On Thursday 04 Apr 2013 05:35:16 Paulo Makdisse wrote: > Hi there, > Nice work Irfan Mir. > I'm trying to understand the rationale behind those questions. Sorry if > I've missed something, correct me were I am wrong please. > > 1) Do you know someone who runs Freenet? > > Does freenet have an expressive number of users and are most new users > newbie users that have a friend in freenet? > I mean, if we know that +80% of the users that see the wizard are 'first > timers' or newbie users and, even if they have a friend in freenet, they > don't have the friend noderef to add him now, these question can be placed > somewhere else. If he is installing freenet because a friend told so, is > very likely that this friend will provide the noderef necessary to be added > as a friend and explains how to do it. IMHO wizards are better to > configuration related questions, the darknet mode looks more like a feature > than a configuration. Maybe we can place this question in a 'dashboard' so > the user can add a friend after he is already inside the freenet. I'm not > saying that this question is not needed, I'm just wondering if it's needed > in the wizard at the current status of freenet. Am I wrong if I believe > that most new users don't have any noderef and are just trying freenet out? > (do we have some information or statistic on this?)
Eventually we will have "invites", which are either short strings (like fingerprints or registration keys), or are an installer with a built-in node reference. However, right now, we don't. If we were to just assume everyone wants to use opennet we'd need a big flashing warning explaining that Freenet's security is totally hopeless and you need to add some friends for it not to be so. Of course we probably should have that anyway... Some users really do need some level of security. We cannot assume everyone is happy with "a clever bored student could trace your posts" (hey, I'll be a student next year! ;) ). The best way to get some security now is darknet. Some users will be able to do that. > > 4) (optional) Would you like to set a password? > If I got it right this password will encrypt the user downloads. If the > user downloads something from freenet which he thinks it needs encryption > will he rest just with freenet build-in encryption or will he use an > external tool? I think that the kind of user that could answer 'yes' here > already use an external way to encrypt his files. It seems very likely to > me that this user have more content that needs to be protected and already > thought about this, and if so he is not the kind of user who relies on > 'generic' encryption solutions. Again, maybe this is more like a feature > than a needed configuration. Again, some users have real security needs. Feedback from bad places is that physical security is the most important issue - what you have on your computer is most likely to get you killed. And common sense says that 1) people aren't necessarily going to wait hours to install Truecrypt *before* they try out Freenet and 2) in particular they may not have intended to access stuff that will get them into trouble before they installed Freenet; they may have only vague ideas but then find something interesting AFTER they installed it. Security-wise, the difference between asking them when they install and asking them later is marginal though. Maybe we need a dismissable reminder "How to improve your Freenet security" ? > > IMHO the questions about the disk space and network are enough for the > wizard (all the user probably want now is to see the 'face' of freenet). And get busted. Fast. As soon as we reach a large enough size for it to be worthwhile. And have traces of everything he's visited on his computer, accessible without a password (the problem here is if we don't cache stuff on disk, it's a lot slower, and it increases our vulnerability to remote attacks). And yes, that's a technical problem, not a usability one. Unfortunately on a technical level, on opennet, it's probably not solvable. IMHO strong security is likely only feasible on darknet. And the reason we don't have a big darknet (friend to friend network) is that right now, usability for connecting to friends sucks (for some reason that I'm not quite clear on exchanging small text files called noderefs with your friends is an extremely difficult task); there are ways to improve on this. > I think that further protection must be treated as a advanced feature where > the user really have time (and attention) to understand what he's doing and > the implications and limitations of it. > > Irfan, I'm doing some usability work in the interface, let me know if I can > help you with something. > > Paulo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Devl mailing list [email protected] https://emu.freenetproject.org/cgi-bin/mailman/listinfo/devl
