So it seems that Oskar and Tavin are now arguing that it is fine if
users download Freenet, start the installation, are manually directed by
the installation to the Freenet website where they can obtain some seed
node addresses which they must manually enter into the installation
process - but it is the root of all evil to automate this process
(having informed the user of what will happen and any risks involved)?

Is it just me or is this looking more ridiculous by the minute? The
*only* thing achieved by what they want to do is that the installation
process is complicated further thus deterring potential users.  There is
no additional security afforded to the user, in fact there is less
security afforded to the user since it is very likely that others who
repackage Freenet will not share Oskar and Tavin's peculiar idealogical
position and will provide a seeding mechanism, and we will have no way
to influence how that mechanism works to ensure it is difficult to
circumvent.   Most users are then likely to be attracted to alternative
distributions and our protests that those distributions are insecure
will go unheeded.

The core of Oskar's argument is that we must not write code to do
something which may compromise the user's anonymity* (even though we
have already done this, FProxy is a very dangerous threat to the user's
anonymity), even though the net effect of not writing this code will
jeopardize more people's anonymity more severely than actually writing
it, in addition to driving people to use distributions of Freenet not
created by, and not endorsed by ourselves.  

In Open Source, the path of least resistance will always win, we block
that path at our peril.

* something that still hasn't been proven by the way - I proposed a
  solution a few posts back which still hasn't received any comments

Ian.

PGP signature

Reply via email to