On Friday 02 January 2009 12:36, Ian Clarke wrote: > On Fri, Jan 2, 2009 at 12:11 PM, Matthew Toseland > <toad at amphibian.dyndns.org> wrote: > >> What about the new privacy mode in the Firefox 3.1 betas, or in the > >> current version of Safari? > > > > How would we reliably detect this? Does it change the User-Agent string? > > I doubt it. > > > I disagree, Freenet should be secure by default. > > Easier said than done, Freenet also shouldn't screw with the configs > of third-party software in ways that we *know* are destructive, yet it > does. > > > If it's insecure it should at > > least have the decency to tell the user that it is insecure. And the more > > things that the user has to be warned about, the more mental overhead Freenet > > takes up, IMHO pointlessly in most cases: this is the opposite of > > user-friendly! > > Do you think screwing with user's firefox profiles causing them, at > least in some cases, to lose data is user friendly?! Given the > choice, I would far prefer that Freenet made it my responsibility to > ensure the security of third party software rather than destructively > screwing with that third party software as we do with Firefox. > > > What do you think of the solutions I proposed most recently? That is, to > > add ?security=<long key dependant string> to freenet URIs (in the content > > filter and the fetch a key form), and to solve the connections problem as > > we've discussed, with a page loading screen and some rather more heavyweight > > javascript solution for loading image-heavy pages? (Admittedly some pages > > will have the inlines in the same container...) > > We should start with the simplest of these and work our way up, but we > should ditch the Firefox fubarring stuff *NOW* no-matter what else we > do.
Okay so the current gameplan is to implement history cloaking and turn off the firefox profile in new installs today, then implement a basic progress screen, and ask around for any javascript experts to help with a better one and/or better support for inline images. Every page, including static content and the homepage, will require a ?secureid=<long string>. The string is derived from a node-specific nonce created at install time, and the url being fetched. Links are automatically translated when sent to the user. The node will create a shortcut, including an sid, so the only case when a url is entered without an sid is if the user guesses it (e.g. typing in 127.0.0.1:8888). If the user does this then we warn the user to clear their history, and either not guess url's, always use privacy mode (in some browsers), or use a separate browser for Freenet, with an option to turn off the warning if the user is sure, and of course with a button to go to the corrected url. Ian and nextgens have been very helpful in discussing this off-list. > > Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090102/9d5da345/attachment.pgp>
