On Wednesday 17 June 2009 09:54:18 Zero3 wrote: > Matthew Toseland skrev: > > On Tuesday 16 June 2009 21:53:09 Zero3 wrote: > >> Matthew Toseland skrev: > >>> On Sunday 14 June 2009 14:24:39 Zero3 wrote: > >>>> a) On the front page of the website: A "What is Freenet?" teaser linking > >>>> to the "What is Freenet?" page would be cool. Confusedly started to read > >>>> the news item instead. (She should have spotted the "News" headline, but > >>>> I agree on the teaser) > >>> I think originally the reason for putting news on the main page was that > >>> a lot of people check back on the website repeatedly, looking for new > >>> stuff (i.e. news) ?: > >>> > >>> I agree we should have some basic explanation and link on the home page > >>> though ... I am not quite sure whether just copying the first para from > >>> "What is Freenet" as Dieppe has done is sufficient? > >>> > >>> "Freenet is free software which lets you publish and obtain information > >>> on the Internet without fear of censorship. To achieve this freedom, the > >>> network is entirely decentralized and publishers and consumers of > >>> information are anonymous. Without anonymity there can never be true > >>> freedom of speech, and without decentralization the network will be > >>> vulnerable to attack." > >>> > >>> Followed by a link to learn more, a download link and news. > >>> > >>> Is this sufficiently comprehensible to newbies? I guess so, but it > >>> doesn't really answer the question! > >> I think it's quite good actually! I think "Without anonymity there can > >> never be true freedom of speech") is a bit subjective though. > > > > Alternatives? Clearly anonymity is a direct consequence of the overriding > > goal of thwarting censorship. > > Ala "The anonymity of Freenet makes true freedom of speech possible"
Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack. Or even: Freenet is free software which lets you anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums, without fear of censorship. Freenet is decentralised to make it less vulnerable to attack, and if used in "darknet" mode, where users only connect to their friends, is very difficult to detect. ??? > > >>>> b) FUD alert on the "What is Freenet?" page: > >>>> > >>>> "Freenet does not let the user control what is stored in the data store. > >>>> [...] Files in the data store are encrypted to reduce the likelihood of > >>>> prosecution by persons wishing to censor Freenet content." > >>>> > >>>> (Agreed. We are scaring some people away before they even reach the > >>>> download page. I don't think we should hide the facts, but rather give a > >>>> reasoned explanation for the ways Freenet do things.) > >>> I guess there is a language issue here yeah... > >>> > >>> How about this? (deployed): > >>> > >>> 'Users contribute to the network by giving bandwidth and a portion of > >>> their hard drive (called the "data store") for storing files. Files are > >>> automatically kept or deleted depending on how popular they are, with the > >>> least popular being discarded to make way for newer or more popular > >>> content. Files are encrypted, so generally the user cannot easily > >>> discover what is in his datastore, and hopefully can't be held > >>> accountable for it.' > >> Much better, yeah. > >> > >>>> c) On the "Philosophy" page: More focus on what Freenet actually *can > >>>> do* for citizens living under censorship and the like. > >>> Isn't that what "What is Freenet?" is about? > >> Well, yeah, except it doesn't really say anything about it on that page > >> either. > > > > It does now IMHO. Have you read the current version? > > Yeah, it does mention what you can do with Freenet in general. Dunno. > > >>>> e) On the "Download page": No idea what a "node reference" is. (Could be > >>>> rephrased or explained better) > >>> That's why it's in quotes, and the "Add a friend" page does explain it. > >>> Do you have any suggestion as to how to improve the wording? > >> Perhaps add a paranthesis explaining the term? > > > > Is it a problem? If he clicks the link to Add a Friend it will explain it > > to him? > > Given that he has a node running (it links to localhost fproxy). It is > not a problem, just a minor usability quirk IMHO. Not sure what can be done here. I mean if you actually open the page it's obvious what a noderef is. > > >>>> Very annoying to be asked to install a second > >>>> browser. In this case, a third (using FF with IE as backup. And user is > >>>> asked not to use IE). More FUD about history leaks. > >>> FUD stands for Fear, Uncertainty and Doubt. Unfortunately, the warnings > >>> about browser history stealing are factually true. Perhaps there is an > >>> argument for not naming such attacks if this intimidates people? Is the > >>> problem with IE important? There are possibilities for working around it, > >>> there has never been much enthusiasm for implementing them (even from ian > >>> who tends to be usability oriented). > >> Exactly. The user is fears the consequences of history leaks and is > >> uncertain what he ought to do, and thereby doubts his security and > >> privacy using Freenet. > > > > He knows what he needs to do - use a separate browser. Don't we make that > > clear? It may be annoying but it is clear, no? > > It is indeed very clear, but as you say, also damn annoying. If > possible, I think we should avoid annoying the user. Well, any suggestions you may have... afaics the best option on windows is to run Chrome in incognito mode, and tell the wizard not to show the warning. But in that case we need to warn the user if they ever use another browser - and we can't tell the difference between Chrome in incognito mode and Chrome not in incognito mode, so I think we should display the warning anyway, we just need to rewrite it a bit for the case where we are using Chrome in incognito mode: "You must always use a browser with incognito mode for Freenet! You are currently using Freenet through Chrome in incognito mode. This should be safe. You should always access Freenet using Chrome in incognito mode, or through a browser you do not using for normal web browsing. The Browse Freenet link on the start menu should use Chrome in incognito mode, and so should be safe. Most browsers will work well with Freenet, except for Internet Explorer. Click here to continue." ??? IMHO this is much less annoying, while still getting the message across. Obviously it needs to be tweaked a bit when we have a systray icon. > > >> IMHO we are exaggerating with this warning page. > >> > >> Dunno about IE? Is version 7/8 "secure enough"? > > > > The problem with IE is a deliberate policy decision to ignore MIME types on > > most files. There is a registry key to fix it. I think it has improved > > slightly in recent times but avoiding it is not easy. > > We ought to re-test this under version 7/8? IIRC it reduces the number of MIME types for which it guesses based on content... I suggest you look into it. > > >> Chrome actually has an online installer - but only supports XP SP2+ and > >> Vista. We could also simply link to the project page of FF when they > >> implement a (hopefully working) incognito mode... > > > > :| > > > > XP SP2 is most of our users though... > > > > The user might want to install something else? We need a warning box, a > > choose a browser box, with integrated Chrome install on appropriate OS's, > > and with the ability to wait while the user installs a browser and redetect > > it, plus once the user has chosen a browser we tell the node (when running > > Browse Freenet) that they have done so and we don't need to show the > > warning page in the wizard. Ok? > > We could also simply recommend getting Chrome in the fproxy warning. > Would be easier to maintain, and the user will have to time to consider > it (might be hard to make that decission before you even have tried > Freenet and have no idea if you are going to keep it). > > If user installs it later on, it will automatically be picked up in the > launcher, which would then pass on the "incognito"-flag to fproxy. We want the user to be secure when they install Freenet. As much as is reasonably possible without interfering too much with usability. No? > > >>> The Browse Freenet script should pass in a flag if it is sure that it is > >>> starting a browser in privacy mode. Having said that, shouldn't the user > >>> be aware of this issue? A false sense of security can do > >>> a great deal of damage... > >>> > >>> https://bugs.freenetproject.org/view.php?id=3247 > >> You need to remember to submit them under "wininstaller" and not > >> "installer" if you want me to realize that you submitted something for > >> me to work on ;). > > > > Well, it's another joint-effort bug, you'll need me to implement the option > > for the wizard. > > True. Guess I'll just keep an eye on "installer" bugs too then. Or maybe > it ought to be 2 reports really... > > >>>> g) Confusion about the "automatic IP detection". Why does Freenet needs > >>>> my address when I'm supposed to be anonymous? > >>> So Freenet uses a magical invisible protocol that doesn't involve sending > >>> any packets over the internet, doesn't require new hardware, and is > >>> completely undetectable? > >>> > >>>> What is JSTUN? What should > >>>> I do on this page? (Agreed.) > >>> The UPnP explanation is okay, right? > >>> > >>> You want a *full* explanation for JSTUN? > >>> > >>> JSTUN: > >>> Currently: > >>> "Enable automatic IP address detection via JSTUN. Uses central servers > >>> (also used by e.g. internet telephone programs) to find out your IP > >>> address. Turn off if you are concerned about this." > >>> > >>> Longer: > >>> "Enable automatic IP address detection via JSTUN. Freenet is a > >>> distributed network, therefore other Freenet nodes need to know your IP > >>> address in order to connect. Because most computers are not directly > >>> connected to the Internet but go through routers, modems and so on, and > >>> most computers' IP address changes regularly, the easiest way to > >>> determine your current IP address is to ask some central servers which > >>> are also used by Internet telephony programs. If you are worried that > >>> this might be used to identify your use of Freenet, you should turn this > >>> off, but you will need a static IP address, a direct internet connection > >>> or some other way of finding your address such as a dyndns.com address. > >>> Note that dyndns is blocked in China!" > >>> > >>> Shorter: > >>> "Enable JSTUN. Turn this off if you have a static IP address or a dyndns > >>> address." > >> I don't know what the best way is. I'd personally like not having to ask > >> the user about this technical stuff. > > > > Unfortunately it has security issues for really paranoid users ... > >> UPnP for IP detection should always be safe to enable? > > > > Unless the user is on an untrusted LAN or is directly connected to > > building-level NATed ethernet, as is common is eastern Europe and probably > > many other places. > > Even if we are on untrusted LAN, does it matter? Loads of apps probably > do this? We could probably be identified by it. Plus a local bad guy (with access to another external IP) could possibly send us a false IP address and thus eavesdrop on our traffic. He probably wouldn't be able to decrypt it though... > > >> Your peers can tell you your IP address on opennet? When UPnP fails on > >> darknet, you could ask the user if he wants to enable the JSTUN plugin > >> (with a proper explanation, like your long version above.) > > > > Where would we post such an explanation? Messages on the homepage are > > supposed to be short! > > Short explanation (single line or so) with a "more info" expandable link > like the various OS installation instructions on the download page of > freenetproject.org. Put it on the page with the darknet node reference > if the IP is unknown. It takes time to detect our IP address. And if two nodes both of which don't know their IP, or two nodes one of which knows its IP but isn't port forwarded, exchange noderefs, then it won't work well. In any case, even on opennet, the port forwarding part of UPnP is fairly essential to good connectivity, and if we are double-NATed (which is pretty common), we will need JSTUN as well. But because both of these things potentially lead to attacks and detectability, we need to ask the user about them. "Enable Universal Plug and Play. Disable this if you are directly connected to your ISP (e.g. via dial-up modem or building-level ethernet) or have untrusted people on your local network, and you are worried about local attacks. Most users should leave this enabled." > > > JSTUN does help even with opennet, but yes it probably isn't necessary - if > > we lose all our peers, we reannounce, and seednodes tell us our new IP > > address... > > Hmm. It is true that we pick up our IP address from our seed servers when we connect, but on the other hand, this does need to be tested; we need to connect to 3 or so to be confident about our IP address, meaning we should wait until then before sending announcements, so there may be complications... Perhaps JSTUN should default to off on opennet? Anything that discourages users from using darknet is a *BAD THING* in terms of their security individually and the robustness of the network at large. "Enable automatic detection of our IP address via STUN servers (also used by telephony apps). This generally makes your connection more reliable, especially if you only connect to friends. However it might be used to help identify your node. You do not need this if you have a static IP address, and tell the node what it is, or if UPnP works (above), but UPnP tends to be unreliable. Most users should leave this enabled." And yes, we do tell the user to load