On Thursday 02 December 2010 21:24:01 Ian Clarke wrote: > On Thu, Dec 2, 2010 at 1:56 PM, Matthew Toseland > <toad at amphibian.dyndns.org>wrote: > > > And we need to consider exactly what we can say about opennet's security on > > the first-time wizard. > > I have noticed a tendency to get a bit melodramatic about security concerns. > Overstating risk is no more desirable than understating risk, and simply > saying stuff like "OPENNET IS INSECURE!!! ALL YOUR BASE WILL BELONG TO > THEM!!!" doesn't help anyone.
If people think they are safe they are more likely to do risky things. If Freenet is not significantly more secure than e.g. traditional p2p, people come to Freenet for security, and then get busted anyway (for sharing secret government documents or whatever), people will be unhappy. > > Where security risks exist they should be described calmly, clearly, and > without hyperbole or value judgements. I'm not sure what you mean by this. > > For example, consider a situation where we tell someone that opennet is > "insecure". So they go and use an open HTTP proxy, which is trivially easy > to compromise, and they go to jail. Have we helped them? What if they go for Tor? Depending on their use case, if they are careful, it might well be safer in many cases. Do we want to have a detailed table explaining the pro's and con's? Nobody would read it! > > I think the challenge is to explain the risks accurately without: > > a) spooking people into using something far worse > > or b) boring them to death with paragraph after paragraph of techno-legalize > disclaimers that they won't read anyway It is a hard problem. But our traditional approach hasn't been terribly honest IMHO. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101202/4b437661/attachment.pgp>
