On 02/08/10 17:20, Arne Babenhauserheide wrote: > On Sunday 01 August 2010 12:14:51 Ximin Luo wrote: >> So yes we should just drop "physical security". To do it properly we'll >> have to fuck with parts of people's machines we really shouldn't be >> fucking with; and if they are that paranoid (I am) they should just >> encrypt their entire disks, which will cover non-freenet stuff too. > > For me that would take away one of the main strengths of freenet: People > need only install one program and have anonymous and mostly secure > communication right away. >
AISB, "the freenet service" (ie. the theoretical design) tries to provide an anonymous/DDoS-resistant insert/request service, it doesn't try to protect you after you actually *get* that data. If you run freenet, but never access anything through FProxy, disk encryption is (for the most part) irrelevant. Encrypted node.db4o is for when your computer gets seized, and you've accessed (ie. obtained the keys for, and decrypted) incriminating data. But there are many other things that may incriminate you, which we can't possibly predict. This is a general issue that applies to any access of incriminating data, not just freenet. Therefore, it's better to some give general advice: - full-disk encryption is best - alternatively, use the browser in "private mode", don't save any files to disk, encrypt your swap, and delete any state that fred (and plugins) leave behind. There are programs that do this already. If you want to make these "easier to use", go develop for those projects, or start your own project that does all of this in one easy program (or more likely, OS distribution). But freenet should not be this program, because: - it greatly increases the complexity we have to deal with, and we are short on developer time already. - a separate project would benefit other services that depend on this, such as Tor. > Why throw away one of the strength freenet already has? > It's NOT a strength that freenet already has. It gives a false sense of security (take eg. the claims you're making right now!). > Freenet can only attain the goal of spreading uncensorable information, if > it is really easy to use. Else it can only reach the geek part of the > population. > Security is more than installing one program. If you use freenet to get some incriminating documents then spray paint it all over the front of your house, of course you're going to get fucked. Or what if your computer gets seized while freenet is running, and everything is in RAM? Encrypting swap is similar - it's completely outside of what freenet does. Relying on freenet developers to provide total security, is extremely naive. Centralising security into the hands of a few - sound familiar? What's the difference between trusting *us*, and trusting the government? "Spreading uncensorable information" is a nice goal, but it can only work if everyone participates. You're (as in, one is) not being helpful, if all you do is sit on your ass and let us encrypt your swap file without understanding wtf you're letting us do to *YOUR COMPUTER*, believing that this absolves you from watching your own back. "When the freedom they wished for most was freedom from responsibility, then Athens ceased to be free and was never free again. " X