On Saturday 20 June 2009 13:52:10 Zero3 wrote: > Matthew Toseland skrev: > > >>>>>>>> Very annoying to be asked to install a second > >>>>>>>> browser. In this case, a third (using FF with IE as backup. And user > >>>>>>>> is > >>>>>>>> asked not to use IE). More FUD about history leaks. > >>>>>>> FUD stands for Fear, Uncertainty and Doubt. Unfortunately, the > >>>>>>> warnings about browser history stealing are factually true. Perhaps > >>>>>>> there is an argument for not naming such attacks if this intimidates > >>>>>>> people? Is the problem with IE important? There are possibilities for > >>>>>>> working around it, there has never been much enthusiasm for > >>>>>>> implementing them (even from ian who tends to be usability oriented). > >>>>>> Exactly. The user is fears the consequences of history leaks and is > >>>>>> uncertain what he ought to do, and thereby doubts his security and > >>>>>> privacy using Freenet. > >>>>> He knows what he needs to do - use a separate browser. Don't we make > >>>>> that clear? It may be annoying but it is clear, no? > >>>> It is indeed very clear, but as you say, also damn annoying. If > >>>> possible, I think we should avoid annoying the user. > >>> Well, any suggestions you may have... afaics the best option on windows > >>> is to run Chrome in incognito mode, and tell the wizard not to show the > >>> warning. But in that case we need to warn the user if they ever use > >>> another browser - and we can't tell the difference between Chrome in > >>> incognito mode and Chrome not in incognito mode, so I think we should > >>> display the warning anyway, we just need to rewrite it a bit for the case > >>> where we are using Chrome in incognito mode: > >>> > >>> "You must always use a browser with incognito mode for Freenet! > >>> > >>> You are currently using Freenet through Chrome in incognito mode. This > >>> should be safe. You should always access Freenet using Chrome in > >>> incognito mode, or through a browser you do not using for normal web > >>> browsing. The Browse Freenet link on the start menu should use Chrome in > >>> incognito mode, and so should be safe. Most browsers will work well with > >>> Freenet, except for Internet Explorer. > >>> > >>> Click here to continue." > >>> > >>> ??? > >> I don't think we should display a warning when the user is browsing in > >> incognito mode. When the user is not (or we don't know for sure), we > >> could do it. > > > > How could we ever know for sure? If the user opens Freenet using the link > > and then starts browsing it using regular Chrome, there is no way to detect > > this, for example. > > On top of my head: Let the launcher load > http://127.0.0.1:8888/?incognito=true. Fproxy should remember this via a > session cookie (that gets deleted when the user exits his browser, > obviously), and redirect to http://127.0.0.1:8888/. That should prevent > obvious copy+paste/bookmarks that could be opened in non-incognito mode > later on.
Does incognito mode interfere with cookies? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090703/fc72229c/attachment.pgp>
