[derekp7]

A more evil version of this is detecting which news aggregator sent you there, then making that clickbait page look like the source aggregator. I've seen this with the news feed from Chrome on Android, clicking on a store then going back I thought I was back on the news feed but the stories just didn't look right.

[Zuiii]

This could totally be used for phishing, right? Open a link in gmail -> go to nasty site -> press back and see google login page that's actually still the nasty site. Browsers should prevent cross origin sites from seeing where the visitor came from (i.e. clear referrer).

Also, why doesn't the back button disable any automatic (non-user initiated) redirects on pages loaded that way? Seems like an obvious fix to the history loops we keep seeing.

[sroussey]

Websites have a lot of control over referrer headers these days.

Often, news aggregators add to urls so the site knows where it came from, or it’s using a feed that already has that.

Now, that said, in an email, you can send links that encode that it’s coming from email, but you would get caught by the non-gmail using people suddenly seeing fake gmail.

[Zuiii]

The pessimist in me says that most will probably try to log in anyway.