On Thu, 10 Aug 2000, Oskar Sandberg wrote: > On Thu, 10 Aug 2000, Vesa Salento wrote: > > On Wed, 9 Aug 2000, Brandon wrote: > > > > > > > So - the proxy/servlet will have to convert all instances of > > > > 'freenet:..' > > > > in the returned text (when the MIME type is text/html) to > > > > 'http://localhost:<some-port>/..' or 'http://freenet/..' if we use an > > > > HTTP > > > > proxy. Ug-ly. > > > > > > The cgi client (FCRC) interprets relative links as links into Freenet. It > > > works well. > > > > This conversation of using browsers and http to get files from the Freenet > > is IMO somewhat questionable. This would mean at least for most of Windows > > users that they would type the key to the browser and after that I suppose > > there is no use of talking about anonymous or secure transfers. > > If the browser is being used as a front end to display the information, and is > only connecting to your own Freenet node, it has no impact on security. Since > hypertext happens to be a very good interface and the perfect decentralized > namespace, we would be idiots NOT to provide for a way for people to surf > freenet using existing hypertext browsers.
Well... you have a point there, but it didn't stop Napster from spreading although it doesn't have any fancy html ui. I understand that this might be a good idea but developers should keep in mind that since we cannot control the browser we should be cautious when implementing fancy features with it. > There are limits of course. A freenet browser would have to refuse to load > any images or other data not on freenet imbedded in a freenet document, and > warn > before following links to other non-freenet documents, since somebody could > insert links to a monitored site in order to identify people reading a > document. > Most browsers already warn when entering and leaving SHTTP, so there is no > reason Freenet can't work the same way. I don't have much knowledge about this so I accept your opinion that it is possible to make it work. > > I don't know what is the current situation but I don't much trust the IE > > and since we cannot be sure how browsers work and what kind of information > > they collect or how vulnerable they are now (or in the future) I don't > > like this thing at all. In the worst case there would be a reference to > > every file you have requested on the browsers history file and I don't > > like that kinds of things. > > There are plenty of good reasons to be paranoid in the world, but thinking > that > MS is spying on you with IE is just silly. If big evil Bill is out to get you > and you are running Windows, he might as well put in code to spy on a > dedicated > Freenet app as well. All browsers I have used allow one to turn off cache and > history if one is worried about that. Well it's not that I'm that paranoid but I thought our goal was to try to make it as anonymous etc as it's possible (without too much trouble) and because of that I wanted to raise discussion about this topic. And I know how to turn cache on/off and even how to clear it. But there are lot's of computer users who don't even understand what a cache is and they are the reason I thought this is relevant. One other reason is that there are other software (shareware/addware) which integrate as a part of browser and collect information about which pages user visits and send that information forward. This all can happen without user knowing about it and it seems that this kind of behaviour is getting more common every day. I assume they don't use that information to gain information about the particular user but statistically see what kind of things are used a lot but still there are risks there. > If you don't trust Microsoft, you shouldn't be running your life with software > who's workings they purposely keep hidden from you. This isn't question about M$ or whether I trust it or not. It's just that if we don't consider everything the whole system could become useless. And I think it's much easier to make changes now when we are developing the system compared to the later when we see that the final product isn't working. > > I'd suggest that we implement our own clients and before making any > > plugins for other softwares it is needed to discuss whether that will > > compromise the goals of this project. > > Peoples security choices are there own responsibility. The wise user of > Freenet > will use a browser it can trust (Mozilla, Galeon, Konquerer, lynx) with a safe > configuration. The unwise user should wisen up or nothing we do will be able > to > help him. Yeah.. and so why do we even bother to make this work with Windows then? IMO security should be transparent since most users aren't able to understand how the system works but still they can use it. This same applies to many other things like a television... you might not understand how it works but you can still use it. Vesa _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
