On Monday 07 December 2009 12:51:24 Matthew Toseland wrote: > On Sun, Dec 06, 2009 at 04:58:21PM -0600, Ian Clarke wrote: > > This guy raises concerns about uninstalling Freenet: > > > > http://truefalsebollox.blogspot.com/2009/11/freenet-users-watch-your-back.html > > "First of all, there is talk in the scant guide offered with Freenet of ?a > panic button? ? I imagined something to hit if the heavy jackboots start > thudding up the stairs. What would the panic button do? Immediately wipe all > Freenet-associated files from my hard disk? Hmm, I don?t know, because I > couldn?t find the panic button in the copy I downloaded and ran. Even if > there was one somewhere, the fact that it isn?t under my nose means it > wouldn?t be much use in a hurry." > > The "panic button": > - Shows up on the downloads/uploads page. > - Doesn't show up in LOW physical security level. You already said you have > nothing to hide, right? Maybe we should change this. > - Wipes everything that might relate to incriminating data: the client cache, > downloads in progress etc (but not files already downloaded to disk, only > files downloaded to temporary space).
What documentation refers to the panic button? Maybe we could improve it... > > IT EXPLICITLY DOES NOT DELETE FREENET ITSELF. Writing a portable > without-a-trace uninstaller is a seriously nontrivial project which we are > not competent to embark on, and it is outside our mandate. > > "The uninstaller provided with each download merely removed the program files > from my Applications list into my Trash list. It did not remove them from the > computer." > > This is some OS/X bull****. mrsteveman1 can you fix this? Can we fix this? > > "Further, even though I was running my browser in ?Privacy mode?, links to > Freenet ?keys? were stored in my browser Cache history." > > Then your browser is defective! Privacy mode by definition should not > persistently store any trace of your browsing after you close it. If it does > IT IS NOT A MEANINGFUL PRIVACY MODE. If anyone is aware of browsers which > behave in this way, providing a dangerously false sense of security, please > let us know and we can warn users against them. Maybe we should warn users about Safari? If the browser history is wiped on shutdown then I guess there's no problem? > > "This is particularly worrying if you don?t bother to check, since the advice > from Freenet is to use a separate and dedicated browser ? meaning everything > in your cache will be freenet related. No need for anyone examining your > computer to sort through thousands of innocuous logs to find the Freenet > ones." > > Any browser that stores cache or history on disk in plaintext for "privacy > mode" is broken by design and SHOULD NOT BE USED. The advice we give is based > on the simple fact that if you use the same browser, with the exception of a > meaningfu,l non-history-preserving privacy mode, for browsing the internet as > for browsing freenet, the internet sites you visit can probe your freenet > browsing history. > > "Still, none of that is of as much concern as this: manually deleting Freenet > from my computer was not as simple as emptying the cache and Trash files. The > cache went into the trash, so to speak, but the Trash folder with Freenet > files in it could not be emptied from the desktop no matter what I did. Some > files had been automatically locked by Freenet, and the whole Trash > application froze trying to unsuccessfully delete them. In short, I had to do > a ?sudo? from the command line to forcibly remove them, a process that if you > don?t know how to do you?d better learn if you plan on using Freenet in a > hostile environment. I?d also say you?d better learn how to do it quick > (maybe write yourself a script), because wiping all trace of Freenet off my > computer took me the best part of an hour the first time I tried it." > > This is more Mac bullshit. We should work around it. mrsteveman1, any suggestions? > > HOWEVER, there is a deeper fundamental fact here: No portable application is > going to wipe every trace of its presence when you uninstall it. It's just > not practical in terms of the amount of deeply platform specific work > involved. There are third party tools that may provide such functionality. > > Or is it? Most unixes have "shred" now?? > > All this is a matter of poor documentation. However, better documentation > would involve more reading for the user and therefore put users off running > Freenet at all. Thus it is a largely unsolvable problem, apart from the OS/X > perversities which hopefully mrsteveman1 will have time to resolve. > > So we cannot expect to tell the user the full range of things they need to > know to keep their privacy in the installer. The solution is to bundle a > README file that nobody will read, and then when somebody gets killed because > of our negligence we can say it was because they didn't read the README. Oh > and we can make it prominent by e.g. making it available from the web > interface. Thoughts on this? > > Thoughts? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 835 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20100111/fffc33b2/attachment.pgp>
