Decentralized Apps


Thanks, those links are definitely helpful. So let me see if I have this right. (Please correct me if I’m wrong on any of these points, or missing any important details.)

  • The MaidSafe core provides the following raw resources to users:

    1. Access to a decentralized, private, persistent file store on the MaidSafe network
    2. A PKI, which can be used to look up the Public Keys of other users
    3. Access to public data from other MaidSafe users
    4. The ability to contribute portions of your system resources to performing the above services, in exchange for Safecoins.
    5. Something else? I feel like I’m missing something here, as the above functions don’t seem like enough to allow for some of the suggested use cases mentioned on MaidSafe’s website, like VOIP or dynamic websites.
  • MaidSafe compatible applications can be distributed through any means, including by utilizing the access to “public data from other MaidSafe users” mentioned in the list of raw resources above.

  • The MaidSafe app launcher launches regular desktop applications that are built to work with MaidSafe, and gives them sandboxed access to the above MaidSafe resources.

  • The MaidSafe launcher does not do any additional special sandboxing of the applications it runs. If you want to stop them from (for example) stealing your local files or wiping your hard drive, you’ll have to either trust the application you’re running, or use something like AppArmor, just like how it is with other desktop apps.

I’m especially interested to know about this last point.

popcorn time would be a perfect app it is open source and a nice looking video interface.

You’d need to rig it to use SAFE instead of bittorent.

Okay so is it psosible to log out or what? Say I wander away from the computer or want to let someone else use it. How do i let User B use the computer without assuming my SAFE identitiy and using my files?

Here’s another useful bit of information I found which gives an example of how a MaidSafe app might work: (AFAIK it doesn’t use the launcher though.)

This is not the case, the network is designed to be completely trustless. It is not possible for third party apps to steal your files, or wipe your HD. I think you will find the following thread helpful, specifically the part about the privalidges given to each app:


That’s a great question. When you are logged in, others who use your computer can use your identity. Think of it like letting open your Facebook-page and leaving your computer. So to be safe, you need to log out, or maybe the client will lock after some time, and asks for a PIN again.

I took that to mean that the application doesn’t get direct access to the user’s files on the Maidsafe network, not that the application has restricted privileges on the user’s local box. E.g. If I install a MaidSafe app on my desktop, it won’t be able to access my MaidSafe files, but it could still compromise files and programs on my local machine. Am I interpreting that wrong?

If the applications are sandboxed to not have access to the user’s local files (e.g. files not stored on MaidSafe), could you explain how? Is it like the JVM or a browser sandbox, where apps have to be built entirely around the MaidSafe APIs? Or is it more like AppArmor, where you can code in any language you want and use standard system APIs freely, but have to comply with the security policy defined by the sandbox.


Going off of that video I linked a few posts ago (, it seems MaidSafe also provides some means for encrypted peer-to-peer connections between individual MaidSafe users?

This is correct, please take a close read at this topic by Viv. He’s a developer for Maidsafe and wrote a very large explanation on this topic. I think most of your questions are answered there.

In the standard behavior, the Apps in the Safe Network will be associated to a concrete PMID (Proxy Maidsafe ID) and a sandboxed user space associated with this PMID.

Go beyond this allowed space will require the express permission of user.

1 Like

Yes, I read that earlier when you linked it previously (well, the main topic anyway, I only skimmed over the 68+ replies that came after it). There didn’t seem to be any mention in there of restrictions on the actions apps could perform on the user’s local box, only on actions taken within the MaidSafe network. That’s what I was confused about.

Also, I didn’t see anything in that topic about allowing encrypted peer-to-peer connections between specific, individual MaidSafe users. (E.g. Like what would be required for chat applications like the one in the video I linked.) It only discusses connecting to “the MaidSafe network”. Maybe I’m just not understanding what capabilities “the MaidSafe network” provides beyond file storage?

Okay, that makes sense. So apps run with the launcher are basically executed in a chrooted Linux container, or whatever the MaidSafe equivalent of that is?

The system is pretty big and some of the thread discussions are quite specific. The Crust library is responsible for connections between nodes. To give this some context the network stack is demonstrated here.

