On Fri, Sep 06, 2002 at 01:18:26PM +0200, Oskar Sandberg wrote: > > Since I have never worked on it, it has never really bothered me, but it > seems to me that the filter is a lot of wasted effort. I mean, you are > doing something in a place where it is extremely difficult and unsafe > (the proxy) rather than in a place where it could be both easy, safe, > and more use friendly (the browser). Well, since we have to block IE anyway... maybe there's something in that. > > We all agree that we cannot ask most all users to install browser > plugins, because maintaining such for X browsers on Y platforms is not > realistic. But most users probably don't give a hoot about complicated > attacks against their anonymity - wouldn't be easier to just make a > plugin for mozilla, and referr the small minority that do care (and who > are mostly computer litterate) to that? Mozilla is relatively easy to configure to be safe - turn off scripting, set the option to only allow images from the origin server. But it does have one really annoying anonymity-risking feature, which is that it feeds timed out requests into google, and I haven't found any way to stop this. I haven't looked at the code much though. > > > On Fri, Sep 06, 2002 at 12:09:39PM +0100, Matthew Toseland wrote: > > I implemented it. It is absolutely necessary that the user > > know we can't possibly protect their anonymity if they use a > > browser that doesn't respect HTTP mime types. The other point > > - well... maybe we should do a release. It will have several > > really major outstanding issues: the datastore corruption bug > > being the main one, and I'm very suspicious of the anonymity > > filter, which needs to be rewritten as an allow-good-content > > rather than kill-bad-content filter (this is all about > > blocking HTML that might make your browser run scripts or > > contact the external internet, both of which would ruin your > > anonymity). So... we can't do a 0.5, but 0.4.5 might make sense. > > > -- > > Oskar Sandberg > oskar at freenetproject.org > > _______________________________________________ > devl mailing list > devl at freenetproject.org > http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl >
-- Matthew Toseland mtoseland at blueyonder.co.uk amphibian at sourceforge.net Freenet/Coldstore open source hacker. Looking for $coding (I'm cheap) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20020906/d7b702eb/attachment.pgp>
