On Sun, Jan 18, 2009 at 7:34 AM, Matthew Toseland <toad at amphibian.dyndns.org> wrote: > We decided to get rid of the firefox profile, because it was becoming the > default profile on a few users' systems, causing severe problems as the user > didn't know what a browser profile is let alone how to switch back to the > default one. > > This meant freenet would typically be browsed by the user in their normal web > browser, leaving two problems: > 1. The browser history - freesites browsed would end up in their browser > history, which could easily be probed by malicious web sites on the Internet. > 2. Performance - Freenet requests frequently take a long time, but web > browsers allow a very limited number of parallel connections to a single > host; it would be much better to have lots of connections in parallel.
> > We had hoped that the first problem could be solved by "history cloaking", > i.e. adding a ?secureid= parameter to each URL. This would depend on the URL > being accessed, and on a node-specific random string. The browse scripts have > been updated to open the correct initial URL, links in freesites and in > fproxy have been fixed. Unfortunately, there is a serious problem with > this ... > > If a user inserts a file, then copies the URL to announce it, and forgets to > convert the URL into a key by stripping off the ?secureid= at the end and the > http://127.0.0.1:<port>/ at the beginning, it will still be usable; the > receiving user may need to strip the key, but the beginning bit is already > stripped by fproxy. But a malicious attacker can then probe for this URL > (using standard history stealing), assuming they can get the user to visit a > website they control. Just because the user has visited the site with the > original secureid doesn't mean they inserted it, but if a user other than the > original inserter visits it, they will get a warning page asking them to > clear their browser history ... clearly it is an unacceptable risk. Usability / Integration There are some user still using frost (it is getting less spam when i last checked). People copy and parse freenet uri from frost to browser. This hurt people copying link from IM (skype/icq/msn/jabber) to browser too. > For now, I will add an extra stage to the first-time wizard, asking whether > the user wants history cloaking and explaining the caveats either way. But > really the solution is a proper Freenet UI where we have a Key bar rather > than a Location bar. This can be implemented in a regular browser with > javascript, or it can be implemented (more cleanly and safely, and solving > several other problems) by building a dedicated Freenet browser, as saces has > started to work on. > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl >
