On Friday 23 October 2009 17:30:33 Ian Clarke wrote:
> I just did a fresh install of Freenet on a newly-minted Windows 7 box,
> and I'm pleased to say that it went very smoothly!
>
> The installer downloaded and installed Java, and while (of course) I'm
> no newbie, I didn't really encounter any usability problems, except
> perhaps all the reading a user is expected to do when you choose
> security settings.
Agreed, we should try to rationalise this, I'm just not sure how much scope
there is ...
>
> I think with those options we should try reducing it to a single
> sentence for each, with a "read more..." link which opens up a more
> detailed explanation.
Maybe, or maybe without any such more detailed explanation. Some of the pages
can maybe be deleted, some can be shortened. Some I am not sure what to do
about. Most of the below I will implement soon, but feedback would be useful.
WELCOME SCREEN:
"Welcome to Freenet first time wizard!
Welcome to Freenet first time wizard. This tool will enable you to configure
your node quickly and easily to get you started.
Click here to continue.
I will configure Freenet manually (not recommended)."
Is this *really* necessary? OTOH is it beneficial?
BROWSER WARNING:
"You must use a separate browser (or a browser with privacy/incognito mode) for
Freenet!
We strongly recommend that you do not use the same web browser to both browse
the ordinary web and access Freenet, unless it is in incognito/privacy mode.
Browser history stealing attacks in particular may enable malicious websites to
determine which Freenet-based websites ("freesites") you have recently visited,
breaking your anonymity. Please use a separate browser to access the Freenet
web interface. For example, on Windows, the Browse Freenet link will
automatically open Google Chrome in incognito mode if it is installed.
Most web browsers, apart from Microsoft Internet Explorer, will work adequately
with Freenet, for example Firefox, Opera, Safari, Chrome, and Lynx are known to
work. You should install one of these, then copy the current URL from the
location bar, and open it in your new browser.
Click here to continue."
If we are browsing in incognito mode, we have a shorter warning:
"You are using a browser with incognito mode for Freenet (this is good)
You are using a browser with incognito support, such as Google Chrome. This is
good. You should avoid accessing Freenet from any browser without incognito
mode. If you do, make sure it is a separate browser from the one you use for
your regular Internet browsing, or regular web sites might be able to tell what
you've been browsing on Freenet.
Most web browsers, apart from Microsoft Internet Explorer, will work adequately
with Freenet, for example Firefox, Opera, Safari, Chrome, and Lynx are known to
work.
Click here to continue."
Unfortunately starting Chrome with the incognito flag does not reliably ensure
the window is opened in incognito mode - if Chrome is already running, it will
open it in a non-incognito window/tab. So at the moment this is turned off. So
afaics we are waiting for Google to fix it? Firefox is likely to have similar
issues based on my experience with profiles, although it may be possible to
work around that with -no-remote. Does FF3.5 have an equivalent of incognito
mode?
Apart from that, can we shorten either of the above texts? Any other
suggestions?
AUTO UPDATE AND PLUGINS
"Auto-update
Freenet can automatically keep itself up to date. Do you want it to:
Keep Freenet up to date automatically
Ask when a new version is available
Plugins
Plugins are optional extensions to Freenet that enhance it in some way. Some of
them may have security issues for some users, see below.
Enable Universal Plug and Play (UPnP). Set this if you have a router on your
local Network. Don't set it if you are directly connected to your ISP e.g. via
dial-up modem, or have untrusted people on your local network.
Enable automatic IP address detection via JSTUN. Uses central servers (also
used by e.g. internet telephone programs) to find out your IP address. Turn off
if you are concerned about this."
We could get rid of the first question and always have Freenet auto-update
unless you turn it off? UPnP is very useful because we need it to forward
ports, it can be used for hijacking if you have a bad guy on your LAN (very
possible if you have e.g. tower block ethernet in e.g. many parts of eastern
europe), however the damage is limited by the fact that your peers will tell
you the IP address they see your packets coming from; arguably we could hide
this from the user. JSTUN is only really necessary on darknet; many users have
non-functional UPnP, but seednodes will tell the node what its IP is, JSTUN is
mainly needed for getting an accurate node ref before adding friends on pure
darknet. So there is an argument that UPnP should be on by default without
asking and JSTUN should be off by default (and we'd ask the user to load it if
they are on pure darknet and their node doesn't know their IP). We've had some
bug reports about the node not recognising its IP address recently which need
to be tackled at the same time.
Thoughts?
NETWORK SECURITY LEVEL
"Protection against a stranger attacking you over the Internet
How much security do you need against Internet providers, corporations,
governments, bored kids etc attempting to monitor your use of Freenet?
LOW: I do not care about monitoring and want maximum performance.
It may be quite easy for others to discover your identity!
NORMAL: I live in a relatively free country, but I would like to make it more
difficult for others to monitor my communications.
Freenet will be reasonably careful to protect your anonymity, at some
performance cost. Freenet will automatically connect to unknown nodes. We
recommend that you add friends running Freenet and upgrade to HIGH.
HIGH: I would like to make it much more difficult for others to monitor my
communications, or I am worried about ISPs and/or governments trying to block
Freenet.
Freenet will only connect to your friends, so you must have friends already
using Freenet. Freenet will be slow unless you add at least 5-10 friends, and
won't work at all if you don't add at least 1.
MAXIMUM: I intend to access information that could get me arrested, imprisoned,
or worse. I understand that Freenet is experimental and cannot ensure security
against certain known attacks, but I accept the risks compared to the
alternatives.
Freenet will be significantly slower than in HIGH, and you must have friends
running Freenet."
"Bored kids" is debatable, arguably it's FUD, we are not really certain how
powerful and how easy the main attacks are, but I have always gone with the
precautionary principle, it's a useful caveat...
We *could* get rid of the explanations. However, if we do, even more people
will choose HIGH or MAXIMUM, then see the warning about having to add friends
manually. This wastes their time, although it is an important educational
point. Some of them will ignore the warning and go for pure darknet anyway, and
then have problems. But yes, we *could* get rid of the explanations, the
warning does explain the situation.
The high/max warning:
"WARNING: Setting network security level to HIGH
WARNING: You are about to set the network security level to high. This means
your node will not be able to connect unless you add some connections to
Friends. These should be people you already know and at least marginally trust.
If you don't know anyone already using Freenet, please use the NORMAL network
security level so that Freenet will setup connections automatically. Adding
people you don't know as Friends will not significantly improve security and
will harm performance. Also note that HIGH security level is slower, especially
if you don't have many Friends (you need 5-10 for adequate performance).
[ ] I know at least one person already using Freenet (3 preferably, 5-10 for
good performance). I will add them on the Friends page. I understand that
Freenet will not work unless some of my Friends are online. "
Rewrite maybe. Get rid of "your node"! Maybe:
WARNING: You must add friends manually or Freenet will not connect!
For maximum security, Freenet can be configured to be purely "friend-to-friend"
where it only connects to your Friends. These are nodes operated by people you
know, which you have added through the Add a Friend page on the Friends menu.
This means that Freenet will not function until you have added at least one
Friend, and you should add at least 3 for better performance, preferably 5-10.
Do not add anyone's node as a Friend unless you know them personally, whether
online or offline, as this will harm performance and not improve security.
[ ] I know at least one person already using Freenet, and I will add them on
the Friends page.
FRIENDS SECURITY LEVEL:
"Protection if your friends attack your anonymity
How concerned are you about those you add as friends attempting to monitor your
activities, either deliberately or as a result of their computers being
compromised? If you have set the network security level to HIGH, then the
friends security level determines performance, along with the number of friends
added.
LOW: I am not concerned about attacks from friends. I trust my friends and
their computer security abilities.
Freenet will share a lot of information with your friends' nodes to maximize
performance.
NORMAL: I am not overly concerned about attacks from friends, but I would like
Freenet to take reasonable precautions.
Freenet will share a limited amount of information with friends, and be slower
than in LOW mode.
HIGH: I would like Freenet to take extra precautions to avoid attacks from
friends.
Freenet will avoid sharing information with friends and so will be somewhat
slower than in NORMAL mode."
"Protection if your Friends try to discover how you are using Freenet" would be
a better title?
Some would say we shouldn't even ask if we haven't added any friends. However,
we do want people to add friends, and getting the user to answer the question
later is awkward.
The introduction could be rewritten maybe:
"You can connect to your friends' Freenet nodes to improve security. Freenet
can share extra information with these nodes to improve speed. However, if they
try to find out what you are doing with Freenet, or if their computers are
infected with malware, this may increase the risk of your anonymity being
breached. How concerned are you?"
"How concerned are you about your Friends' (Freenet nodes run by people you
know added as Friends) honesty and ability to keep their computers free of
worms, trojans and malware? Freenet can improve its performance (especially if
you set HIGH or MAXIMUM on the last page) by sharing more information with your
Friends, but this increases risk if their computers are infected with malware
or try to find out what you are doing with Freenet."
The first is probably better.
