On Thu, Jun 01, 2006 at 11:58:53AM +0100, Dave Baker wrote: > On Thursday 01 June 2006 09:19, Colin Davis wrote: > > Even so, there's still the risk that any website can tell that you're running > Freenet, even if they can't tell who you're peered with. Just getting a > connection on port 8888 gives away information that Freenet is designed to > hide.
Yes, but can they? 10 units of Kudos to the first person to prove this one way or the other! > > > It's also possible to auto-randomize the fproxy port, but I don't think > > the inconvenience that causes is worth the benefit, when better > > solutions exist. > > This would help, and I'd expect the norm to be that people will find the node > homepage through a desktop shortcut or something, in which case you just > point the shortcut at the right port. It's still security through obscurity > though. Ewww. > > Given that we have an encrypted darknet protocol specifically to mask the > fact > that users are running Freenet, it's a serious problem that any website can > discover this fairly trivially. Unfortunately I'm not sure what the solution > is. Can they? Make a page that performs this attack... > > Dave -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20060601/d399d6a3/attachment.pgp>
