On Friday 17 December 2010 15:50:11 Matthew Toseland wrote: > On Tuesday 07 December 2010 17:21:07 Matthew Toseland wrote: > > On Friday 03 December 2010 19:15:22 Klaus Koch wrote: > > > > > It is a hard problem. But our traditional approach hasn't been > > > > > terribly > > > > > honest IMHO. > > > > > > We were talking on #freenet on how to explain new users in a few words > > > (installer?) what freenet's security is all about and how to "warn" them > > > of > > > the shortcomings of opennet. I came up with the following text: > > > > > > "Freenet's security and anonymity is based on the idea that users connect > > > to > > > people they trust. Opennet mode (=LOW security level) is a convenience > > > feature > > > for new users who don't have trusted peers yet and it's security is not > > > as > > > strong as darknet (= MEDIUM/HIGH security level). Use this mode to > > > befriend > > > people you think you can trust. Get the highest security out of freenet > > > by > > > connection to your reallife friends!" > > > > > > somehow there's still missing that even connecting to a coworker is > > > better > > > than a random stranger, but I still struggle to put it into one of the > > > sentences... > > > > IMHO that is precisely what people misunderstand most frequently. How about: > > > > Generally on Freenet you are only vulnerable to the users your node is > > connected to. > > Do you want Freenet to connect only to your friends? > > > > YES (DARKNET MODE): > > If you have 5 or more friends who run Freenet, you should enable darknet > > mode, and add them on the Friends page. Freenet will send your traffic > > through them to their friends and the rest of the network. This greatly > > improves your security, because you choose who you connect to. You should > > only add people you know personally, online or offline. > > > > NO (OPENNET MODE): > > Freenet can connect to other users automatically, if you don't know anyone > > on Freenet. However, this is a convenience feature offering only minimal > > security against a determined attacker. In opennet mode, the bad guys can > > choose to connect to you, whereas in darknet mode, you choose who you > > connect to. > > > Ian suggested creating an ietherpad page for the wording so we can > collaborate. Please have a look: > http://ietherpad.com/qq8WQKFr7o > This has gone through several iterations between me and ian. My favourite so far:
== People your Freenet software connects to may be able to spy on your Freenet activities. If you only connect to your friends (even casual acquaintances), it will be extremely difficult for outsiders to trace your usage of Freenet back to you. Only connect to friends: Advantage: Very hard for outsiders to trace your posts, files, etc back to you. Disadvantage: You need at least 5 friends that already use Freenet. Connect to friends and strangers: Advantage: You don't need to know anyone else that already uses Freenet. Disadvantage: Much easier for outsiders to trace your posts, files, etc back to you. == IMHO talking about outsiders tracing your posts 1) means we don't have to use "bad guys", "attackers" or other iffy or technical language, and 2) expresses the key point: Opennet does *not* mean you connect to random nodes some of whom might be malicious. It means that an active attacker can find you very fast, involving impersonating a lot of nodes to increase his chances, and/or by actively moving towards you. The point is not really the security you have against those you are connected to. It's how hard it is for an outsider to find you with your node initially indistinguishable from any other node. THAT is Freenet's threat model, and IMHO the above sums it up reasonably. Ian's version immediately prior, which is remarkably concise: == People your Freenet software connects to may sometimes be able to spy on your Freenet activities. Should Freenet only connect to your friends? YES (DARKNET MODE): Advantage: Much more difficult for strangers to spy on your use of Freenet Disadvantage: You need at least 5 friends that already use Freenet NO (OPENNET MODE): Advantage: You don't need to know anyone else that already uses Freenet Disadvantage: Freenet will connect to strangers, who may then spy on your use of Freenet == My original long, reasonably clear version: == On Freenet you are only vulnerable to the users your node is connected to. Do you want Freenet to connect only to your friends? YES (DARKNET MODE): If you have 5 or more friends who run Freenet, you should enable darknet mode, and add them on the Friends page. Freenet will send your traffic through them to their friends and the rest of the network. This greatly improves your security, because you choose who you connect to. You should only add people you know personally, online or offline. However even if they are only casual acquaintances this is probably still safer than opennet. NO (OPENNET MODE): Freenet can connect to other users automatically, if you don't know anyone on Freenet. However, this is a convenience feature offering only minimal security against a determined attacker. In opennet mode, the bad guys can choose to connect to you, whereas in darknet mode, you choose who you connect to. == -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20101221/aae4f706/attachment.pgp>
