That is a core aspect of the file storage of SAFE
I agree that finding specific data is practically impossible, but that was not what I meant.
When the PRC keeps a sharp eye on SafeNet websites publishing “subversive” content, they can make informed guesses on size and time of the uploaded material. That is enough to eliminate > 90% of the chinese IP adresses active on save.
Unless SafeNet is really big in China those 10% left over will be much easier to analyse with the usual methods. They do not have to know the actual content to reduce the number of suspects!
Especially when someone uploads more than once, an IP appearing trice in such a 10% segment will certainly come under suspicion.
Correct me if I’m wrong but don’t IPs get scrubbed when uploading to SAFE? So how would a subject get ahold of said IP addresses in the first place in order to analyze them in the first place?
I will share my 2 doubts about SAFE future:
Not sure about speed/latency to popular sites, when lot of users will use it in same time. Some site needs lots of RAM to get access to every user, but when SAFE net is based on home made storage, there is no motivation to invest in low latency HW. And when lot of user have DSL and not fibre optical connection, there is basically reduced upload speed to 1/10 of download speed. And also someone can make his own huge HDD grid and limit uplink speed to minimum. So even 8 copies for some popular content will not cover user demands.
When 70% of world users use Google and Google is filtering results by they own way, there will be hard to find information on SAFE net, with out not regulated or not self-regulated search engine. So still some kind of information for most users will be censored.
A few things to consider:
SAFE not regional in any sense. PRC could have a lot of nodes that it would monitor and still have only a very small percentage of the existing Chinese IPs in its address table.
The network does not keep time, so coordinating when something was uploaded, what chunks were which by whom when, could not be established with any predictability or with directed control.
Uploads could easily be done via a tempory ID or even a tempory client account, not connected to any vault or one’s usual client.
Perhaps some government could throw enough resources at the problem to figure out some random bits of stuff about who, when and what, but the amount of resources would have to be huge and well coordinated, not to mention well thought through, with very little to show for it. By the time SAFE is perceived as enough of a threat to put that sort of resources toward compromising it, it will also be indispensable, and too big to apply those techniques to effectively.
Of course, the network might not work as planned, in which case the problem is moot. But if it works as it is being designed (and most here have confidence that it will) I think these concerns are not very concerning.
1:) farmers are rewarded for being first to serve.
İmagine you have a 1 GB file that is 1000 1MB file pieces each stored in 8 computers. When you request these files you send 8000 vault a request. First one of those 8 computers <which share the same 1MB> who fullfills your request has a chance to mine safe coin(its probably more complex with consensus but being first to serve is important). So its not just about storing, vault with higher bandwith and less latency has a higher chance of getting the safecoin. So upload speed shouldn’t(!) be a problem especially with intelligent caching. but latency may and probably will be a problem because of all the encryption and vaults being all over the world. though for a website 500ms latency shouldnt hurt anyone.
2:) This will probably naturally sort itself out if network becames big enough. somebody will make a search engine that is profitable if there are enough people using the network. But in launch state probably will be one of the biggest reasons to use traditional internet as google is really convenient. Hey maybe google itself develops a service for safe network, if we become big enough! who knows
Consider the speed of a popular torrent, even over a combination of variable speed connections. The more a file is being used, the faster it goes. Chunks are put in cache along their path to the recepient. Chunks of a popular file will therefore be found in cache in a wider and wider range of address paths, available for immediate return to the requestor. Actually, I’m more concerned about latency on less-used files. They’ll likely be a bit slower, but not too much.
Word of mouth will be a big help. But don’t underestimate the inability to resist talking about something controversial. The Silk Road did more for getting Bitcoin and Tor talked about and used more broadly than any sort of promotion done to get them known before that. I guess shadow banning sort of tactics could be a pain, but if SAFE is done right, dedicated folks all over the world will see to its proliferation. Many, many will have huge financial incentives to do so–including you and me.
I am not talking about “somehow finding IP adresses in Safenet”. I am talking about large scale “Packet Sniffing” in the IP layer.
Some tree-letter agency starts lots of normal Safenet vaults on a server that does nothing else.
Packet Sniffing all traffic on this server makes it easy to discover a lot of IP Adresses of other Vaults.
Proportional to (average number of groups one vault is in) * (average number vaults in a group) * (number of monitored vaults), corrected for overlap.
These IP adresses are used to create a Real-time overview of all traffic between their own citizens and the Safenetwork.
It is unimportant which vaults where contacted, it is sufficient to register a record (IP Adress, Date, Minute, Total Packet size for that minute). That can easily be supplemented with rekords which IP was in use at what physical address at what time.
Somewhere else they organize a building full of Safenet Clients and obedient little burocrats who do nothing but browsing Safenet looking for subversive content. Each time something new and dangerous is found, the burocrats activate their personal packet sniffers and check the total package size needed to retrieve this file/these files.
Once they know how much the total size is, it is used to find all IP adresses in the Traffic Overview that have communicated approximately that much data over SafeNet in one continuous action shortly before this danger was recognized.
Of course each time they will find much more innocents as true subversives, but that is not a problem.
Lather, rinse, repeat: the true subversives will be repeat offenders and sooner or later they will be recognized.
Your remarks are true, but more or less irrelevant.
I am talking about what is still possible/dangerous if SafeNet delivers exactly as promised.
My previous answer covers most of that.The basic Datamodel is really small and Chinese IPs that don’t contact active vaults can be ignored, for instance.
That is exactly what I am hoping for too! I am arguing here because it might be a danger in the startup fase. We should not be propagating SafeNet as an alternative to Tor before it is about as big as Tor. By the time SafeNet has a similar number of nodes as Tor it will be the better alternative. Activist are only seldom programmers, so it would be a real pity if people use SafeNet before it is big enough and get caught .
