Doesn't the concept of SAFE "APP"s bypass the security of SAFE?

As I understand it (and this may well be wrong, even though I’ve spent a lot of time trying to understand this), you can develop for SAFE in two ways:

1. Create a “SAFE site”, which is static HTML and JavaScript files served in what to the user appears to be a “website” inside the SAFE Browser. (The JS can interact with the SAFE API.)
2. Make an entirely separate application, which just talks with SAFE through another API.

The first one makes sense and is what I thought was the only way, but apparently, if the second version is correct, won’t this mean that the application can do anything with the user’s computer, including modifying their SAFE client? It seems to bypass the security gained from trusting only the SAFE Browser and the “core APPs”.

For example: the “Web Hosting Manager” is separate. There is also apparently some SAFE e-mail client. I first thought that these were special, MaidSafe-developed applications that have a special, trusted status… but actually, anyone will be able to create their own horribly broken/malicious “APPs”, without MaidSafe having anything to do with them?

I guess this is considered necessary, but it makes me very nervous. I just barely trust MaidSafe, and they created the SAFE network… but I’m gonna have to trust a bunch of random people with full access to my machine? You could of course argue that this is already the case with “clearnet software”, and it’s true, but I don’t trust those either!

Will these “custom SAFE APPs” all be found and installed via the SAFE Browser? Will they be checked for malware at all? I get that it’s probably required for SAFE to take off, but I can’t help but wish that we were limited to the “SAFE sites”, at least for a long time initially (excluding the MaidSafe-developed applications). I can just imagine how badly “the market” will mess this up…

I suppose you may want to use only open source programs with good reputation, so that you ( or other people ) can check what the programs actually does. You may want to use integrity checks to make sure the code you are running is actually what you think it is.
In fact, this is exactly the same right now. I am not sure Safe is specific on this regard.

Can I respectfully suggest you delve a bit more into what SAFE is and read the discussions around the topics you have been creating, There really is a lot of discussions covering these questions. 1 day reading is barely scratching the surface.

You have described a dynamic site. Once you have javascript using hte API then it is dynamic and how dynamic depends on the script.

Yes

SAFE is not an idiots proof system. It is a network that allows true security and anonymity, but does not enforce it.

You have to use trusted applications or else you can open yourself to all sorts of issues.

But the APP can only do what you give it permissions to do. When an APP starts the user is asked if they give the APP various permissions it needs to run.

BUT SAFE is not a nanny that keeps you safe, but enables APPs to be written that can be secure and maintain anonymity. But it is up to the user to run trusted APPs.

I seem to have answered this question for you before.

First of all, the age of an account doesn’t correspond to the total time somebody has put into learning about SAFE. Secondly, expecting everyone to read old (and aging) “general discussions” instead of asking the specific, relevant, up-to-date questions is weird to me. Maybe it highlights the fact that this project has been around for a long time, to the point where long-timers are tired of repeating stuff over and over?

Clearly not, or I wouldn’t have asked about it.

How does this even compute when you just said

So it’s one or the other really.

Also the forum stats tell how long you have been reading, the mods including @neo are well aware.

You need to calm down and just read a little bit more. Please do try and understand some of these questions are very old and repeated here a lot, you have recently joined, spent little time reading and are shouting questions and demanding answers that suit what you think SAFE is. That wont work.

Someone can surely put it better than me, but:

There is an idea about internet forum, and there is an idea with this specific one.

Information and knowledge is shared here. It is a good practice to put your effort into educating yourself by taking time and reading through material, search for the subjects that might contain answers to your questions.
With a huge project like this, you will not grasp it all at once, it takes time.

After short time on forum, posting a rapid series of topics with quite agitated tone, demanding answers and basically just asking for people to give you what you would not invest yourself, is not what has proven to be the best way to participate in a forum like this one.

So, you will have to excuse but your approach is not the best one if you aim to get deeper understanding of SAFE on this forum.

There will be helpful people that more than willingly will answer questions you have, even if you haven’t read all of the forum… but with the slightly aggressive tone of yours, that group will be smaller. It’s just how people work, you will see the same thing IRL.

Personally, I get a bit of troll-vibe. But you know, do what you will with that information. That’s just the impression I get.

I don’t know what you’re talking about. Maybe read what I type?

Again: read what I type. This forum account has nothing to do with what I’ve invested in time reading about SAFE or discussing it elsewhere. What are you even talking about?

I DEMAND answers?! By asking questions? Maybe this again goes back to you not really reading what I type, thus assuming things and accusing me as a result? Anyway, cut that out.

Here you go again with the “demanding answers” nonsense. What’s with you? Where and how have I “demanded” anything? Why are you so eager to pick a fight?

My “approach” is to ask questions and hopefully get answers – not insults from rude people.

