I think we should keep a database of dangerous file formats. For each file format: - Known MIME types. (we have this already) - Known extensions. (we have this already) - Can it give away information on the person who created the file? (text; optional; user's issue really) - Can it give away information on the person reading the file? (text; we give this out on the unknown file type click-through) - Do we have a filter?
So when you get an unknown-file-type dialog from fproxy for a PDF, it would say something like this: Adobe(R) Portable Document Format (PDF). This file format is extremely dangerous from a Freenet point of view; it can include inline content from the internet (which a malicious author could use to get your IP address), links to the internet (which if clicked could likewise), and javascript (which could also fetch content from the internet and betray your anonymity). Click here for advice on how to handle potentially dangerous content; there are a few options. Click here to retrieve the document anyway. Click here to save the document to disk. Unknown MIME type (application/x-winword). We do not know anything about this MIME type. It is entirely possible that the tool you use to read this file will betray your anonymity, as part of its normal functionality - for example, by fetching an embedded image from the web, and thus giving away your IP address. Click here for advice on how to handle potentially dangerous content; there are a few options. Click here to retrieve the document anyway. Click here to save the document to disk. Secondly, if we make fproxy accept absolute fproxy URLs (http://127.0.0.1:8888/<key>) as well as relative ones (/<key>), then we have another option for a paranoid user (using fproxy as a proxy which blocks the internet but allows freenet). This is an insignificant amount of code and I will make sure it works. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060113/b0a20a34/attachment.pgp>
