The current texts are indeed very easy to understand, but not very clear to me. Most importantly, I don't get why darknet mode improves security.
I'm assuming that security in this case means anonymity. But when you add friends, they can connect your freenet identity to your real life identity. This is usually not possible for random strangers, as long as they are not law enforcement. If I am right about this, the text should at least distinguish between the situations where you want to protect your anonymity to your friends or the feds. However, I don't even see why darknets protect your anonymity so much to the rest of the network. The idea behind darknets is great, but I suspect they often don't provide much anonymity because of the way they are used. A common situation must be that a group of friends connect to each other. But they also need to connect to the rest of freenet, so one of them must use opennet mode. This means the police would be able to link all the freenet traffice from that node to that group of friends with certainty. I think the darknet idea will not be perfect before everyone uses it, and still everyone is connect to each other. Or am I one of those people who misunderstood, Matthew? Well, I propose we at least discuss the situations where one of either modes is a better choice, if you guys haven't done that a lot already (I just signed up for this mailing list, I will tell about the reason for that later). On Fri, Dec 17, 2010 at 4:50 PM, Matthew Toseland <toad at amphibian.dyndns.org > wrote: > On Tuesday 07 December 2010 17:21:07 Matthew Toseland wrote: > > On Friday 03 December 2010 19:15:22 Klaus Koch wrote: > > > > > It is a hard problem. But our traditional approach hasn't been > terribly > > > > > honest IMHO. > > > > > > We were talking on #freenet on how to explain new users in a few words > > > (installer?) what freenet's security is all about and how to "warn" > them of > > > the shortcomings of opennet. I came up with the following text: > > > > > > "Freenet's security and anonymity is based on the idea that users > connect to > > > people they trust. Opennet mode (=LOW security level) is a convenience > feature > > > for new users who don't have trusted peers yet and it's security is not > as > > > strong as darknet (= MEDIUM/HIGH security level). Use this mode to > befriend > > > people you think you can trust. Get the highest security out of freenet > by > > > connection to your reallife friends!" > > > > > > somehow there's still missing that even connecting to a coworker is > better > > > than a random stranger, but I still struggle to put it into one of the > > > sentences... > > > > IMHO that is precisely what people misunderstand most frequently. How > about: > > > > Generally on Freenet you are only vulnerable to the users your node is > connected to. > > Do you want Freenet to connect only to your friends? > > > > YES (DARKNET MODE): > > If you have 5 or more friends who run Freenet, you should enable darknet > mode, and add them on the Friends page. Freenet will send your traffic > through them to their friends and the rest of the network. This greatly > improves your security, because you choose who you connect to. You should > only add people you know personally, online or offline. > > > > NO (OPENNET MODE): > > Freenet can connect to other users automatically, if you don't know > anyone on Freenet. However, this is a convenience feature offering only > minimal security against a determined attacker. In opennet mode, the bad > guys can choose to connect to you, whereas in darknet mode, you choose who > you connect to. > > > Ian suggested creating an ietherpad page for the wording so we can > collaborate. Please have a look: > http://ietherpad.com/qq8WQKFr7o > > _______________________________________________ > Devl mailing list > Devl at freenetproject.org > http://freenetproject.org/cgi-bin/mailman/listinfo/devl > -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101219/9811b683/attachment.html>
