On Saturday 01 January 2011 13:32:41 Matthew Toseland wrote: > On Thursday 23 December 2010 19:32:31 Matthew Toseland wrote: > > On Tuesday 21 December 2010 00:42:53 Matthew Toseland wrote: > > > On Friday 17 December 2010 15:50:11 Matthew Toseland wrote: > > > > On Tuesday 07 December 2010 17:21:07 Matthew Toseland wrote: > > > > > On Friday 03 December 2010 19:15:22 Klaus Koch wrote: > > > > > > > > It is a hard problem. But our traditional approach hasn't been > > > > > > > > terribly > > > > > > > > honest IMHO. > > > > > > > > > > > > We were talking on #freenet on how to explain new users in a few > > > > > > words > > > > > > (installer?) what freenet's security is all about and how to "warn" > > > > > > them of > > > > > > the shortcomings of opennet. I came up with the following text: > > > > > > > > > > > > "Freenet's security and anonymity is based on the idea that users > > > > > > connect to > > > > > > people they trust. Opennet mode (=LOW security level) is a > > > > > > convenience feature > > > > > > for new users who don't have trusted peers yet and it's security is > > > > > > not as > > > > > > strong as darknet (= MEDIUM/HIGH security level). Use this mode to > > > > > > befriend > > > > > > people you think you can trust. Get the highest security out of > > > > > > freenet by > > > > > > connection to your reallife friends!" > > > > > > > > > > > > somehow there's still missing that even connecting to a coworker is > > > > > > better > > > > > > than a random stranger, but I still struggle to put it into one of > > > > > > the > > > > > > sentences... > > > > > > > > > > IMHO that is precisely what people misunderstand most frequently. How > > > > > about: > > > > > > > > > > Generally on Freenet you are only vulnerable to the users your node > > > > > is connected to. > > > > > Do you want Freenet to connect only to your friends? > > > > > > > > > > YES (DARKNET MODE): > > > > > If you have 5 or more friends who run Freenet, you should enable > > > > > darknet mode, and add them on the Friends page. Freenet will send > > > > > your traffic through them to their friends and the rest of the > > > > > network. This greatly improves your security, because you choose who > > > > > you connect to. You should only add people you know personally, > > > > > online or offline. > > > > > > > > > > NO (OPENNET MODE): > > > > > Freenet can connect to other users automatically, if you don't know > > > > > anyone on Freenet. However, this is a convenience feature offering > > > > > only minimal security against a determined attacker. In opennet mode, > > > > > the bad guys can choose to connect to you, whereas in darknet mode, > > > > > you choose who you connect to. > > > > > > > > > Ian suggested creating an ietherpad page for the wording so we can > > > > collaborate. Please have a look: > > > > http://ietherpad.com/qq8WQKFr7o > > > > > > > This has gone through several iterations between me and ian. My favourite > > > so far: > > > > > > == > > > People your Freenet software connects to may be able to spy on your > > > Freenet activities. If you only connect to your friends (even casual > > > acquaintances), it will be extremely difficult for outsiders to trace > > > your usage of Freenet back to you. > > > > > > Only connect to friends: > > > Advantage: Very hard for outsiders to trace your posts, files, etc back > > > to you. > > > Disadvantage: You need at least 5 friends that already use Freenet. > > > > > > Connect to friends and strangers: > > > Advantage: You don't need to know anyone else that already uses Freenet. > > > Disadvantage: Much easier for outsiders to trace your posts, files, etc > > > back to you. > > > == > > > > > > IMHO talking about outsiders tracing your posts 1) means we don't have to > > > use "bad guys", "attackers" or other iffy or technical language, and 2) > > > expresses the key point: Opennet does *not* mean you connect to random > > > nodes some of whom might be malicious. It means that an active attacker > > > can find you very fast, involving impersonating a lot of nodes to > > > increase his chances, and/or by actively moving towards you. > > > > > > The point is not really the security you have against those you are > > > connected to. It's how hard it is for an outsider to find you with your > > > node initially indistinguishable