On Tuesday 16 June 2009 21:53:09 Zero3 wrote: > Matthew Toseland skrev: > > On Sunday 14 June 2009 14:24:39 Zero3 wrote: > >> a) On the front page of the website: A "What is Freenet?" teaser linking > >> to the "What is Freenet?" page would be cool. Confusedly started to read > >> the news item instead. (She should have spotted the "News" headline, but > >> I agree on the teaser) > > > > I think originally the reason for putting news on the main page was that a > > lot of people check back on the website repeatedly, looking for new stuff > > (i.e. news) ?: > > > > I agree we should have some basic explanation and link on the home page > > though ... I am not quite sure whether just copying the first para from > > "What is Freenet" as Dieppe has done is sufficient? > > > > "Freenet is free software which lets you publish and obtain information on > > the Internet without fear of censorship. To achieve this freedom, the > > network is entirely decentralized and publishers and consumers of > > information are anonymous. Without anonymity there can never be true > > freedom of speech, and without decentralization the network will be > > vulnerable to attack." > > > > Followed by a link to learn more, a download link and news. > > > > Is this sufficiently comprehensible to newbies? I guess so, but it doesn't > > really answer the question! > > I think it's quite good actually! I think "Without anonymity there can > never be true freedom of speech") is a bit subjective though.
Alternatives? Clearly anonymity is a direct consequence of the overriding goal of thwarting censorship. > > >> b) FUD alert on the "What is Freenet?" page: > >> > >> "Freenet does not let the user control what is stored in the data store. > >> [...] Files in the data store are encrypted to reduce the likelihood of > >> prosecution by persons wishing to censor Freenet content." > >> > >> (Agreed. We are scaring some people away before they even reach the > >> download page. I don't think we should hide the facts, but rather give a > >> reasoned explanation for the ways Freenet do things.) > > > > I guess there is a language issue here yeah... > > > > How about this? (deployed): > > > > 'Users contribute to the network by giving bandwidth and a portion of their > > hard drive (called the "data store") for storing files. Files are > > automatically kept or deleted depending on how popular they are, with the > > least popular being discarded to make way for newer or more popular > > content. Files are encrypted, so generally the user cannot easily discover > > what is in his datastore, and hopefully can't be held accountable for it.' > > Much better, yeah. > > >> c) On the "Philosophy" page: More focus on what Freenet actually *can > >> do* for citizens living under censorship and the like. > > > > Isn't that what "What is Freenet?" is about? > > Well, yeah, except it doesn't really say anything about it on that page > either. It does now IMHO. Have you read the current version? > > >> d) FUD alert on the "Download" page: > >> > >> "Anti-virus software: Severe problems have been reported with Kaspersky, > >> and other firewalls and antivirus software may also break Freenet's > >> installation. Having said that, we do NOT recommend that you turn off > >> your antivirus software on a Windows system; if installation doesn't > >> work, please contact us and we will try to find out what is wrong." > >> > >> (TBH we haven't had "severe problems", and we don't know for sure if > >> Kaspersky was the fault (although it looks like it was). And we are only > >> talking about a single incident here - not "and other firewalls and > >> antivirus software may also".) > > > > The problems were severe. However, it is true that other firewalls and > > anti-virus software may not cause such problems. I have removed the warning. > > His Freenet installation broke, But his system wasn't harmed in anyway. > Hopefully this will be resolved by switching to using a non-custom user > account for the service. It would still be cool with a contact who can > reproduce this though. I hope so... > > >> e) On the "Download page": No idea what a "node reference" is. (Could be > >> rephrased or explained better) > > > > That's why it's in quotes, and the "Add a friend" page does explain it. Do > > you have any suggestion as to how to improve the wording? > > Perhaps add a paranthesis explaining the term? Is it a problem? If he clicks the link to Add a Friend it will explain it to him? > > >> Very annoying to be asked to install a second > >> browser. In this case, a third (using FF with IE as backup. And user is > >> asked not to use IE). More FUD about history leaks. > > > > FUD stands for Fear, Uncertainty and Doubt. Unfortunately, the warnings > > about browser history stealing are factually true. Perhaps there is an > > argument for not naming such attacks if this intimidates people? Is the > > problem with IE important? There are possibilities for working around it, > > there has never been much