On Sat, 24 Jan 2009 13:05:41 +0000, Matthew Toseland wrote: > There have been some question marks over whether it is possible to > load an image from an external domain and get a callback when it is > loaded - if so, it may be possible to time fetches of specific sites > from javascript on an unrelated site. Meaning running a web browser > on a system with access to fproxy is dangerous. I haven't tested > this, maybe you'd like to?
It's a well known attack--"cache timing attacks". Pretty similar to css-history attacks. And it's also not hard to prevent. (For history attacks, simply disable history in your freenet profile.) For cache attacks, simply restrict access to fproxy to a separate freenet user on your system. (And, of course, do not use that user to surf the dangerous web--unless, of course, you use a safe browser, like one with javascript disabled. Javascript is, after all, the root of all (website) evil.) Fproxy access can be restricted on a per-user basis very simply with iptables: iptables -A OUTPUT -p tcp --dport 8888 -m owner ! --uid-owner $FREENETUID -j DROP
