Is SAFE a decentralized server?


#1

I was trying to explain what SAFE is to a friend, and I realized I wasn’t very good at it. Looking for some help here.

First I described it as a decentralized storage network. His response was, “That’s what Tor does.”

So then I said, well it’s also a decentralized internet. He asked, “So does that mean it’s like a mesh network?”

I said, “No, you still go through your regular ISP provider for internet access. It’s actually also a decentralized server.” He finally said, “Oh, that’s different.”

So a few questions:

  1. Is it accurate to say that SAFE is a decentralized server? If yes, is it a decentralized web server, email server, database server or all of the above?

  2. If it is a decentralized server, why don’t I see that term used on these message boards as much as I see the terms “decentralized storage” and “decentralized internet” both of which were not very effective in explaining to my friend what SAFE is?

  3. Is the decentralized storage capability in SAFE different than what you get from Tor? How so?

Thanks


#2

It replaces the corporate (google, FB, etc) server paradigm with a p2p one, where all humanity’s data is spread out and backed up across everyone’s computers instead.

Has huge implications, one of which being economic (SafeCoin / deflationary & math-based digital currency)


#3

I think “mesh network” isn’t a bad term, although rather than happening on the level of internet connectivity, it’s happening on top of internet connectivity.


#4

hey @Tarak let me try to answer as correct as i can :smiley:

i would say yes. but the problem there is that decentralized computing is not implemented yet and is planned to come when the storage and safecoin-ecosystem works … because you can’t tackle everything at once …
So it right now is only a huge database server

because it right now is more like a decentralized storage system with some additional features and server-side capabilities [like e.g. mail-delivery] has to be designed to run purely client side … there are solutions out there for those things … (e.g. project decorum for a decentralized forum and the mail-example-app) but it does not work like a “classic server” …

i’m not absolutely sure here … but i thought tor still has centralized servers …? i always thought hidden services are hidden inside the tor network … you can’t know which server is hosting a certain service just because you know the service and watch the network … but IF you happen to know that e.g. your neighbor is the one hosting a cat-picture-website on his server at home … you could go, switch that off and then the service is taken down … ?
with safenet everything is hosted everywhere - no central points that can be taken down; even if you knew who made something and where he started hosting it …


#5

If your friend thinks that Tor is a decentralized storage network, is better explain the Safe network to another friend with more basic knowledge.


#6

Or just explain to him how it’s incorrect


#7

I presume he must have meant Torrent?!

I’ve heard SAFE described as the mutant, superhero love-child of Tor, Bittorrent and Bitcoin. It doesn’t really do it justice, but it made me smile :smile:


#8

Short answer: No.

SAFE is a key-value database - a decentralized one. You can think of it as an associative array that is not stored on memory. The functionality is the same as Memcached, but data is stored in many computers in a decentralized way, like Bitcoin. Everything else is build on top of this key-value store idea. Technically SAFE is a DHT (Distributed Hash Table) system.

SAFE is a modified version of Kademlia, a very well know DHT. One big difference between SAFE vs Kademlia is that SAFE masquerade IPs using a multiple hops technique, just like TOR - which guarantees anonymity in the network.

You probably already know this, but TOR works in a “centralized server” way, just like the clear web. TOR just masquerades the server and client IPs through a multiple hops technique, making impossible to track their locations. TOR is a “decentralized package router” at best. SAFE also uses this technique to protect users privacy.


#9

In the Dev Amsterdam Benjamin Kampmann defined it just like that. In a short definition it’s, I think, quite well.


#10

SAFE removes the server from the equation.

You connect directly to the data without the need of a server. The APP / service runs on your computer, when you want to run it and connects to the data directly without the need of a server. This allows you to own the data, have control of the data.

Turns the internet into what it was designed to be like.

EDIT: added quote that I was replying to


#11

^^ double like that one @neo

Paints a clear mental picture and helps to highlight the implications

I’ll be stealing that one next time I need to be concise (never been my strength :stuck_out_tongue_winking_eye:)


#12

Thanks for that clarification.

I’ve seen it mentioned on the forums that anything you can do on the internet, you’ll be able to do on SAFE, which is why I got this impression it must be a decentralized web server. So with the understanding that it’s not that, a few questions about practical applications:

  1. Will it be possible to host full-fledged dynamic websites on the SAFE network with public URLs? Will it be possible to do that without going through a website hosting company… essentially removing the need for a web server? If not, then why refer to it as a decentralized internet?

  2. What are the coolest / most useful practical/tangible possibilities created by a functioning SAFE network? I understand privacy and freedom are the buzz words, but that’s more of an abstract concept, and most of the ideas I’ve read seem abstract to me. Most people can get information freedom on the internet already using VPNs if they need to spoof the location to be outside a restrictive government. And the masses don’t really care that much about privacy… for example, I’m ok with receiving targeted ads on websites based on my cookie history since those ads are more interesting to me than non-targeted ads. And frankly, I’d be disappointed if the ads become less targeted because of SAFE. I’m guessing the coolest possibilities from the mass market point of view would be around enhanced security, since the masses and corporations care about that… but it’s not clear to me in simple English what types of security hacks/thefts of the past would not happen after SAFE and which would still happen despite SAFE.

  3. Would Target’s massive credit card breach / hack in the US have been prevented with SAFE? What about N. Korea’s hack of Sony Pictures? Any other big time hacks that SAFE can say would have been prevented with SAFE?


