@imachug

I just downloaded the site and I think this is absolutely not okay! If someone want to have a mirror than create the mirror instead of playing in this network with iframes. Having iframed a clearnet site in this network actually makes the entire network totally useless. The entire point of this network to be decentralised and yet here we are iframing clearnet sites.

In the other hand a clearnet site with X-Frame-Options: deny or a Content-Security-Policy: frame-ancestors 'none' pretty much end this party... 🙄

This must be prevented instead of adding option to /Config..

You didn't get the idea -- it's not about iframes in particular, it's about using Clearnet resources like images, scripts, APIs, etc. It looks like I didn't underline that in the issue body though -- sorry for that.

No. I'm absolutely against of seeing any site on this network which basically mirroring entire websites. This is far beyond of loading some innocent images.

Once again: this issue is not about mirroring entire websites; it's about ZeroNet-to-Clearnet communication.

Take a look instead to this: #2644 (comment)
This iframe issue must wait for others opinions as well.

Take a look instead to this: #2644 (comment)

There is no need to fill this issue with useless references to other issues, I'll look at them anyway.

This iframe issue must wait for others opinions as well.

Oh god, do you get it that it's not about iframes at all? It's about scripts, or fonts, or APIs -- but not about iframes in particular.

@imachug 😡
@HelloZeroNet @shortcutme 👇

Should never load a goddamn thing from clearnet. This is totally against the purposes of the network.

Clearnet stuff can disappear or change to bad and than you site will have a meltdown.

I'm against anything which is on clearnet. ZeroNet is a refuge not a place to invite the Interpol and other agencies.

Lastly, any attempt to make connections to clearnet should be avoided in order to preserve anonymity. Even if you use Tor with ZeroNet cloudflare or any other American captcha protected "service" (which mainly makes profit on selling personal data) would seriously make your life very difficult. They, all blocking Tor. Maintaining anonymity with clearnet requests from ZeroNet for any purpose is irresponsible, dangerous and many people would end up in jail!

Wrong. Use case: ZeroNet social network that allows you to add and verify your email/Facebook/etc. This requires a call to an external service.

We have zeroid.bit and anyone anytime can create a different service anonymously. We don't need unencrypted email verification originating from ZeroNet nodes and especially we don't need facebook or any other "social network". This can not only result in imprisonment but if someones identity who runs millchan and other very sensitive sites exposed, that person actually even facing serious body harm and possible death.

ZeroNet never should allow any call for any external services. If that is going to be implemented in ZeroNet than it should be renamed to Crypt of ZeroNet (not crypto, burial place).

If you are on any social network better you watch this:
The Social Dilemma https://www.imdb.com/title/tt11464826/

You are using a social network right now - GitHub. I am not advocating for running Facebook on ZeroNet, i.e. a social network with censorship and spying. Linking external accounts, which is my use case, is not mandatory for the main service but is a nice bonus.

Bonus time in jail. ZeroNet should avoid any external resource to be loaded. If someone playing with iframes in iframes, fine. But to allow loading anything from facebook or any other network including from GitHub is strongly discouraged.

For http://127.0.0.1:43110/1ADQAHsqsie5PBeQhQgjcKmUu3qdPFg6aA a lot of people would end up in jail and this is nothing compared to other sites on ZeroNet.

Again, no external connection should be allowed ever! In fact iframe in iframe also should be prevented.

For http://127.0.0.1:43110/1ADQAHsqsie5PBeQhQgjcKmUu3qdPFg6aA a lot of people would end up in jail and this is nothing compared to other sites on ZeroNet.

For hosting /tech/? Go on...

But to allow loading anything from facebook or any other network including from GitHub is strongly discouraged.

Even if that Clearnet site is API that was built for that very zite? Even if the request is POST /api/verify-email?.

Why you would need to verify email on ZeroNet? You should use https://github.com/lepture/captcha if you want to verify that the user is human and not a bot... Verifying email is too much.

Are you willing to admit there are more use cases of email than verifying if a user is a bot? My ideology has always been that bots must have the same rights, if not more powerful, than users, so I'm not going to add captcha anytime soon. I just want to allow my users to attach emails to their accounts, keeping the following invariant: as long as you trust the site owner (me), you can be sure that if you send a email to that address, the right person will receive it.

They can attach email without verification, if need to verify that email the user can add a PGP public key (which matching the email in question) to they account and optionally they may sign a message with the PGP Public Key.

You can do that. And there is nothing wrong in doing that. But there are many people who want to use ZeroNet but have no idea what PGP is. For them, email verification is the way.

Teach them what is it.. it is your responsibility. I think if someone get that far that running ZeroNet probably learning about PGP is not that hard to do.

I think if someone get that far that running ZeroNet probably learning about PGP is not that hard to do.

You are overestimating humans. Many people come to ZeroNet not because they don't know about alternatives, but because they are too hard to use for them.

@imachug rage
@HelloZeroNet @shortcutme point_down

Should never load a goddamn thing from clearnet. This is totally against the purposes of the network.

Clearnet stuff can disappear or change to bad and than you site will have a meltdown.

I'm against anything which is on clearnet. ZeroNet is a refuge not a place to invite the Interpol and other agencies.

Lastly, any attempt to make connections to clearnet should be avoided in order to preserve anonymity. Even if you use Tor with ZeroNet cloudflare or any other American captcha protected "service" (which mainly makes profit on selling personal data) would seriously make your life very difficult. They, all blocking Tor. Maintaining anonymity with clearnet requests from ZeroNet for any purpose is irresponsible, dangerous and many people would end up in jail!

You downloaded ZeroNet client from clearnet, and you're now posting comments on GitHub, being on clearnet. Yet, you're against resource loading from clearnet. I think it is a good thing to allow to communicate with resources from all over the places on the net (zeronet to clearnet resource request). But it should be a matter of choice for any particular user: it is up to them to allow or to block such requests.

I think, such requests should be blocked by default, and only allowed per zite (if the zite depends on clearnet resource and want to request it) by the client, who is visiting the zite.

For now, requesting clearnet libraries or chunks of data is a great aid for data to spread, cause inside ZN network itself, in its current state, there often can be 0 peers. With initially blocked access to outer resources, more and more devs will count that moment and will try to migrate their resources fully into ZN network instead just linking them directly (cause it may not work).

Saying this @scsmash3r who follows a sect, the Venus Project. Your absolutely baseless opinion are not welcome here, you just repeating what @imachug said. It doesn't matter how much you want clearnet switch not going to be implemented in ZeroNet and if Tamas does implement it, I going to release my fork of ZeroNet to the public and encourage people to abandon the use of ZeroNet all together, while I will patch all new PR submitted here. I will not allow ZeroNet to become a shitshow for kids who want to link they trash from the clearnet (and put all other users at risk) ,actually neither @imachug nor you want to load your own files from clearnet rather it is about stealing copyrighted material from others and load/use it as your.