While I realize that there is a great desire to make those who dare to use Windows suffer as much as possible - displaying a message seen by, I would guess, 90% of our users, which suggests that they should start editing source-code, conveys a pretty bad impression of Freenet's user-friendliness.
The rest of the message could also use some rewriting so that it
will be comprehensible even for those who don't know what a
MIME-type is.
Ian.
On Mon, Nov 04, 2002 at 12:07:35PM -0800, Robert Bihlmeyer wrote:
> MSIE users can't switch to Konqueror easily, recommend K-Meleon instead.
> pw.println("<body bgcolor=\"#ffffff\"><h1>Internet Explorer Allows
>Sites To Compromize Your Anonymity</h1>");
> pw.println("<p>Microsoft Internet Explorer (all versions, as far as we
>know, and this is not likely to be fixed) does not respect MIME types. This means it
>is impossible for fproxy to protect your anonymity on freenet. There may be bugs etc.
>in fproxy's filter that make other browsers unsafe, but IE's behaviour makes it more
>or less impossible to filter out content that might make your browser do something to
>compromize your anonymity (scripting, and talking to internet servers outside of
>freenet). This is not a theoretical risk, it is a practical one - just insert your
>HTML as text/plain, and it will pass straight through the content filter without
>being checked for web-bugs or javascript. \"Fixing\" this would require filtering
>text/plain, and possibly all mime types, as well as text/html and text/css, and
>abandoning any possibility of rewriting the filter to only let through content that
>it understands (in order to prevent future standards/extensions to HTML bypassing the
>content filter). This does not necessarily mean that IE is insecure as a web browser
>in general, it just means that it is incompatible with freenet's anonymity filter. To
>disable this message permanently, edit the file FproxyServlet.java in the freenet
>source (search for indexOf(\"MSIE \"), and recompile.</p>");
> ! pw.println("<p>There are many other web browsers out there, such as <a
>href=\"http://www.mozilla.org\";>Mozilla</a> (Windows, Linux, MacOS, most things,
>off-freenet link), and <a href=\"http://www.kde.org/\";>Konqueror</a> (linux only,
>off-freenet link), which are free.<hr>");
> if (badBrowserWarningsSentTo.size() < maxBadBrowserIPs) {
> pw.println("If you are really really sure you want to proceed, don't
>say we didn't warn you, and click <a href=\"" + req.getRequestURI() +
> --- 434,438 ----
> pw.println("<body bgcolor=\"#ffffff\"><h1>Internet Explorer Allows
>Sites To Compromize Your Anonymity</h1>");
> pw.println("<p>Microsoft Internet Explorer (all versions, as far as we
>know, and this is not likely to be fixed) does not respect MIME types. This means it
>is impossible for fproxy to protect your anonymity on freenet. There may be bugs etc.
>in fproxy's filter that make other browsers unsafe, but IE's behaviour makes it more
>or less impossible to filter out content that might make your browser do something to
>compromize your anonymity (scripting, and talking to internet servers outside of
>freenet). This is not a theoretical risk, it is a practical one - just insert your
>HTML as text/plain, and it will pass straight through the content filter without
>being checked for web-bugs or javascript. \"Fixing\" this would require filtering
>text/plain, and possibly all mime types, as well as text/html and text/css, and
>abandoning any possibility of rewriting the filter to only let through content that
>it understands (in order to prevent future standards/extensions to HTML bypassing the
>content filter). This does not necessarily mean that IE is insecure as a web browser
>in general, it just means that it is incompatible with freenet's anonymity filter. To
>disable this message permanently, edit the file FproxyServlet.java in the freenet
>source (search for indexOf(\"MSIE \"), and recompile.</p>");
> ! pw.println("<p>There are many other web browsers out there, such as <a
>href=\"http://www.mozilla.org\";>Mozilla</a> (multi-platform, off-freenet link), and
><a href=\"http://kmeleon.sourceforge.net/\";>K-Meleon</a> (Windows only, off-freenet
>link), which are free.<hr>");
> if (badBrowserWarningsSentTo.size() < maxBadBrowserIPs) {
> pw.println("If you are really really sure you want to proceed, don't
>say we didn't warn you, and click <a href=\"" + req.getRequestURI() +
--
Ian Clarke ian@[freenetproject.org|locut.us|cematics.com]
Latest Project http://cematics.com/kanzi
Personal Homepage http://locut.us/
msg05218/pgp00000.pgp
Description: PGP signature