#13

These hacks targeted the centralized database used by those companies. Those databases held all of their users confidential information. These are huge targets for hackers. With SAFE, there is no central database. Users don’t have to give their sensitive info to anyone. Any data that the app needs remains under the control of the user, using the user’s account credentials. Hackers would need to obtain the user’s account credentials on a one by one basis instead of doing one hack and getting everything.
Another interesting thing is that I think SAFE also mitigates DDoS attacks. Not too clear on the details of this, but my understanding is that the more popular something is, the more people have copies of it and thus the faster access becomes…like having more seeds of a torrent.


#14

We really should pin an introductory thread on this forum informing users about the overall purpose and design of the SAFE network. Something primarily targeting technical novices. The overviews should use simple analogies and jargon free wording.

Explaining current and future capabilities like dynamic websites, E-mail, spam resistance, sibyl defense in relation to anonymity, and data retention should also follow this method. This introduction thread must be updated regularly to refine explanations based on any resulting confusion from each iteration.

This “What is SAFE?” thread would greatly improve our ability as a community to promote the network. I believe if this were in place we would see greater interest in a short time. @maidsafe


#15

Yeah great way to scare people away…


#16

Yes, but first let’s make sure we are on the same page:

  1. SAFE is basically a key-value database system that runs on-the-cloud;
  2. oversimplifying, the basic operations are put(key, value) and get(key);
  3. everyone accesses the same database: if you save a key, it’s yours and no one else can use it;
  4. all data in the network is publicly readable - you can read the content of any key and everyone can read what you saved;
  5. only the owner of a key can change its contents, but everyone can read it;
  6. you can transfer the ownership or have more than one owner;
  7. when you create a new account, the network automatically generates a private/public key pair for you;
  8. if you need to save private data, you need to encrypt it - the default way is to use your private key. The content will still be readable by everyone, but it will look like garbage;
  9. there are 2 data structures: immutable, mutable;
  10. mutable: the above rules (you set a key/value, only the owner(s) can change it);
  11. immutable: no owners, you don’t set a key, the key is a crypto-hash of the contents, object cannot be changed or removed from the network;
  12. immutables are usually to store files;
  13. a dns and a network filesystem were built on top of mutable/immutables and are embedded in the network;
  14. a browser was built to read this dns / filesystem: it’s the “safe browser” (you can access safe sites with “safe://<service>.<domain>”);

With all this you can create static websites and put them directly on the network: no servers required.

For dynamic websites (i.e. sites that save/read a database), you don’t need to use backend servers. Your JS should directly save/read mutables/immutables. This approach (static websites directly acessing public DBs) already exists and is called “serverless architecture”: even Amazon and Microsoft are in this new and exciting business.

If you still need to have some kind of server processing, like a cron, a video converter, or a spam killer processing, you can rely on a server for this (at least its IP/position will be untraceable). But these will be uncommon use-cases, and you should avoid it due costs / vulnerability. Also, you can still develop an alternate coin plus a mining system inside the network, and do the processing without a central server (I think project Decorum does this).

The API is still under heavy changes, so many developers are waiting before start any project. So, there are no many things to see now. As a matter of future, I think Project Decorum is a good one.

I can see a lot of average Joes entering the network to download movies and things like that. I don’t recommend to do it (it’s not a crime in my country although), but I do think the masses will love the network. And this is also in the privacy category.

I also like targeted ads. There are some anti-capitalists here, but there also some capitalist lovers here, like me. Ad networks like “Google ad-sense” will exist soon or later here. I’ll build some if I see a niche. The market will decide if they are useful or not for the network and no one will be able to regulate / ban it by force. I do whatever the market wants.

But for me it’s all about infrastructure costs, reliability (no “offline” site, no slow speeds, no interruptions on the service, no DDoS attacks), reduce points of failure, and earning money by providing infrastructure to the network (disk space or network bandwidth - like a mesh) and or with popular content.

DDoS and password leaking, for example.


#17

Remember that self encryption will see immutable data encrypted (public & private), so while readable it will gibberish without the datamap.

Even MD data may be mostly encrypted with very little unencrypted.

So to say it is readable without qualification is perhaps misleading to new people.

My pet peeve is that the cloud is pure advertising slight of hand. Its purely a marketing term that has no actual meaning.

Also SAFE doesn’t run on any cloud. As you say elsewhere is a distributed network. All cloud definitions are centralised systems.

Private data is simply self encrypted the same as public data. Just that the datamap is not shared with anyone, so only “you” can decode the chunks which only “you” know the address of.


#18

I concur with NEO this is a very misleading statement for neophytes like the guy the OP is addressing. We don’t need to confuse with exact technicalities, which is why programmers are such bad marketers.
This is like explaining that PGP encrypted messages are publicly readable, although they are all gibberish, you can see the gibberish!
Really dude? What a way of instilling confidence.

It reminds me the early days where I was explaining to my customers that overwriting data in a hard drive would still make it recoverable with electronic microscopes and that all encryption is technically breakable if we have enough time (like waiting until the death of our solar system)
This leaves all customers and potential users totally confused, and the concept of “possible” in their minds are different from our understanding of “possible”.

So the lesson here is: explain in terms of practicality not theoretical possibility.
Is it possible to recover overwritten data? No.
Is it possible to crack encrypted data? Unless the private key is stolen, no.
Is the data stored in the SafeNetwork publicly readable? No, unless explicitly set as public.


#19

And while you know this someone else might not. Public files are still self encrypted (or will be in final version) and its the datamap that is shared publicly so that anyone can decrypt it. But if you retrieved one chunk of it you get encrypted data.


#20

Haha, yeah, but that is the point.
For the laymen, after your detailed explanation they will be blinking their eyes, and after an awkward silence they will ask you:… “So… is it public or not?”

The technicalese it is better to be saved to those who are technically competent.
Or have a layered approach, from high level concepts and going deeper as the questions arrive organically.