Update: We worked a bit on the first time user experience. Reasoning: Only 1 choice at startup: default setting or wizard.
? http://piratepad.net/H3kOp3QXuV Current version, without the text markup: 3 scenarios: - With invite. Can stay darknet or enable opennet as well for better performance. ? 3 choices: Connect to friends (darknet) only, connect to any freenet user (opennet) or use the wizard. - Without invite. Probably want opennet ? 2 choices: connect to any freenet user or wizard. - No invites: Connect to any Freenet user, connect only to friends, wizard. Connect to any Freenet user: (normal security) (No invite) This is suitable for relatively free countries where running freenet is legal, and is much safer than traditional p2p software like BitTorrent or Gnutella, but an attacker with moderate resources may be able to hunt you down. To improve security further, you can get your friends to sign up as well, add them as Friends, and then connect only to friends. Suggestion: To improve security further, you can tell your friends about Freenet and upgrade to high security once you have a stable connection count > 10. (With invite) Freenet is connecting to your friend and his/her X friends, however it could be faster (but much less secure) by connecting to other Freenet users. It will still be much safer than traditional p2p software like BitTorrent or Gnutella, but an attacker with moderate resources may be able to hunt you down. Connect only to friends: (high security) (No invite) Use this if you are setting up your own Freenet darknet, and you know several people you want to connect to, for vastly improved security. If you only have a few people it may not be very useful, but if some of them know others, or have low security set, you can have a very large network. (With invite) Freenet will connect to your friend and his/her X friends, and connect to the rest of the network through them. This should be very safe, as long as you can trust your friends, and also hard to detect. More detailed settings Configure Freenet with the first-run wizard, setting up the configuration according to your own privacy needs without having to dive into all the technical details. This will take a bit longer than the other two options. If no invite: If a friend sent you an invite to Freenet, click here: [Browse for invite file] Also send an invite to your friend: invite_file = currently fref - No you can't send an invite until after you've completed setup. why? It won't know your IP address. It will be a menu item under Friends though. I tho?gght all this ts needed only while no inv You still need an IP address for a noderef to work, especially if they're new too. So you need to go through the wizard first. OTOH if you already HAVE an invite we may know your IP. Notes Note: edonkey is no free sofware, so we need not talk about it :) :) Browse for file is great! Currently also needs save invite for friend Until we have invites we will want to have all 3 options on the homepage. We don't have invites yet. Possibly we should say "if you have an invite..." If the user chooses high security, we can have a page of essentials, or we could post them as useralerts. For example we could link to Truecrypt, offer to set a password, have a box saying "I am on a student LAN", etc. maybe just a freesite with that info in the default links Unfortunately in some cases Freenet needs to know. E.g. for UPnP/JSTUN. On the other hand, we can turn them off and then bug the user if we don't succeed - if we have lots of FOAFs, we may not need JSTUN, just like we usually don't need it on opennet. Before we have invites we could just enable it I suppose... Moved from no invite: We could relay the original invite, also we could link to the menu where a message tell the user that he has to finnish the setup before he can invite new friends. We can mention it, but we can't link to it because we havent' finished setup yet. It does need to be an obvious menu item afterwards, especially if we have no friends, maybe an alert, instead of the current you-can-add-friends-or-turn-opennet-on we should link to the invite generator page. sounds good We could even mention it at the end, in the congrats page or something. But an alert might be better, dunno. If we have no peers and are on darknet only it might make sense to go straight to it. In any case there should be no "get your friends to sign up..." At Thu, 14 Jul 2011 19:51:53 +0100, Matthew Toseland wrote: > > According to the stats, the number of new users and the number of one-time > users is about equal: > http://127.0.0.1:8889/freenet:USK at > gjw6StjZOZ4OAG-pqOxIp5Nk11udQZOrozD4jld42Ac,BYyqgAtc9p0JGbJ~18XU6mtO9ChnBZdf~ttCn48FV7s,AQACAAE/graphs/1238/ > (The second graph; the first graph promisingly appears to show that numbers > are starting to rise again) > According to evan's work last year, the number of users trying freenet for 5 > minutes and then uninstalling is relatively low. > > However, according to Google Code and Google Analytics, we get 10,000-12,000 > downloads per month. (Granted we only have stats for two months on Google > Analytics for some reason). > > THEREFORE, a large proportion of users