Is a SPOF?

Sorry that I sound dramatic, but what if someone is ddosing right now?

Could “safe_proxy.pac” be hosted in a more decentralized way, so we can prevent a single point of failure?

The current internet has always been a weak link when it comes to security, so shoulden’t we try existing decentralized tools to “test” our beloved SAFE Network. It can’t hurt to start getting in that mind state and maybe it would be fun.

1 Like

The safe_proxy.pac is a simple text file with this data:

function FindProxyForURL(url, host) {
if (shExpMatch(host, “*.safenet”))
return “PROXY localhost:8101”;

return "DIRECT";


You can store (and link) it in any place.


Hmmmm now that I think about it, the decentralized way of doing this is just downloading the file or create your own.

Create your own by copying [quote=“digipl, post:2, topic:7463”]
function FindProxyForURL(url, host) { if (shExpMatch(host, “*.safenet”)) return “PROXY localhost:8101”;
return “DIRECT”;
[/quote] and save it as a .pac file


I prefer to save and use a local copy of the file anyway. Although I’m technologically fairly ignorant, I’m imagining that it negates a couple of possible issues. Firstly, there’s no problem if becomes unreachable. Secondly, it avoids relying on a central target should someone want to maliciously alter the file. Please correct me if I’m wrong because then I will learn…

1 Like

Juse use some cached and distrib method to retrieve it e.g. or or and similar

Wayback Machine*

Or just remember the basics what this pac file ought to tell your browser. Browser should simply connect to the Safenet Launcher proxy port on tcp/8101 for all domains ending in .safenet

1 Like


The first thing I’d ask myself is “what is the likelihood that I noticed something that dozens of devs have not”. That would have given you a good hint.

What you (and the folks who’ve responded so far) obviously couldn’t notice is the weakness that actually exists is that the ability to slightly change that simple PAC file could produce some interesting results.

The PAC file doesn’t have to be there, it’s just for the less technical users to be able to get on board. Fortunately for you, you are SAFE from the risk I just described because you couldn’t figure out how to use the PAC file :slightly_smiling:

1 Like

Would you mind elaborating on this? I’m unclear what you’re getting at, and am interested to know.

Does it relate in any way to:


If one replaces return "PROXY localhost:8101"; with return "PROXY"; he can watch (and more) your traffic.

Right. Was on tablet and if you ever commented (not just used) on this forum using a tablet you know how it masks 80% of the screen. It’s been much worse since last week because now the site is even slower so it’s really hard to scroll up and down to review comments. I did that but only once and didn’t notice yours.

1 Like

Congrats , you have just discovered water ; nothing like having that feeling :smiley:

1 Like

Is it currently a SPOF? Yes

Does it have to be? No as @digipl and others point out it can be copied / hosted elsewhere. We’ve also suggested a way that the PAC file can be served from the launcher so as to mitigate these issues.

Served from the launcher, served from the DNS server in your home router…

Served from not only that one URL, anyway :).

I suggested an edit of Proxy Setup to mention downloading the .pac file as a more decentralized alternative. This suggested edit is queued for review, so it’s up to the moderators of maidsafe’s docs now.