On Wed, Dec 18, 2002 at 09:16:02AM +0100, Volker Stolz wrote: > Using the FEC-Decoder and setting fectmpdir will compromise node runners. > During decoding and sometimes when the node crashes files containing > 'cleartext' data remain in the fec-tmp directory which could be used > as evidence against a user. This could even be considered a design-flaw, > you might argue that the fec code doesn't belong into the Freenet node > but into the users web-browser where it'll be all your fault if you don't > use Freenet properly. > > So even if you save all the files downloaded in encrypted > storage (e.g. cfs), you still leave possibly incriminating traces. > > I couldn't find any pointers to this, so I think this should possibly be > documented somewhere (I couldn't find a suitable place in the Wiki). > A warning when starting up with the web frontend might be appropriate, too. The files are by default in a directory called temp within the datastore. If you expect to be compromized, it is reasonable to wipe this directory... and all the other places where the data will be, for example, your web browser cache etc etc. Being safe when they come and confiscate your computer is very difficult, and well outside the scope of the freenet project. > -- > Volker Stolz * http://www-i2.informatik.rwth-aachen.de/stolz/ * PGP * S/MIME
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Employed full time by Freenet Project Inc. from 11/9/02 to 11/1/03 http://freenetproject.org/
msg02388/pgp00000.pgp
Description: PGP signature