enthusiasm for implementing them (even from ian > > who tends to be usability oriented). > > Exactly. The user is fears the consequences of history leaks and is > uncertain what he ought to do, and thereby doubts his security and > privacy using Freenet. He knows what he needs to do - use a separate browser. Don't we make that clear? It may be annoying but it is clear, no? > > IMHO we are exaggerating with this warning page. > > Dunno about IE? Is version 7/8 "secure enough"? The problem with IE is a deliberate policy decision to ignore MIME types on most files. There is a registry key to fix it. I think it has improved slightly in recent times but avoiding it is not easy. > > >> No idea what a > >> "browser profile" is. > > > > Should we not mention browser profiles at all? And let advanced users who > > know about them figure it out themselves and feel smug? > > I don't think we should. Very few users will even know what they are. > Some browsers don't even have them. Ok, done. > > >> (I have to agree. Quite a bit of usability fail. > >> Put it as an fproxy info message instead. Hopefully we will have > >> incognito support in FF soon enough.) > > > > Even if we do, if it behaves like profiles do, it will not be reliable, but > > hopefully it won't... The Browse Freenet script will need to be sure that > > the locally installed copy of Firefox is capable of incognito mode before > > using it in preference to Chrome with incognito mode or turning off the > > browser warning. On the other hand, if the user has Chrome installed the > > problem is largely solved on Windows - with the main caveat being that we > > have to turn off the page-loading javascript, because it doesn't work in > > Chrome (there is a bug for this). Perhaps we should check whether Chrome is > > installed and ask the user whether they want it in installation? I do think > > that telling the user they need a separate browser for Freenet in the > > installer, and letting them select one for the Browse Freenet script to > > always launch, is a good idea (bug #3104). > > Sounds like a good solution to me to make the installer search for > incognito-capable browsers, and offer to install one if none found. Indeed... let the user choose either an existing browser or to download (initially) Chrome. We do need to look into why the sashee's javascript doesn't work in Chrome though. > > Chrome actually has an online installer - but only supports XP SP2+ and > Vista. We could also simply link to the project page of FF when they > implement a (hopefully working) incognito mode... :| XP SP2 is most of our users though... The user might want to install something else? We need a warning box, a choose a browser box, with integrated Chrome install on appropriate OS's, and with the ability to wait while the user installs a browser and redetect it, plus once the user has chosen a browser we tell the node (when running Browse Freenet) that they have done so and we don't need to show the warning page in the wizard. Ok? > > > The Browse Freenet script should pass in a flag if it is sure that it is > > starting a browser in privacy mode. Having said that, shouldn't the user be > > aware of this issue? A false sense of security can do > > a great deal of damage... > > > > https://bugs.freenetproject.org/view.php?id=3247 > > You need to remember to submit them under "wininstaller" and not > "installer" if you want me to realize that you submitted something for > me to work on ;). Well, it's another joint-effort bug, you'll need me to implement the option for the wizard. > > >> g) Confusion about the "automatic IP detection". Why does Freenet needs > >> my address when I'm supposed to be anonymous? > > > > So Freenet uses a magical invisible protocol that doesn't involve sending > > any packets over the internet, doesn't require new hardware, and is > > completely undetectable? > > > >> What is JSTUN? What should > >> I do on this page? (Agreed.) > > > > The UPnP explanation is okay, right? > > > > You want a *full* explanation for JSTUN? > > > > JSTUN: > > Currently: > > "Enable automatic IP address detection via JSTUN. Uses central servers > > (also used by e.g. internet telephone programs) to find out your IP > > address. Turn off if you are concerned about this." > > > > Longer: > > "Enable automatic IP address detection via JSTUN. Freenet is a distributed > > network, therefore other Freenet nodes need to know your IP address in > > order to connect. Because most computers are not directly connected to the > > Internet but go through routers, modems and so on, and most computers' IP > > address changes regularly, the easiest way to determine your current IP > > address is to ask some central servers which are also used by Internet > > telephony programs. If you are worried that this might be used to identify > > your use of Freenet, you should turn this off, but you will need a static > > IP address, a direct internet connection or some other way of finding your > > address such