De-anonymization / IP leaking when using the Firefox plugin

while reading the Let’s Create The First SAFE Web! topic, I had this evil tought:

“what if I put a simple Google Analytics snippet on my safe website?”

In this case, can I de-anonymize chrome/firefox (with the plugin/extension) viewers? As the plugin won’t stop http/https connections, I think I can.

Even if JS is disabled, I can also track viewers by adding an image tag pointing to a server of mine (eg: <img src="http://myserver.com/track.jpg">), which I’ll use to record all IPs accessing the page.

Using this technique, a government can create honeyspots blogs to track possible dissident readers.

Is that a real concern or I’m missing something?

EDIT: I’ve changed the title from “IP leaking / De-anonymizing SAFE websites viewers”, because the topic is related specifically to the Firefox plugin.

3 Likes

Nothing can stop you from putting google analytic code into your put data. However, with WoT in place, the data structure would be graded as risky click; malicious tracker.

This is my concern as well. But do not fret, there will be apps that only accepts data that contains no malicious tracking scripts.

1 Like

It helps if/when you realize a person today can hardly come up with any unique idea. The other day I was browsing bitcointalk.org (the crappiest bitcoin site in the known universe…) and I saw at least 2-3 ideas for BTC-based apps posted by other people. If I stayed longer, I would have probably realized that I haven’t had a single original idea since 2010.

As to your question: yes, you’re missing a lot.

  • I can connect to the Internet through Tor (that is, run my SAFE add-on inside of Tor Browser)
  • I could use a SAFE browser (instead of a browser with a SAFE extension) that doesn’t connect to anything except the SAFE network.
1 Like

yeah, on my original post I had this last paragraph:

So, I think it would be wise to advert users to not use the chrome/firefox plugin if they need anonymization. Instead, they should use some SAFE browser which doesn’t allow any http/https connection or force all connections through a TOR proxy. If SAFE will be advertised as an anonymous and safe place to people access information in non-free coutries, the firefox/chrome plugin can mislead people to think they are protected.

but I removed it because my concern it was with the use of chrome/firefox plugin per se, without any additional protection.

2 Likes

Could it help (is if feasible?) to have a little watermark in the top of any content displayed through Firefox saying something like “you’re nearly SAFE”, with a link to a short snippet about risks of using the browser outside the network (if there are any) and also info on how to use the network directly?

4 Likes

I think the safest way is to include in the SAFE plugin a switch that only allows SAFE addresses and blocks any http(s) addresses. (Enable/Disable non-SAFE)

This means that one can surf SAFE without worrying about any content outside of SAFE

7 Likes

This could be automatic, whenever you’re visiting a URL using the safe: protocol, any http(s) is blocked.

4 Likes

I still wonder

Because safe:// could be the real SAFE Network
While sạfe:// is the NSA’s fake SAFE Network

At first sight a normal user woulden’t even spot the difference between safe:// or sạfe://

This is what I liked most about MtGox even though they got hacked, they warned the users to look at the URL

Maybe SAFE Network sites/apps should encourage users to check the url, if they really start with safe://

That would mean your client is compromised, so it’d be too late anyway.

Or your plugin/extension, who knows even web browser.

It would be necessary that the SAFE Network related software are distributed through the SAFE Network itself and not the current internet, which can just be messed with.

I wonder what would happen if Tor Relays could be run on the SAFE Network and the Tor browser implemented the SAFE protocol. That sounds like fun :stuck_out_tongue:

But how do you download the first version, when you don’t have the software?

I wuggest that everyone sends me a self addressed envelope with $5 note in it, so that I can send them back a USB stick with the latest SAFE source code downloaded directly from the official repo. I live outside the US-led spying alliance territory or China, so my download is safer than yours. :slight_smile:

It’s logic that the first version of the SAFE Network, will only be available through the current internet. But it doesn’t mean that future updates have to stay on the current internet, that can be manipulated.

Funny that you mention China, if Github gets DDOS in the future on the current internet, it might be difficult for people to download the software. We don’t want to depend on a weak infrastructure to distribute the SAFE Network.

2 Likes

I have limited technical knowledge, so this may just be a dumb question built upon layers false understanding, so please bear with me. It makes sense that there could be an attempt to compromise the download that people are making from the unsafe internet, as the network grows and becomes more clearly a threat.

(1) Is it reasonable to think that it would be unlikely that bad actors could compromise a false version and trick me into downloading it, if I download quickly after launch?
(2) Assuming I can get a clean download after launch, is it reasonable to think that I can get updates safely through the network?

1 Like

That’s why I’m advertising (uh-oh!) my snail-mail services!

No, it’s not reasonable.

The details of update mechanism haven’t been posted yet, but in the worst case you should be able to get them the same way you’ll get the first release, by downloading signed binaries or building from Github source downloaded over HTTPS.

To understand this a bit better I feel it necessary to understand a few things.

  1. How does firefox handle IP information? Is it stored in a cache on disk, or is dynamically updated in RAM?

  2. What are the limitations of javascript? How much of the operating system does it have access to? Is it limited to the browser?

  3. What limitations do addons or extensions have? Can they scrub all IP information from the browser before every connection to a safe site? If not scrub-able, can the addon fill all the IP relevant area’s in the browsers’ cache with a spoofed address? Can they just block the browser from grabbing any IP information from the users host OS?

I wish! :smiley: Though I wouldn’t hold my breath. Browsers are very complicated systems that require anticipatory design for countless use cases and functionality. It’s going to be awhile. :disappointed:

That would mean a bunch of people would first have to be compromised before others are informed. I’d rather everyone be SAFE :smile:

That address would refer to another network altogether. The safe plugin should only resolve safe:// addresses and not the former. As a result, an “address not understood” would be displayed unless the plugin is compromised.

This should be easy enough. Though javascript is a tricky little bastard and browsers are generally not very secure. It would be nice if the SAFE team just reconfigure the TBB to work strictly with SAFE. Connecting through Tor would be inconvenient

@dirvine . Please chime in whenever you have time. The above seems too easy an attack vector to have been overlooked. Which means you likely have a solution as usual. Please enlighten us when your not in the ring with your code :grinning:
.

There are open source browsers, so much of the work there should be done already. The real problem would be getting people to actually use the browser, and that’s why getting safe to work with firefox is so important.

IMO it is likely (reasonable) but not guaranteed.

You will be able to verify this though, by comparing the hash of what you download, with the hash that I’m sure MaidSafe will publish - so long as you check this too has not been subverted. Although I would not be surprised if @dirvine has some clever idea to make this confirmation automatic! I would think an automatic verification mechanism could be built into the network, or provided using some other secure mechanism.

The first release will have to be downloaded from somewhere else (or otherwise you’d have to trust the Firefox add on, which is a chicken and egg problem.)

The problem is not new and Linux distros have been distributing signed binaries for ages. Get the signing keys, verify the binaries against them, install.

The same works for Firefox add ons: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/

Nothing to see here, move along…

2 Likes

Exactly, but as I said, there may be even easier ways - to be revealed :smile: . Not many people know how, or bother, to do that.

1 Like

A magnet link has the hash of it’s content in it right? So linking a torrent that way is pretty secure I think. What @janitor said is best, but of course there will be plenty of people who don’t bother with confirmation of signatures.

1 Like