I trust that too. But having high hopes is no reason to become all blue-eyed and over-optimistic.
Absolutely. I realize that it can sometime sound like I (we), who’ve really gotten the big picture, are just being cultish or pollyanna-ish. Sometimes I wonder myself, so poking and probing like this is a good thing.
There are big questions to probe, but often we find ourselves having to defuse “problems” based upon incorrect assumptions. I know that David Irvine and others had to walk me through a lot of that, and I still have a lot to learn.
BTW here is an old but very good post that addresses the levels of encryption and obfuscation on the network that helps see the devilish cleverness of it. All the encryption layers for SAFEnet. Some of the network design has changed a bit, but not in ways that detract from the basic truth of it.
This is an area that I admittedly know little about, but from my understanding, differentiating SAFE traffic will be very difficult or impossible, if not viewed from the perspective of a vault that is also recording this data. If that is the case, then a lot of vaults would be necessary to establish anything, and even then not much could be established, except that some IPs in a jurisdiction are using the SAFE Network. But WHAT they are doing is quite another matter. So perhaps if the PRC or others declare utter and ruthless war on any connection to the SAFE Network early on, there might be some discouragement made from using the network. Not sure how effective that would be, but I guess it could be.
Thanks for the Link, I read it partway tru it once, but had mostly forgotten that.
I do trust Davids depth of vision and the teams commitment, so I tried to look at it from another perspective.
When Google and Facebook can find me so consistently that I nearly get the shudders sometimes, I am quite sure any mighty nefarious organisation can do that too. (NSA or PRC, who cares if he’s bitten by the wolves or the lions)
I don’t expect to need it for myself, but the Tor like qualities of SafeNet are a big part of my motivation to be here. So many people need them.
So I started thinking: what can happen even if SafeNet fulfills all stated expectations? And this attack is what I came up with.
I don’t know much about Packet Sniffing either, but I am sure there is no IP Packet without its destination and it is easy to locate your actual IP Address on Google Maps. I am a database professional, so I do know how to combine seemingly unrelated facts to get a sharper picture.
It will be a while before it is doable, but I really hope that there will be an autonomous whistleblower site in SafeNet one day.
Freedom is king and the immature realize this as they mature.
I was thinking about the safety of this network as well and I see two major possible breaches as far of now that I am still not able to figure out if they are really security breaches and if work should be done to avoid them.
First is indeed the fact that this network is based upon the current IPv4 and IPv6 protocol layers. I am wondering how the Safenet routing will overcome the flaws within the existing network layers. If my government (the Netherlands) is listening at the Amsterdam Internet Exchange to all packets that are flowing by they can indeed deduct information if they do this at large scale and as well at different points within the network.
Second. When the data is accessed by an application written for the Safenet how can I as a user be sure that this data isn’t copied (when it is decrypted) and saved on a new server outside the Safenet. Is SAFE looking into developing cloud computing as well? If that is the case we can have applications that run in a Safe environment, and the data is impossible for the application developer to copy. It can only use the data. What he will get is an answer based on the raw data.
Then there are still two other vulnerabilities but I don’t see a way how to realistically overcome those.
- A computer is hacked outside the network, and simply copies everything that appears on the screen.
- The answers of computations executed on RAW data which deliver the functionality the user wanted from a certain application. These answers contain personal data as well but of course this is inherent to the fact that the application has to work based on data and deliver results.
You do not connect directly to the node where your data is stored, it is relayed through the network, scrubbing your IP address after the first hop. Your ISP will know you have sent some encrypted data to an IP address, but they won’t know what it contained nor what IP address the final destination had. They won’t know what data that final destination node retrieved either.
Edit: to add, xor routing means that the second hop will essentially be a random IP address, which makes it unlikely to be an address which the same ISP owns.
Only your client has access to your private key to decrypt your data. Therefore the network nodes cannot decrypt or read your data.
Safe net can’t secure your device for you. It is a different problem, with a different set of remedies.
This is an inherent limitation of giving the network access to your private keys. An alternative solution is to use client side agents, instead of network agents (distributed compute) to process sensitive data. The clients can then be secured using traditional methods and decrypted keys remain off network.
First of all thank you for the reply. You answer on the IP routing is very enlightening. This is of course as @Lazarus_Long mentioned, limited by the adoption of the network. If only 1000 people are using Safenet it might still be doable to deduct the routing from ip to ip based on packet sizes and timing. Altough the information might still be encrypted. But the moment this scales it becomes very unlikely that there can be anything useful/insightful deducted from analyzing random ip packets.
I think you misunderstood me. I meant that if my local client is malicious. So I gave it permission to decrypt my data because I wanted this fancy new application. (See all the apps in the appstore that offer the fancy functionality of a flashlight but require quite some personal data in order to work …)
Thank you for shining some light on the other two problems as well, I do understand that they are outside the scope of Safenet and it was not my intention to but this on the to-do list for Maidsafe
Agreed. More nodes the better, but I think node distribution will make it hard to trace even on a small (but likely still geographically distant) network.
Ah ok, I follow now. In a way, it is outside of the core scope of safe net - it secures the data until you grant access to it. However, only using apps from trusted sources, only if they are open source, etc, can help to reduce the chance of using malicious apps.
Something like a web of trust could help, with you only trusting someone you know of trusts It, etc. An app stores or registries could help here too. In other words, app distribution/validation layers on top of safe net could help to alleviate the danger of using a rogue app.
Edit: np on the answers either
Just to add, outside the scope for now.
Stage one is to secure the network, but when that’s done it will also be important to work on securing the client and MaidSafe have stated that this is something they want to address as well - just not yet
That is very good to hear! And I am glad that they recognize this vulnerability!