> The only thing that could be 100% effective would be to set your browser > to use a real proxy for all protocols which would perform http->freenet > relaying like fproxy but would block any outgoing non-freenet traffic. > > After I finish some of the stuff I'm working on, if no one else steps up, > I will write one of these, maybe as a service to be run with the node, > maybe external.. dunno.
The 100% solution is to both filter HTML and to install a SOCKS proxy which blocks all traffic except for port 8081. Okay, really the 100% solution is to write a customized web browser which doesn't do anything except for render a single HTML page (no redirects, javascript, java, images, forms, or handling of non-HTML context types except for saving them to a file, and no plugins), but that's dumb. So it's silly to say we shouldn't filter HTML because even with a SOCKS proxy you still have to keep your web browser from being tricked into inserting time bombs and so you still have to check for javascript and java, which can be used for this purpose. Also, not everyone is going to want to use the SOCKS proxy. Why? Because it's a big pain in the ass. When you're browsing Freenet, you can't do anything else. Sure, this is a *great* thing for when you're being ultra-paranoid, but some people don't want to make such a big commitment. The filter can eliminate the majority of privacy issues without being a hassle. That's why it has to be an option. It's just fine if we have an installation option where you can enable the SOCKS proxy or the HTML filter (or both) and it warns you that the SOCKS proxy is the only 100% way to guarantee privacy. Also, there needs to be an easy way to ensure that the SOCKS proxy is turned on when FProxy is in use and turned off when it's not (or perhaps FProxy is turned on when the SOCKS proxy is turned on) or else it will be very painful to run a node since you won't be able to use the normal Internet. Also, anything which requires manual configuration and manually turning it on and off is not worthwhile because people won't be able to use it. _______________________________________________ Devl mailing list Devl at freenetproject.org http://lists.freenetproject.org/mailman/listinfo/devl
