> On Sat, Jul 05, 2003 at 02:15:33AM -0400, Nick Tarleton wrote: > > I don't think Toesland's stupid and he's obviously working his ass off for > > this thing but that's pretty stupid(he's actually blaming a web browser for > > shitty Freenet behavior!), Freenet should be made to work with *no browser > > cache* that's a pretty fucking basic concept for software made to run in > > hostile environments. > Don't all browsers support in-memory caching these days?
As far as I understand it then freenet content isn't cached in the browser (or at least fred asks the browser to not do it).. Images from fred (those aqua images) might be cached though but I wouldn't really say that they are anonymity threatening. Could we get an explanation for this? > > cookie*, actually not just a cookie but nice fucking known static > So disable cookies and set the default mode in your conf/ini. It's > true there are plenty of cookie reading exploits for browsers, but > there are plenty of everything exploits for browsers, and the only > thing the cookie could reveal is that you have at some time used > freenet. 'defaultToSimpleUIMode' is the name of the param. The cookie is optional unless you are using a publicNode (in which case it will not be set until you switch to another mode than the default mode selected by the node operator). The cookie doesn't contain any hazardous information. The only thing it can disclose is the location of a freenet node and there are many easier ways to accomplish that than to use cookie exploits. Hopefully the most paranoid people wont run publicNode:s and then even the modeswitching doesn't use a cookie unless you explicitly ask it to 'Save current mode'. Most browsers has pretty good rules for when to accept and when to not accept cookies, use them > > This is not something that just occured to me, the Internet Explorer thing has > > always pissed me off as a Freenet user. They have consistently been pretty > > non-chalant about plugging Freenet security holes, but this cookie and log > non-chalant? I think they've been plenty "chalant", I don't know what > IE thing he's talking about but IE is a lost cause, anonymity-wise. We aren't really into the business of pluggin IE holes. That is Microsofts job, complain to them. We warn the users appropriately the first time they use IE. If you can describe the exact nature of some of the holes (and prefferably the code needed to be added to prevent the exploits) we might be doing something against them eventhough though.. >or blocking Internet Explorer. We dont shove browsers down the throat of users. If they want to use this browser then it is their decision.. >- Browser cache contains Freenet content you've requested, this is a weakness >of using Web browsers as the Freenet interface and it doesn't help when the >software and it's developers encourage using a browser cache instead of >saying "turn it off" Not freenet content, we are talking fred content and fred content shouldn't be illegal anywhere. If it where then the developers would probably be in deep shit. >I've requested on the network, perhaps this is a >new experiment to help law enforcement more easily determine what you've been >doing with Freenet, part of it's new "user friendliness". I cannot see how this makes something more userfriendly. Please explain. >- Freenet sets a static cookie with a known path&content. It's beyond me why >they would add this unnessesary exploitable "feature" As said above, it is only an option. /N _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
