On Friday 14 December 2007 23:30, Ian Clarke wrote: > I think its great that we are really aiming for simplicity here, and > doing usability testing, there is hope for us yet :-) > > On 12/13/07, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > > Do you know anyone already using Freenet? > > No, I want the node to automatically find strangers to connect to. > > Yes, I have at least 5 friends already using Freenet and I will add their > > details on the Friends page. > > The above is good, clear, concise, and written in plain English. We > should ensure that the messaging within FProxy mirrors this language > when it displays its "not enough peers" error message. > > > Warning! Running Freenet may be illegal where you live, as it enables > > unrestricted, anonymous free speech. If so, telling the node to automatically > > connect to strangers may make it easy for your government to discover that > > you are running Freenet, so you should only connect to people you know (and > > ideally trust). Freenet is still beta software, we make no guarantees about > > security! In particular, those you connect to may be able to spy on your > > requests. > > I don't know about this, too many exclamation points, too wordy. How about: > > "Warning: Freenet may be illegal in some countries. If you allow you > to connect to strangers, those strangers will know that you are > running Freenet, and this could be dangerous. Freenet is still beta > software, and we offer no guarantees as to its security." > > The shorter this is, the easier for people to read and absorb it. 3 > clear and calm sentences are far more likely to be read than 6 > hyperbolic ones.
Unfortunately it's not hyperbolic (even the last bit about "may be able to spy on your requests"). But it could be seen as such, so lets work on this... > If you allow you > to connect to strangers, those strangers will know that you are > running Freenet, and this could be dangerous." This implies to me that it's a matter of luck, that only those specific strangers that you randomly got connected to will be able to attack you. Whereas the reality is a powerful attacker can target a specific node, cycle through blocks of nodes, or progressively eliminate whole swathes of the network by a location-based requestor search. Also it's not strictly true: your noderef is sent to a lot of nodes which don't actually accept the invitation to connect. In the current code, we've already told the user in the introductory sentence that darknet is more secure: "Ideally, all Freenet users would connect only to people they know. This is far more secure, making it very difficult for others to tell that you are using Freenet. However, if you don't know at least 5 people already running Freenet, you can choose to connect to strangers. Note that you can always turn this off later." So the warning is the mirror-image, and can therefore be brief. Maybe: If Freenet is illegal where you live, or if you are using it to access materials that may get you into trouble, telling the node to automatically connect to strangers may be dangerous as it makes life much easier for an attacker. Freenet is still alpha software, and we offer no guarantees about security. (Alpha not beta: we're missing critical functionality i.e. premix routing, betas are supposed to be more or less feature-complete). Putting this into context: "Ideally, all Freenet users would connect only to people they know. This is far more secure, making it very difficult for others to tell that you are using Freenet. However, if you don't know at least 5 people already running Freenet, you can choose to connect to strangers. Note that you can always turn this off later. Do you know anyone already using Freenet? - No, I want the node to automatically find strangers to connect to. - Yes, I have at least 5 friends already using Freenet and I will add their details on the Friends page. Warning: If Freenet is illegal where you live, or if you are using it to access materials that may get you into trouble, telling the node to automatically connect to strangers may be dangerous as it makes life much easier for an attacker. Freenet is still alpha software, and we offer no guarantees about security." > > We need to keep up this usability testing, its incredibly valuable. Agreed. > > Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20071215/9d0475e0/attachment.pgp>