as a dyndns.com address. Note that dyndns is blocked in China!" > > > > Shorter: > > "Enable JSTUN. Turn this off if you have a static IP address or a dyndns > > address." > > I don't know what the best way is. I'd personally like not having to ask > the user about this technical stuff. Unfortunately it has security issues for really paranoid users ... > > UPnP for IP detection should always be safe to enable? Unless the user is on an untrusted LAN or is directly connected to building-level NATed ethernet, as is common is eastern Europe and probably many other places. > > Your peers can tell you your IP address on opennet? When UPnP fails on > darknet, you could ask the user if he wants to enable the JSTUN plugin > (with a proper explanation, like your long version above.) Where would we post such an explanation? Messages on the homepage are supposed to be short! JSTUN does help even with opennet, but yes it probably isn't necessary - if we lose all our peers, we reannounce, and seednodes tell us our new IP address... On darknet you really need one of the two, or a static/dyndns IP address, or at least an online peer that hasn't changed its address... > > >> h) FUD on the main fproxy page after finally getting through the wizard: > > > > Is there an implication here that it is too long? Any suggestions as to > > what to take out? Taking a big chunk of the user's disk space and bandwidth > > without asking used to lose us quite a few users. Making assumptions about > > security is likely to cause problems for those few users that do need it... > > I have considered getting rid of the welcome page at the beginning that > > allows you to not use the wizard... > > A bit too long, yeah. On top of my head: > > Welcome page: Move general info to next page, put a skip button in the > header/footer/corner somewhere on all other pages instead. Or just get rid of it. IMHO just casually skipping it is the easy way out and will require us to implement dangerous defaults. We should just dump it. Advanced users will figure out that once you get past the browser warning it will think you've completed it anyway, everyone else needs to go through the wizard. > > Ram usage: Don't ask. Either use static default (as now) or dynamic > according to available memory. Advanced users can adjust it in settings > afterwards. We don't ask for ram usage any more. Do we? > > IP detection page: See above. > > Security levels: Perhaps figure out some smart way to merge either some > of the levels or some of the pages? One very looooong page which nobody will read? IMHO they are logically distinct, and significant. For example, if the physical security level is set to LOW temp file handling and thus the responsiveness of the node are considerably improved. Arguably we only need a friends security level if we add darknet peers, but we want users to add darknet peers, and we want to be secure by default, i.e. ask them BEFORE they add a peer... > > >> Big read warning about connecting to the network. (Agreed. Since this is > >> to be expected, we shouldn't display a big, fat, red warning box. This > >> makes users go FUD and think they did something wrong or something is > >> broken. Make it a big, fat infobox instad. > > > > What big red warning? "The node is trying to connect to the network, it > > will be slow for a while." ??? How is this FUD? Users don't read, and have > > unrealistic expectations, so it is IMHO essential to tell them, while we > > have less than 10 peers, that Freenet may be slow for a while. Several > > times when I have done test installs this hasn't even shown up since it has > > reached 10 peers before showing the browse page! > > There will probably always be people around who refuse to read. I > personally don't think we should sacifice usability for smart users to > satisfy the stupid ones :). I don't see why it is a usability issue, we are simply telling the user the facts. > > It's not so much the size that bugged the reviewer, but rather the fact > that it was presented as a *red warning* and not as an white infobox or > similar. Messages do not belong in infoboxes, they belong in messages. If you want the detail you click on it and it will show you the detail in an infobox. So really what he is complaining about is the little red X icon next to it. The purpose of which is to draw the user's attention. This is only shown if bootstrapping is particularly slow as I mentioned above... I guess we could change it to something more innocuous, but people won't read it in that case ... and then they will complain Freenet is slow and tell all their friends Freenet is slow. Of course they'll probably do that anyway ... Also I was hoping we could eventually eliminate ALL of the messages except for ERROR and CRITICAL_ERROR, and just have a link to the messages page for anything below that, and have this shown on every generated page rather than the summaries we have now. Or is that a bad idea?
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