This… is all in your head. I’m not “aggressive”, unless you mean “eager” and (understandably) impatient and frustrated.

Okay, now I understand what you are all about. Please never respond in any future (or existing) thread of mine, thanks.

So, aggressive all in my head?
As I said, do what you will with the information - and you did.

Um… “okay”? Hint: adding a bunch of random visual smileys doesn’t make your nonsensical gibberish into something understandable.

So… anyway.

You are correct, if you install a native app you have to take the same consideration as any native app. The goal of Safe isn’t to secure your computer, the goal of Safe is to secure your data once it’s on the network, nothing more, nothing less.

As you mention, the Safe API is the same for both type of apps, so anything you can do on a native app (Safe related) you can do on a web site. So if you don’t want to use a native app for something, all you need is to find a web site that does it.

Also, data doesn’t belong to any app, you aren’t stuck using a specific app for your safe email for example. Given enough time, all popular feature will be available on many different platform and you’ll be free to use the best for your needs.

Hope it helps.

Hmm. I actually thought (and mentioned) that it was a different (supposedly more crippled) API for the “SAFE sites” running in the SAFE Browser, but that’s really good to hear (that you don’t need to distribute a whole separate application to use the full power of SAFE). Both as a developer and as a user, I would by far prefer to never run any separate applications, but always only within SAFE Browser, so that I never need to trust anything other than that program, and don’t have to create desktop applications.

Yeah, I’m pretty sure for all intent and purpose it’s suppose to be 1 for 1 for both API. Actually, you can already compare them both if you want.

Any app on any machine can be malicious. Safe net can’t stop this any more than it can fix global poverty.

If you want a secure machine, there are steps you can take. Safe net is just one of them, albeit a critical one.

Yeah sure.

Just giving some honest views on what would work best, and that’s how you answer. Sorry, but the discrepancy above only adds to you coming off as a bit aggressive.
Again, do what you will with that information.

This is the issue. The issue is with you.

What other forum would a CEO come and directly respond to you in such a prompt manner. @dirvine is a decent human being that’s why he tried, 99.9% sure you’d be just ignored elsewhere on every other forum.

I’m guessing your ‘that’ guy at a restaurant that sends his food back over and over instead of just eating quietly and just not returning because you think that’s your entitlement and no one else dare tell you otherwise.

Apologies @moderators, all I’ve heard from this poster is "I want my dummy right now!!!

I don´t really get where the hostility towards OP comes from. The points made are absolutely valid, even though they are easy to answer: yes, SAFE apps are a potential security issue and you have to be very cautious if you just use them, instead of looking into the code. Of course, the same goes for all programs, especially closed source ones - but shouldn´t we have different standards given that usually close source software does not intend to improve your safety by itself?

I don´t get the reactions, also those of David. If people ask questions and are not obviously trolling imho one rather should embrace the feedback, instead of starting to fingerpoint to reading-hours.

I’m just wondering when the forum will need to be supplemented with scheduled meetings for new techos who have recently discovered Maidsafe so that all the recurring questions can be dealt with

The questions, in each and every post (not only this topic’s OP) are valid questions, I agree completely!

I can only speak for myself, and I noticed a rapid set of questions, of which some have answers in other topics, but also combined with a bit pointy statements (constant remarking on lengthy project etc.) Moreover, there has simply been a lack of conventional politeness I would say. That might sound stupid, like criticism is being unpolite - not at all what I mean to say. I deeply encourage criticism but it DOES have importance how it is delivered.

All in all, the impression it made on me - again, solely speaking for me here - was that this person’s intentions didn’t feel 100% constructive.

What did I do about it? I expressed my impression, and what I considered a good thing to do to achieve the supposed goals (increased knowledge about SAFE via this forum). I also said, do what you want with that information, i.e. this is just my view, use it if you want.

And frankly, the answer to that was outright hostile (don’t ever write in my threads again). That, and the following hostility, just made the point stronger, IMO.
So… Yeah. Make of it what you want.

I think, when you are at this point, and criticism with dubious intentions (doesn’t have to be consciously malicious, just… kind of misguided) actually do come in at steady intervals, it is justified to be a bit cautious, and require some minimum level of standard politeness. I just feel a responsibility to not let people with less than good intentions wreak havoc. I do it respectfully, but still, I do have an eye open for it. And, if the case is not such, my observations would (in my view) serve as advice on how to better get help from the community.
So, when criticism is delivered with good intentions, it is usually delivered in a much less antagonistic way. The questions that were brought up are mostly valid, but that was never the point of my involvement in this.

Just saying, from an outside perspective a person came & asked a valid question, received answers that were beyond welcoming and turned hostile, received more hostility and so on. I think we all can do better.