Re: [freenet-support] Anonymity of browsing without downloading

2016-09-27 Thread Eric Tully
Durran,

 There are lots of good and legal reasons to use Freenet.  Most
 people assume that tools like Freenet and Tor are for criminals -
 and yes, I have a feeling that there are some criminals who use
 anonymizing tools - but one good example might be computer virus
 researchers.

You want to be a better programmer, you want to study existing viruses,
you want to develop tools to eliminate viruses, and you want to learn to
write software that doesn't contain vulnerabilities in the first place. 
 In the process of researching viruses, you could possibly visit web
sites that try to infect your computer - or they have pop-up ads on
their site that have less than honorable content.  With all of the
javascript, html, and images loaded behind the scenes that you didn't
specifically request - and may never have seen on your screen - you
could end up with cache that contains material that your HR department
could use to fire you or that police could use to put you in jail.

 So... with that much to risk, you don't want to use a commercial
 product that won't let you look under the hood.  Imagine buying
 "Anonymity" software that runs and makes all sorts of promises
 about how you're completely invisible.  Since you can't see the
 source code,  you have NO IDEA whether they're telling the truth or
 not.  And here's the important part:  THEY HAVE EVERY REASON TO
 EXAGGERATE HOW WELL THEIR SOFTWARE WORKS.  They could lie to make
 the sale, sell you the software, and when it turns out to be a lie,
  who goes to jail?  Hint:  Not them.

 But here's the thing:   When you decide to use open source software
 so that you can avoid that trap,  you can't just send out an email
 and say, "Hey, does this stuff really work?"  Because, just like
 the commercial software, you're going to get answers... and if
 those answers turn out to be wrong,  who goes to jail?   Still not
 them.

 No matter whether you're a virus researcher... or a bad guy who
 wants to commit crime anonymously... are you really going to trust
 the word of a complete stranger who you've never met, can't see,
 and who doesn't owe you anything?  If you're REALLY concerned about
 the consequences of getting caught (whether you're a good guy or a
 bad guy),  asking the question "Does this stuff really work?"  is
 completely the wrong way to be safe.   If you're REALLY concerned, 
 there's only one way:   learn to program,  read the code,  learn
 how browsers and operating systems work, study the Freenet source
 code,  and then TEST TEST TEST.   For example,  scan your hard
 drive for a bunch of blue pixels.  If you don't find any, put an
 image with all blue pixels up on Freenet and surf for that image
 using Freenet.  Then hire some forensics guys to search your hard
 drive for blue pixels.  If they find any,  then you KNOW that the
 stuff doesn't work.  If they don't find any, then you're getting
 closer to trusting the software.  Then interview more forensics
 guys and ask them what they know that the first forensics guys
 didn't know.  And have them scan your hard drive.  The more you
 learn, the more confidence you'll have about how to use anonymizing
 tools correctly and how well they work.

 But if you just ask, "Is this stuff any good?" and someone says,
 "It's perfect",  is that really going to make you feel better when
 you get fired or arrested or your girlfriend leaves you?   

 And if you ask, "Is this stuff any good", and someone says, "There
 SHOULD not be anything which can be CLEARLY traced to your usage,
 AS LONG AS you use...",  there are so many qualifications in that
 sentence that it's pretty much not even an answer.  (I mean, good
 for Arne for being clear that he's not 100% certain that it's
 perfect).  When you get an answer like that,  it should be clear to
 you that asking online isn't going to help you when you end up in
 court.  This is one of those times when you can't rely on a free
 answer you get on the Internet,  you need to LEARN and TEST if
 you're actually concerned.

 Of course, if you're just trying to keep your mom from knowing that
 you used the computer to look at boobs,  then maybe that answer is
 good enough.


- Eric





On Sun, Sep 25, 2016, at 06:01 AM, Arne Babenhauserheide wrote:
> Dear Durran,
> 
> There should not be anything which can be clearly traced to your usage,
> as long as you use at least "low security" (not None!). Forensic
> analysis might still reveal stuff, however, for example from browsers
> leaking memory into swap or disobeying caching policies even in
> incognito mode, or from not completely deleted files.
> 
> To be more secure, encrypt your disk (then deletions work more
> securely).
> 
> There will be encrypted fragments of many different kinds of files on
> your 

Re: [freenet-support] Anonymity of browsing without downloading

2016-09-25 Thread Arne Babenhauserheide
Dear Durran,

There should not be anything which can be clearly traced to your usage,
as long as you use at least "low security" (not None!). Forensic
analysis might still reveal stuff, however, for example from browsers
leaking memory into swap or disobeying caching policies even in
incognito mode, or from not completely deleted files.

To be more secure, encrypt your disk (then deletions work more
securely).

There will be encrypted fragments of many different kinds of files on
your computer, but these do not need to correspond to files you
requested yourself.

Best wishes,
Arne

Durran Mix writes:

> Spam detection software, running on the system "freenetproject.org",
> has identified this incoming email as possible spam.  The original
> message has been attached to this so you can view it or label
> similar future email.  If you have any questions, see
> the administrator of that system for details.
>
> Content preview:  Hello, If I browse freenet sites without downloading any 
> content,
>while using incognito mode, will there be anything incriminating on my 
> computer?
>Also, same scenario but what if i fully delete and uninstall freenet after
>each browsing session? [...] 
>
> Content analysis details:   (5.5 points, 5.0 required)
>
>  pts rule name  description
>  -- --
>  2.0 FREENET_FROM_BACKUPMX  Received from the backup-MX server
>  0.0 FREEMAIL_FROM  Sender email is commonly abused enduser mail 
> provider
> (zep_rocks[at]hotmail.com)
>  0.8 BAYES_50   BODY: Bayes spam probability is 40 to 60%
> [score: 0.5502]
>  0.0 HTML_MESSAGE   BODY: HTML included in message
> -0.1 DKIM_VALID Message has at least one valid DKIM or DK 
> signature
>  0.1 DKIM_SIGNEDMessage has a DKIM or DK signature, not 
> necessarily valid
> -0.1 DKIM_VALID_AU  Message has a valid DKIM or DK signature from 
> author's
> domain
>  0.8 RDNS_NONE  Delivered to internal network by a host with no 
> rDNS
>  2.0 FREENET_LOC_SHORT  Contains short body and URI
>
> The original message was not completely plain text, and may be unsafe to
> open with some email clients; in particular, it may contain a virus,
> or confirm that your address can receive spam.  If you wish to view
> it, it may be safer to save it to a file and open it with an editor.
>
> ___
> Support mailing list
> Support@freenetproject.org
> http://news.gmane.org/gmane.network.freenet.support
> Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
> Or mailto:support-requ...@freenetproject.org?subject=unsubscribe


-- 
Unpolitisch sein
hei├čt politisch sein
ohne es zu merken


signature.asc
Description: PGP signature
___
Support mailing list
Support@freenetproject.org
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://emu.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:support-requ...@freenetproject.org?subject=unsubscribe