are dropping out before or during the > post-install wizard. Possibilities: > - They download it but never install it. > - They cancel the install. > - They never click on the rabbit. > - They drop out at some point during the post-install wizard. > > IMHO the last is the most likely. Unfortunately we can't tell without spying > on our users, which would be unethical and risky. :| > > Logically, they must drop out before the node is operational. That leaves: > - The intro page. We could get rid of this but it's probably better with it. > Isn't it? We could add an advanced/simple mode. > - The browser warning. This is scary and demanding. We really need to get rid > of this where possible. And it is in fact possible now thanks to Firefox 4 > fixing the CSS history bug! I started to look into this yesterday. > - Updating and plugins. Some users will want to configure autoupdate and will > be offended if they're not asked, but arguably this should be an advanced > mode setup setting... Plugins - jargonish. UPnP - jargonish, but most users > can answer it. STUN - jargonish and scary, but generally necessary for > darknet! (It may be possible to get away without it with enough FOAFs). These > settings should probably only be shown on specific security levels. > - Opennet/darknet page: We're going to lose a lot of users here... > Fundamentally Freenet is insecure in opennet mode, but everyone wants to use > it in opennet mode. And rather than our historical strategy of vaguely > hinting, we are fairly direct about this now. We also have a detailed > explanation in a mouseover, which is a bit ugly; maybe it should be a > separate page. IMHO better darknet support/invites etc could reduce the drop > out rate considerably and could get us a lot more users. > - LOW vs NORMAL: again this mentions that opennet is low security, but isn't > too jargony... > > By this point, the node is operational. However, bootstrapping can be very > slow (which is another problem which is largely opennet-specific; on darknet > the corresponding issue is even with FOAFs there may not be enough peers). > > - Physical security: Maybe excessively complex? Perhaps we could default to > NORMAL, and offer to set a password after the user has queued some stuff? I'm > not sure ... Scary language here too, but at least it's a choice... It might > be possible to simplify it, i.e. don't tell the user as much until after a > choice is made. > - Bandwidth limits: Many users don't know their upload bandwidth limits. It > is difficult to do anything about this though... > - Datastore size: This is straightforward, but if we try to skip it many > users (and not just geeks) may get angry about it. > - Congratulations page: Possibly redundant, worth considering. > > IMHO: > - It is worth doing some work on the browser warning page. It should not > generally be shown at all, if the browser is Firefox 4 or later and privacy > mode is enabled. The caveats here are privacy mode may not actually work on > recent FF, it just opens another tab; we need to file a bug for this ... We > may want to show an extra warning page later on if the user chooses higher > physical security levels. IMHO this should gain us a significant percentage. > - Updating should be on by default. This is a strong candidate for making > dependant on advanced mode setup. Which could also unconditionally enable the > next lot of questions ... > - UPnP we should only ask if network seclevel is above LOW. Basically it's > "are you on a student LAN?", although eastern europeans need to turn it off > too. "Are you on a local network including people you don't trust? (I.e. not > family etc)" ??? Arguably UPnP isn't all that dangerous anyway, the worst > case is somebody intercepts our incoming traffic, they won't be able to do > much with it and we wouldn't have been able to communicate at all otherwise - > they'd need to conspire with a corrupt seednode as well so it gets rather > unlikely... TODO: Ask nextgens exactly what the consequences of evil UPnP are > for our purposes. > - STUN is a pig. We should ask the user if they have a higher security > setting. However, if they turn off STUN, we have no way to get their IP > address, apart from UPnP or them setting one specifically. We shouldn't ask > for a static IP unless we're desperate or they are in advanced mode. Darknet > on a student LAN is potentially very problematic. On the other hand if you > have a darknet invite including some peers who are port forwarded, it may be > workable. TODO URGENT: Release a new build of JSTUN with newer server list. > - In both of these cases, we need to ask the user when they upgrade to a > higher security level - even if they don't initially set a high security > level. > - The opennet/darknet dilemma can only be fixed by darknet invites IMHO. > Which will change it slightly - if you already have friends this should > certainly have an impact. And whether you have connected to them already > might even have an impact on whether you need JSTUN or UPnP, it could be > postponed to a useralert later on??? > - We could get rid of the LOW/NORMAL choice (but not HIGH/MAXIMUM) if the > user is not in advanced mode.
