On Thursday 01 January 2009 12:26, Ian Clarke wrote: > 2008/12/31 Matthew Toseland <toad at amphibian.dyndns.org>: > > The real browser-related issues are these: > > 1. Security: Browser history is accessible via javascript. There is no way to > > keep sites out of the browser history. > > What about the new privacy mode in the Firefox 3.1 betas, or in the > current version of Safari?
How would we reliably detect this? Does it change the User-Agent string? > > > 2. Performance: Freenet requests can take a long time. If the requests > > are "blocking", then the default browser connection limits are a big problem. > > Doesn't the "loading page" feature that we've already decided to do > take care of this? > > > There are 3 basic options AFAICS: > > I don't really like any of these, it seems like we are trying to > address shortcomings in other people's software - and in the process > creating major usability problems and diverting a lot of dev effort. > > I think *by far* the best solution would be to encourage users to use > a web browser that supports a privacy mode, that way the web browsers > get to worry about this, and we can focus on core functionality, > rather than tinkering around with XUL and Javascript (and pissing off > our users in the process). I disagree, Freenet should be secure by default. If it's insecure it should at least have the decency to tell the user that it is insecure. And the more things that the user has to be warned about, the more mental overhead Freenet takes up, IMHO pointlessly in most cases: this is the opposite of user-friendly! What do you think of the solutions I proposed most recently? That is, to add ?security=<long key dependant string> to freenet URIs (in the content filter and the fetch a key form), and to solve the connections problem as we've discussed, with a page loading screen and some rather more heavyweight javascript solution for loading image-heavy pages? (Admittedly some pages will have the inlines in the same container...) Then we can get rid of the firefox profile. > > Ian. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 827 bytes Desc: not available URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20090102/75cb830a/attachment.pgp>
