Matthew Toseland skrev: > On Saturday 20 June 2009 13:52:10 Zero3 wrote: >> Matthew Toseland skrev: >> >>>>>>>>>> Very annoying to be asked to install a second >>>>>>>>>> browser. In this case, a third (using FF with IE as backup. And user >>>>>>>>>> is >>>>>>>>>> asked not to use IE). More FUD about history leaks. >>>>>>>>> FUD stands for Fear, Uncertainty and Doubt. Unfortunately, the >>>>>>>>> warnings about browser history stealing are factually true. Perhaps >>>>>>>>> there is an argument for not naming such attacks if this intimidates >>>>>>>>> people? Is the problem with IE important? There are possibilities for >>>>>>>>> working around it, there has never been much enthusiasm for >>>>>>>>> implementing them (even from ian who tends to be usability oriented). >>>>>>>> Exactly. The user is fears the consequences of history leaks and is >>>>>>>> uncertain what he ought to do, and thereby doubts his security and >>>>>>>> privacy using Freenet. >>>>>>> He knows what he needs to do - use a separate browser. Don't we make >>>>>>> that clear? It may be annoying but it is clear, no? >>>>>> It is indeed very clear, but as you say, also damn annoying. If >>>>>> possible, I think we should avoid annoying the user. >>>>> Well, any suggestions you may have... afaics the best option on windows >>>>> is to run Chrome in incognito mode, and tell the wizard not to show the >>>>> warning. But in that case we need to warn the user if they ever use >>>>> another browser - and we can't tell the difference between Chrome in >>>>> incognito mode and Chrome not in incognito mode, so I think we should >>>>> display the warning anyway, we just need to rewrite it a bit for the case >>>>> where we are using Chrome in incognito mode: >>>>> >>>>> "You must always use a browser with incognito mode for Freenet! >>>>> >>>>> You are currently using Freenet through Chrome in incognito mode. This >>>>> should be safe. You should always access Freenet using Chrome in >>>>> incognito mode, or through a browser you do not using for normal web >>>>> browsing. The Browse Freenet link on the start menu should use Chrome in >>>>> incognito mode, and so should be safe. Most browsers will work well with >>>>> Freenet, except for Internet Explorer. >>>>> >>>>> Click here to continue." >>>>> >>>>> ??? >>>> I don't think we should display a warning when the user is browsing in >>>> incognito mode. When the user is not (or we don't know for sure), we >>>> could do it. >>> How could we ever know for sure? If the user opens Freenet using the link >>> and then starts browsing it using regular Chrome, there is no way to detect >>> this, for example. >> On top of my head: Let the launcher load >> http://127.0.0.1:8888/?incognito=true. Fproxy should remember this via a >> session cookie (that gets deleted when the user exits his browser, >> obviously), and redirect to http://127.0.0.1:8888/. That should prevent >> obvious copy+paste/bookmarks that could be opened in non-incognito mode >> later on. > > Does incognito mode interfere with cookies?
New cookies should be kept for the incognito session, and then deleted (so even if we made them permanent, they would be deleted automatically). Google does it this way, at least: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95464 - Zero3 _______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