from any other node. THAT is Freenet's > > > threat model, and IMHO the above sums it up reasonably. > > > > > > Ian's version immediately prior, which is remarkably concise: > > > > > > == > > > People your Freenet software connects to may sometimes be able to spy on > > > your Freenet activities. > > > > > > Should Freenet only connect to your friends? > > > > > > YES (DARKNET MODE): > > > Advantage: Much more difficult for strangers to spy on your use of Freenet > > > Disadvantage: You need at least 5 friends that already use Freenet > > > > > > NO (OPENNET MODE): > > > Advantage: You don't need to know anyone else that already uses Freenet > > > Disadvantage: Freenet will connect to strangers, who may then spy on your > > > use of Freenet > > > == > > > > > > My original long, reasonably clear version: > > > == > > > On Freenet you are only vulnerable to the users your node is connected > > > to. > > > Do you want Freenet to connect only to your friends? > > > > > > YES (DARKNET MODE): > > > If you have 5 or more friends who run Freenet, you should enable darknet > > > mode, and add them on the Friends page. Freenet will send your traffic > > > through them to their friends and the rest of the network. This greatly > > > improves your security, because you choose who you connect to. You should > > > only add people you know personally, online or offline. However even if > > > they are only casual acquaintances this is probably still safer than > > > opennet. > > > > > > NO (OPENNET MODE): > > > Freenet can connect to other users automatically, if you don't know > > > anyone on Freenet. However, this is a convenience feature offering only > > > minimal security against a determined attacker. In opennet mode, the bad > > > guys can choose to connect to you, whereas in darknet mode, you choose > > > who you connect to. > > > == > > > > > This has been deployed in master: > > > > == > > > > Freenet first time wizard! - Who should Freenet connect to? > > > > Who should Freenet connect to? > > > > Freenet is designed to prevent your chat messages, downloads, browsing etc > > from being traced back to you. Freenet can only provide strong protection > > when you know the people you are directly connected to. > > > > Only connect to your friends: > > Advantage: Very hard to trace anything on Freenet back to you. > > Disadvantage: You need at least 5 friends that use Freenet. > > > > Connect to strangers: > > Advantage: No need to know anyone that uses Freenet. > > Disadvantage: Much easier to trace your messages, files, etc back to you. > > > Given that your friends can spy on you, IMHO we need to be even clearer (in > only slightly more words): > > > Freenet allows you to download, upload, browse, chat etc anonymously, to make > it difficult for anyone to trace anything back to you. You can either: > > Only connect to your friends: > Advantage: Very hard to trace anything on Freenet back to you, unless the bad > guys include one of your friends. > Disadvantage: You need at least 5 friends that use Freenet. > > Connect to strangers: > Advantage: No need to know anyone that uses Freenet. > Disadvantage: Much easier to trace your messages, files, etc back to you: > Even if you are not a suspect, they can find you. > Updated a bit. The basic point, which wasn't made previously, and which will otherwise bite us when somebody writes a plugin for it and gets some publicity for that code, is that YOUR FRIENDS *CAN* SEE WHAT YOU ARE DOING. Whereas on opennet, your peers can, and so can the bad guys, who can trace content's author relatively cheaply, with or without connecting to everyone.
Freenet allows you to download, upload, browse, chat etc anonymously, to make it difficult for anyone to trace anything back to you. You can either: Only connect to your friends: Advantage: Very hard to trace anything on Freenet back to you. Your friends may be able to see what you are doing, but nobody else can. Disadvantage: You need at least 5 friends that use Freenet. Connect to strangers: Advantage: No need to know anyone that uses Freenet. Disadvantage: Much easier to trace your uploads etc back to you: Even if you are not a suspect, they can find you. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part. URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20110101/efd74cec/attachment.pgp>
