Is MaidSafe safe for whistleblowers?


Having just come across MaidStore and being very excited about its potential, I wanted to spur a discussion about its anonymity properties … particularly since the whistleblower use case is mentioned.

So would Snowden be safe in publishing highly sensitive documents to the network?

When we assume that:

  • Our adversary can monitor any and all links between peers and can capture encrypted RUDP traffic for analysis.

  • Controls a proportion of nodes on the network

This is my (probably flawed) understanding of how a document would be published by a whistleblower:

  • Document is split into a number of chunks and encrypted

  • a FIND_NODE operation is used to find the most appropriate node for the each chunk

  • the chunk is saved on the node with the STORE operation

During the FIND_NODE procedure, the whistleblower has revealed his IP address, and the fact that he is looking up a node for a certain ID, to his peers on Hop 1.

  • These peers can build lists of (IP address, time, ID) to log all IPs involved in lookups for the sensitive document chunks

  • The first IP address to lookup a relevant ID may not be the whistleblower but may be a few hops away from him

  • Coupled with our global passive adversary, this is dangerous.

  • Adversary can perform network analysis, determining which peers were connected to whom during a specified time window.

  • It could build a shortlist of IPs belong to the whistleblower.

Of course during the STORE procedure, if one of the nodes is malicious they will know to be on the look-out for particular chunks that belong to the sensitive-leaked-document. If the whistleblower tries to STORE to a bad node, then he reveals his IP quite trivially


cross-posted at


Hi @willish, just seen you posted here after I posted a response/on reddit and in a FAQ: How does SAFE protect whistleblowers?

I suggest we keep the discussion in one place and merge the results into the FAQ at some point. Let’s see where the discussion gets going!