And then delete the explanations? Is "if they turn out to be bad guys"
appropriate? Most alternatives are more wordy, but it is sexist and might
offend some? "If they turn out to be bad"? "If they betray you"? "this
increases the risk if they are not trustworthy"? Is "malware" jargon, and
what's the alternative?
PHYSICAL SECURITY LEVEL:
"Protection if your computer is seized or stolen
How concerned are you about your computer being seized or stolen? Freenet can
encrypt all traces of what you have been browsing on Freenet, but note that if
you open files in outside applications (e.g. media player), or save them to
disk, there may be traces of the content outside of Freenet.
LOW: I am not concerned.
Freenet will avoid disk encryption and leave traces of what you have visited on
your hard disk, improving performance (for slow CPUs) at the expense of lower
security if your computer is seized. Downloads will be written directly to disk.
NORMAL: I am concerned.
Freenet will encrypt temporary files, the database of downloads and uploads,
and the cache of recently visited sites. The master keys will be stored in a
file master.keys, and if you securely erase that file then the other sensitive
data cannot be accessed. We recommend you fetch big files to temporary space,
so that they are encrypted and can be viewed through the downloads page, but
you can also download files directly to disk if you want to.
HIGH: I am very concerned.
Freenet will password protect the master keys, so after restarting Freenet, you
must enter the password to access the downloads and uploads queues, and the
cache of recently visited sites. Downloads will only be stored encrypted by
Freenet and will not be written to files on disk.
Set the password::
MAXIMUM: I do not want any traces to be kept on my hard disk in a form that an
attacker could possibly decode.
Freenet will keep the encryption keys for temporary files, recently visited
freesites and so on in RAM only, and will never store the keys to disk. All
downloads and uploads will persist only until restart and will not be written
to disk. You should take care to avoid saving content from Freenet to disk
accidentally, and consider full-system encryption using for example Truecrypt,
maybe with hidden volumes."
This is a feature which is important for hostile environments i.e. Iran etc. I
am not sure we can delete the explanations, but maybe we can merge them with
the levels?
How concerned are you about your computer being seized or stolen? Freenet
stores temporary files, persistent downloads, caches etc on disk, and these can
be encrypted to increase security, however if you save a file to disk, or open
it in an outside application (e.g. media player), there may be traces that
Freenet cannot deal with. You should also consider full disk encryption via
e.g. Truecrypt.
LOW: I am not concerned. Don't encrypt anything.
NORMAL: I am concerned. Encrypt all important data, so that I can erase it
easily by using the panic button on the downloads/uploads page, or securely
deleting the file master.keys
HIGH: I am very concerned. Encrypt all important data with a password. Do not
allow access to it until I have entered the password.
MAXIMUM: I am extremely worried. Encrypt everything and do not store the key.
Wipe everything whenever the node is restarted: Persistent downloads will
disappear when I restart the node.
BANDWIDTH LIMITS:
"Bandwidth limits
Please select your internet connection type and speed (download/upload) from
the dropdown menu below.
[dropdown]
Please note that Freenet will always run in background when your computer is
turned on (because this improves your node's speed significantly), and will use
all available bandwidth up to the limit you set (up to 50-100KB/sec or so). If
you have a monthly quota, you should take this into account when setting a
bandwidth limit. The above limits are upload bandwidth limits, usually the
download bandwidth usage will be the same as the upload bandwidth usage."
We should change "up to 50-100KB/sec" to "up to 100KB/sec". The dropdown should
show an estimated GB/month for each option. Apart from that, I'm not sure we
can do much here: we really should offer more options, e.g. use less bandwidth
at certain times of day, show the GB/month for each bandwidth limit etc.
DATASTORE SIZE:
"Datastore size
Please select a size for your datastore. The datastore acts like a cache;
storing data for the network will help you to get better throughput when
requesting popular files. The more space you can afford the better it is for
the community and the faster your node and especially your downloads will go."
This isn't bad IMHO, maybe minor punctuation fixes - comma, and helping you to.
WELCOME:
"Welcome on board!
Congratulations, the base configuration of your Freenet node is now done. You
can change and edit any of the parameters you have just set going to the
"configuration" page, reachable anytime from the menu on the left of the
interface. Please note that Freenet will be slow to start with, it will improve
over time. You can get started by clicking on the bookmarks on the next page.
We wish you a pleasant Freenet experience.
Click here to start using Freenet!"
parameters -> options, less jargony
"on the left of" - no it isn't, often it's at the top. Delete, hopefully the
user knows what a menu is! Also it's pageS not page.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part.
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20091023/61f328d3/attachment.pgp>
