggestions for implementation
- Begin checking the HTTP Referer header when ?mode=add is used on interest.bml for a value of either "interest.bml" or a blank value. This will prevent most "spoofs."
- The above, or simply add a confirmation screen so that the user can confirm that they want to add the interest of 'wild goats' or whatever the interest in question is.