During the SAFE Browser Q&A with @joshuef yesterday, we discussed SAFE protocols (
safe://) and domains (
.safenet) from 4:52 to 12:04.
For anyone who wants to listen to that part, click here to download a recording of the Q&A. It’s an Ogg file, so you will need to use a software such as VLC media player to play it. So before reading the rest of this post, you might want to listen from 4:52 to 12:04.
First of all, we discussed the possibility of using
safe: in the SAFE Browser. It would make it really clear that you are using SAFE and that it’s a new protocol different from HTTP.
Then we talked about using
safe: in existing browsers (e.g. Firefox and Chrome). We think it would be possible to build a Firefox extension that supports
safe:, but not a Chrome extension. And so if we want to build a Chrome extension for browsing SAFE websites, we would end up using
.safenet for Chrome. And it might also be a problem if we want to build extensions in other browsers, I’m not sure.
.safenet would make it more complex for users and developers. And so assuming that we want to have a Chrome extension, it would make sense to focus on
.safenet in order for all SAFE URLs to be consistent.
But I’m not convinced that we really want to have a Chrome extension. Personally I think it would be fine if we tell users that they need to use another browser (e.g. a SAFE Browser).
Around 11:18, I suggested that
safe: links would still be clickable in browsers such as Chrome, but they would open in your SAFE Browser. It would be similar to what happens when you click on a
bitcoin: link and it opens in your Bitcoin wallet. Or a
magnet: link that opens in your torrent client.
I’m also concerned that it’s not a good idea to encourage users to browse SAFE using existing browsers (e.g. via a Chrome extension) and I agree with @Seneca that there are many security benefits to using a dedicated browser:
Here are some of the questions I think we need to discuss:
Are we OK with using
safe://even if it means that we wouldn’t be able to build SAFE extensions for some browsers (e.g. Chrome)?
What if some developers decide to build a Chrome extension that uses
.safenetand it becomes popular? Or is this unlikely to happen since the SAFE Browser could be installed at the same time as SAFE Launcher and so users wouldn’t feel the need to have a Chrome extension?
What are the security issues if we decide to support SAFE in existing browsers (e.g. via a Chrome extension)? Is it really worth the effort or should we focus on a SAFE Browser?
Also, if we choose to fork Brave, we would have to use
.safenet, at least until the following issue is solved:
With Beaker, we don’t have this issue, so it would work fine if we decide to use
Considering that each option has pros and cons and that ideally we would like to be consistent about using the same option everywhere, which option do you prefer?