the plugins if we don't have IP detection plugins loaded and are having difficulty detecting our IP address. Although IIRC we don't tell them if we just have UPnP loaded, we probably should... > > > On darknet you really need one of the two, or a static/dyndns IP address, > > or at least an online peer that hasn't changed its address... > >>>> h) FUD on the main fproxy page after finally getting through the wizard: > >>> Is there an implication here that it is too long? Any suggestions as to > >>> what to take out? Taking a big chunk of the user's disk space and > >>> bandwidth without asking used to lose us quite a few users. Making > >>> assumptions about security is likely to cause problems for those few > >>> users that do need it... I have considered getting rid of the welcome > >>> page at the beginning that allows you to not use the wizard... > >> A bit too long, yeah. On top of my head: > >> > >> Welcome page: Move general info to next page, put a skip button in the > >> header/footer/corner somewhere on all other pages instead. > > > > Or just get rid of it. IMHO just casually skipping it is the easy way out > > and will require us to implement dangerous defaults. We should just dump > > it. Advanced users will figure out that once you get past the browser > > warning it will think you've completed it anyway, everyone else needs to go > > through the wizard. > >> Ram usage: Don't ask. Either use static default (as now) or dynamic > >> according to available memory. Advanced users can adjust it in settings > >> afterwards. > > > > We don't ask for ram usage any more. Do we? > > We did not very long ago. Dunno? We don't. > > >> IP detection page: See above. What about the "Welcome on board!" page? It is repeating ourselves, isn't it? Does it contribute anything of value? > >> > >> Security levels: Perhaps figure out some smart way to merge either some > >> of the levels or some of the pages? > > > > One very looooong page which nobody will read? IMHO they are logically > > distinct, and significant. For example, if the physical security level is > > set to LOW temp file handling and thus the responsiveness of the node are > > considerably improved. Arguably we only need a friends security level if we > > add darknet peers, but we want users to add darknet peers, and we want to > > be secure by default, i.e. ask them BEFORE they add a peer... > >>>> Big read warning about connecting to the network. (Agreed. Since this is > >>>> to be expected, we shouldn't display a big, fat, red warning box. This > >>>> makes users go FUD and think they did something wrong or something is > >>>> broken. Make it a big, fat infobox instad. > >>> What big red warning? "The node is trying to connect to the network, it > >>> will be slow for a while." ??? How is this FUD? Users don't read, and > >>> have unrealistic expectations, so it is IMHO essential to tell them, > >>> while we have less than 10 peers, that Freenet may be slow for a while. > >>> Several times when I have done test installs this hasn't even shown up > >>> since it has reached 10 peers before showing the browse page! > >> There will probably always be people around who refuse to read. I > >> personally don't think we should sacifice usability for smart users to > >> satisfy the stupid ones :). > > > > I don't see why it is a usability issue, we are simply telling the user the > > facts. > >> It's not so much the size that bugged the reviewer, but rather the fact > >> that it was presented as a *red warning* and not as an white infobox or > >> similar. > > > > Messages do not belong in infoboxes, they belong in messages. If you want > > the detail you click on it and it will show you the detail in an infobox. > > So really what he is complaining about is the little red X icon next to it. > > The purpose of which is to draw the user's attention. This is only shown if > > bootstrapping is particularly slow as I mentioned above... > > I think I'm explaining myself poorly. The format of the text is good, it > just shouldn't be a marked red (with icon + the whole box turns red > because of it). The format of the text is identical for any message. > > Since the node won't connect to opennet peers before we go through the > wizard, it most likely won't have 10 peers when the user sees the fproxy > homepage for the first time. Depends on how fast bootstrapping is, we start adding opennet peers as soon as the network seclevel is set. > > - Zero3
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list Devl@freenetproject.org http://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