In terms of the networks capabilities, it is possible to run any web service possible on the current Internet: VOIP, streaming sites, exchanges, storage, social networks…etc…on the SAFE Network. The difference being that the infrastructure is decentralised and privacy and security and user control over their own data is the default setting.


Yeah, I think that’s partly why I’m having so much trouble wrapping my head around the whole thing. MaidSafe seems to be a fairly complex system with a lot of interconnected components; so even with all the reading I’ve done so far it’s still difficult for me to see how all the pieces fit together.

I guess what I’m really trying to ask is, laying aside all the implementation details for now, what specific abstractions does MaidSafe provide to me as an application developer? Based on my current understanding of the platform, I believe that MaidSafe provides my application access to the following resources:

  1. Access to the underlying MaidSafe network. This network is an overlay network built on top of the internet, and behaves very much like the internet itself. Every node and every piece of data on the network has it’s own unique 512-bit address (which also doubles as a public key?). If I have an address, I can send messages to the node associated with that address (just like TCP/IP on the regular internet), or retrieve the data associated with that address. All connections on the MaidSafe network are encrypted (only the message receiver can decrypt), and private (no third parties can find out what node I’m talking to or what data I’m retrieving). (If this is all true, big :+1: for that.)
  2. Exclusive access to an initially empty filesystem that my application can use however it likes. This filesystem is private and stored on the MaidSafe network.
  3. Optionally, with the user’s permission, access to files or directories on the user’s personal storage space on the MaidSafe network.
  4. Computational resources on the network… somehow? :confused: I don’t really get how this works or what exactly it lets me do. An explanation would be appreciated.
  5. Maybe some kind of DNS-style directory for helping me find other users or files on the network? :neutral_face: I don’t really get how in that example of a chat application both users were able to find each other, even though they both only knew each other’s username. Or did that employ a distributed database of some kind, shared by all users on the network? I’m not really sure.
  6. Maybe other stuff I’m missing? Or does that about cover it?

Is all that accurate? I think I’m starting to understand the vision here, but I’m still having a bit of trouble understanding exactly what MaidSafe really is. The abstract description on the home page saying “MaidSafe is a fully decentralized platform on which application developers can build decentralized applications” is probably accurate, but it’s difficult to understand all that that implies without a better understanding of the specific capabilities MaidSafe provides to applications.

In the future maybe you can “sell” some computation. But so far it’s a combination of being a node in the network, cache files that come around, calculate the way all the others in yours group see the network etc. Your Vault can have different persona’s, so you check for a group if they really store the Chunks they need to. That sort of things.

There’s not many known about this. But I’m told there is a way for everyone to register a name in the network. That’s public information (I believe) so when you look up Ajedi32, it points to a public key/address in which way people can find you (when you registered your name).

I wrote a piece once about different encryption layers. Maybe that clear some thing up a bit. But we don’t know all at this time. I really would like to know more as well about the name registration. Although I do know that it’s not in a blockchain :smile:

Ah okay; so for now that basically just refers to the resources used to maintain the network. Makes sense.

Good to know.

Thanks, that’s definitely helpful.

It sounds to me like the documentation on MaidSafe is still missing quite a bit of information at the moment. That’s fine, as I’m sure the devs are busy working on the code itself and there’ll be more information readily available as MaidSafe nears its release.

Anyway I think I have a much better understanding of what MaidSafe is now, and of what the overall vision is. I’ll definitely be watching to see how this project develops as time goes on; the level of privacy and independence MaidSafe aims to provide is really attractive, even if I don’t really get all the details yet.

1 Like

Apologies for the delay in getting back to you. I think you are developing good handle on what we are doing and agree that the documentation is not entirely complete. As an app dev you will be interested in the API which has been has been documented, but not yet coded.

On the subject of the SAFE equivalent of DNS, this has been discussed and the following thread may give you more insight.

The public names on the Safe Net is call Pmid (Public Maidsafe ID) and it will work something like that:

About the computational resources is a future implementation based on zero knowledge proofs, possibly zk-snark.

So instead of DNS, it’s more of a NameCoin type thing where users get first-come-first serve access to human-readable names on the network, which identify specific nodes? Or at least, that’s the current plan? That thread didn’t seem to come to a consensus, though several people mentioned that MaidSafe doesn’t need DNS (presumably because it has some kind of alternative built in?)