If I may interject, the biggest threat the users have is the
downloading and installing the software to begin with.
Unless they are rather sophisticated, they are installing a
binary.  And running on an OS that has no concept of user
vs. root protection.

just my 2c.
--
tony

On Wed, Jul 04, 2001 at 10:15:03AM -0700, Ian Clarke wrote:
> So it seems that Oskar and Tavin are now arguing that it is fine if
> users download Freenet, start the installation, are manually directed by
> the installation to the Freenet website where they can obtain some seed
> node addresses which they must manually enter into the installation
> process - but it is the root of all evil to automate this process
> (having informed the user of what will happen and any risks involved)?
> 
> Is it just me or is this looking more ridiculous by the minute? The
> *only* thing achieved by what they want to do is that the installation
> process is complicated further thus deterring potential users.  There is
> no additional security afforded to the user, in fact there is less
> security afforded to the user since it is very likely that others who
> repackage Freenet will not share Oskar and Tavin's peculiar idealogical
> position and will provide a seeding mechanism, and we will have no way
> to influence how that mechanism works to ensure it is difficult to
> circumvent.   Most users are then likely to be attracted to alternative
> distributions and our protests that those distributions are insecure
> will go unheeded.
> 
> The core of Oskar's argument is that we must not write code to do
> something which may compromise the user's anonymity* (even though we
> have already done this, FProxy is a very dangerous threat to the user's
> anonymity), even though the net effect of not writing this code will
> jeopardize more people's anonymity more severely than actually writing
> it, in addition to driving people to use distributions of Freenet not
> created by, and not endorsed by ourselves.  
> 
> In Open Source, the path of least resistance will always win, we block
> that path at our peril.
> 
> * something that still hasn't been proven by the way - I proposed a
>   solution a few posts back which still hasn't received any comments
> 
> Ian.



_______________________________________________
Devl mailing list
[EMAIL PROTECTED]
http://lists.freenetproject.org/mailman/listinfo/devl

Reply via email to