On Friday 03 July 2009 18:58:13 Matthew Toseland wrote: > On Wednesday 17 June 2009 00:51:49 Matthew Toseland wrote: > > On Tuesday 16 June 2009 21:53:09 Zero3 wrote: > > > > > > >> g) Confusion about the "automatic IP detection". Why does Freenet > > > >> needs > > > >> my address when I'm supposed to be anonymous? > > > > > > > > So Freenet uses a magical invisible protocol that doesn't involve > > > > sending any packets over the internet, doesn't require new hardware, > > > > and is completely undetectable? > > > > > > > >> What is JSTUN? What should > > > >> I do on this page? (Agreed.) > > > > > > > > The UPnP explanation is okay, right? > > > > > > > > You want a *full* explanation for JSTUN? > > > > > > > > JSTUN: > > > > Currently: > > > > "Enable automatic IP address detection via JSTUN. Uses central servers > > > > (also used by e.g. internet telephone programs) to find out your IP > > > > address. Turn off if you are concerned about this." > > > > > > > > Longer: > > > > "Enable automatic IP address detection via JSTUN. Freenet is a > > > > distributed network, therefore other Freenet nodes need to know your IP > > > > address in order to connect. Because most computers are not directly > > > > connected to the Internet but go through routers, modems and so on, and > > > > most computers' IP address changes regularly, the easiest way to > > > > determine your current IP address is to ask some central servers which > > > > are also used by Internet telephony programs. If you are worried that > > > > this might be used to identify your use of Freenet, you should turn > > > > this off, but you will need a static IP address, a direct internet > > > > connection or some other way of finding your address such as a > > > > dyndns.com address. Note that dyndns is blocked in China!" > > > > > > > > Shorter: > > > > "Enable JSTUN. Turn this off if you have a static IP address or a > > > > dyndns address." > > > > > > I don't know what the best way is. I'd personally like not having to ask > > > the user about this technical stuff. > > > > Unfortunately it has security issues for really paranoid users ... > > > > > > UPnP for IP detection should always be safe to enable? > > > > Unless the user is on an untrusted LAN or is directly connected to > > building-level NATed ethernet, as is common is eastern Europe and probably > > many other places. > > > > > > Your peers can tell you your IP address on opennet? When UPnP fails on > > > darknet, you could ask the user if he wants to enable the JSTUN plugin > > > (with a proper explanation, like your long version above.) > > > > Where would we post such an explanation? Messages on the homepage are > > supposed to be short! > > > > JSTUN does help even with opennet, but yes it probably isn't necessary - if > > we lose all our peers, we reannounce, and seednodes tell us our new IP > > address... > > > > On darknet you really need one of the two, or a static/dyndns IP address, > > or at least an online peer that hasn't changed its address... > > So do we want to disable JSTUN by default? On darknet you definitely need > either JSTUN or UPnP or a static IP address; on opennet, reannouncing may > work better if we have quick detection of a changed IP address, currently > IIRC we give it a minute or so to detect it before re-announcing ... > > We do already have a user-alert that is (supposed to be) shown when we are > unable to detect our address and we have no detection plugins, which > recommends loading them ... we should probably look at that ... > > OTOH I think the current wizard text is reasonable: > > Plugins > > Plugins are optional extensions to Freenet that enhance it in some way. Some > of them may have security issues for some users, see below. > > Enable Universal Plug and Play (UPnP). Set this if you have a router on your > local Network. Don't set it if you are directly connected to your ISP e.g. > via dial-up modem, or have untrusted people on your local network. > > Enable automatic IP address detection via JSTUN. Uses central servers (also > used by e.g. internet telephone programs) to find out your IP address. Turn > off if you are concerned about this. > Sorry, to clarify: UPnP is essential. The question is whether we should ask the user about JSTUN. Maybe we should only ask them if they set HIGH/MAX network security level?
Also, we have an alert that shows when we don't know our IP and don't have any IP detection plugins loaded. This should show in the case where we have UPnP loaded but it can't detect our IP because we are double NATed.
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
