Am Dienstag, 18. Dezember 2012, 13:26:20 schrieb Matthew Toseland: > > I don’t think that this is strictly necessary. If your friend runs a > > corrupted build, you have a problem anyway. Another layer of security > > might be nice, anyway, though: Don’t make it too easy for people to > > infiltrate freenet… > The problem is you can make your corrupt version spread "virally" as people > are invited each time distributing your bogus installer, and get a > significant number of corrupted nodes.
That’s what I meant with not making it too easy :) > > And we can provide the sha1 hash of the files along with IP:Port:password, > > so GNU/Linux users can easily check for manipulations. > > We could, although it'd be more work for the user. It would be additional *optional* work. Those who care could check the hashes. > > In that case, the QR-code would simply save the typing of the text from a > > custom business-card. > > Is that really an improvement in practice? I don’t know, and I would not focus too much on QR-codes. They are optional maybe-nice-to-haves. > > Also people running freenet might not want to use their email address to > > send the data: don’t leave a data trail between the two people (which is > > too easy to follow). > > You should only add darknet friends if you don't care about there being a > trail between them. You should connect to people that you know. This is the > same as "people the bad guys already know are connected to you from your > phone records etc". The question is which trail. E-Mails are open to global surveillance. Connections not necessarily (they are much more work to track all the time). > > One more option: Only provide your FOAF connections, NOT your own IP. > > Huh? The usecase of only giving the FOASs would be, that you don’t want to leave the trail that you met that other person personally. You give him a freenet-card and he can get freenet and connect to some people. There will only be a second-level connection between them and you, though. And in case we get connections over tor running, the connection might not actually be traceable easily. > Your friends do not have to be perfectly trustworthy Jepp. Rules for friends: * Don’t crack your freenet * Don’t let someone else tamper with your computer without warning me first. Best wishes, Arne -- Konstruktive Kritik: - http://draketo.de/licht/krude-ideen/konstruktive-kritik
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
