On Thursday 23 December 2010 19:32:31 Matthew Toseland wrote: > On Tuesday 21 December 2010 00:42:53 Matthew Toseland wrote: > > On Friday 17 December 2010 15:50:11 Matthew Toseland wrote: > > > On Tuesday 07 December 2010 17:21:07 Matthew Toseland wrote: > > > > On Friday 03 December 2010 19:15:22 Klaus Koch wrote: > > > > > > > It is a hard problem. But our traditional approach hasn't been > > > > > > > terribly > > > > > > > honest IMHO. > > > > > > > > > > We were talking on #freenet on how to explain new users in a few > > > > > words > > > > > (installer?) what freenet's security is all about and how to "warn" > > > > > them of > > > > > the shortcomings of opennet. I came up with the following text: > > > > > > > > > > "Freenet's security and anonymity is based on the idea that users > > > > > connect to > > > > > people they trust. Opennet mode (=LOW security level) is a > > > > > convenience feature > > > > > for new users who don't have trusted peers yet and it's security is > > > > > not as > > > > > strong as darknet (= MEDIUM/HIGH security level). Use this mode to > > > > > befriend > > > > > people you think you can trust. Get the highest security out of > > > > > freenet by > > > > > connection to your reallife friends!" > > > > > > > > > > somehow there's still missing that even connecting to a coworker is > > > > > better > > > > > than a random stranger, but I still struggle to put it into one of > > > > > the > > > > > sentences... > > > > > > > > IMHO that is precisely what people misunderstand most frequently. How > > > > about: > > > > > > > > Generally on Freenet you are only vulnerable to the users your node is > > > > connected to. > > > > Do you want Freenet to connect only to your friends? > > > > > > > > YES (DARKNET MODE): > > > > If you have 5 or more friends who run Freenet, you should enable > > > > darknet mode, and add them on the Friends page. Freenet will send your > > > > traffic through them to their friends and the rest of the network. This > > > > greatly improves your security, because you choose who you connect to. > > > > You should only add people you know personally, online or offline. > > > > > > > > NO (OPENNET MODE): > > > > Freenet can connect to other users automatically, if you don't know > > > > anyone on Freenet. However, this is a convenience feature offering only > > > > minimal security against a determined attacker. In opennet mode, the > > > > bad guys can choose to connect to you, whereas in darknet mode, you > > > > choose who you connect to. > > > > > > > Ian suggested creating an ietherpad page for the wording so we can > > > collaborate. Please have a look: > > > http://ietherpad.com/qq8WQKFr7o > > > > > This has gone through several iterations between me and ian. My favourite > > so far: > > > > == > > People your Freenet software connects to may be able to spy on your Freenet > > activities. If you only connect to your friends (even casual > > acquaintances), it will be extremely difficult for outsiders to trace your > > usage of Freenet back to you. > > > > Only connect to friends: > > Advantage: Very hard for outsiders to trace your posts, files, etc back to > > you. > > Disadvantage: You need at least 5 friends that already use Freenet. > > > > Connect to friends and strangers: > > Advantage: You don't need to know anyone else that already uses Freenet. > > Disadvantage: Much easier for outsiders to trace your posts, files, etc > > back to you. > > == > > > > IMHO talking about outsiders tracing your posts 1) means we don't have to > > use "bad guys", "attackers" or other iffy or technical language, and 2) > > expresses the key point: Opennet does *not* mean you connect to random > > nodes some of whom might be malicious. It means that an active attacker can > > find you very fast, involving impersonating a lot of nodes to increase his > > chances, and/or by actively moving towards you. > > > > The point is not really the security you have against those you are > > connected to. It's how hard it is for an outsider to find you with your > > node initially indistinguishable from any other node. THAT is Freenet's > > threat model, and IMHO the above sums it up reasonably. > > > > Ian's version immediately prior, which is remarkably concise: > > > > == > > People your Freenet software connects to may sometimes be able to spy on > > your Freenet activities. > > > > Should Freenet only connect to your friends? > > > > YES (DARKNET MODE): > > Advantage: Much more difficult for strangers to spy on your use of Freenet > > Disadvantage: You need at least 5 friends that already use Freenet > > > > NO (OPENNET MODE): > > Advantage: You don't need to know anyone else that already uses Freenet > > Disadvantage: Freenet will connect to strangers, who may then spy on your > > use of Freenet > > == > > > > My original long, reasonably clear version: > > == > > On Freenet you are only vulnerable to the users your node is connected to. > > Do you want Freenet to connect only to your friends? > > > > YES (DARKNET MODE): > > If you have 5 or more friends who run Freenet, you should enable darknet > > mode, and add them on the Friends page. Freenet will send your traffic > > through them to their friends and the rest of the network. This greatly > > improves your security, because you choose who you connect to. You should > > only add people you know personally, online or offline. However even if > > they are only casual acquaintances this is probably still safer than > > opennet. > > > > NO (OPENNET MODE): > > Freenet can connect to other users automatically, if you don't know anyone > > on Freenet. However, this is a convenience feature offering only minimal > > security against a determined attacker. In opennet mode, the bad guys can > > choose to connect to you, whereas in darknet mode, you choose who you > > connect to. > > == > > > This has been deployed in master: > > == > > Freenet first time wizard! - Who should Freenet connect to? > > Who should Freenet connect to? > > Freenet is designed to prevent your chat messages, downloads, browsing etc > from being traced back to you. Freenet can only provide strong protection > when you know the people you are directly connected to. > > Only connect to your friends: > Advantage: Very hard to trace anything on Freenet back to you. > Disadvantage: You need at least 5 friends that use Freenet. > > Connect to strangers: > Advantage: No need to know anyone that uses Freenet. > Disadvantage: Much easier to trace your messages, files, etc back to you. > Given that your friends can spy on you, IMHO we need to be even clearer (in only slightly more words):
Freenet allows you to download, upload, browse, chat etc anonymously, to make it difficult for anyone to trace anything back to you. You can either: Only connect to your friends: Advantage: Very hard to trace anything on Freenet back to you, unless the bad guys include one of your friends. Disadvantage: You need at least 5 friends that use Freenet. Connect to strangers: Advantage: No need to know anyone that uses Freenet. Disadvantage: Much easier to trace your messages, files, etc back to you: Even if you are not a suspect, they can find you. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20110101/69823a8a/attachment.pgp>
