Malicious Nodes

So I’ve read the SAFE Network primer and FAQs but I have a concern about a potential attack vector.

Say I’m living in Turkey, and I decide to publicly host a mirror for various media outlets on SAFE to bypass government censorship. Whats stoping the government from finding file hashes unique to my website, setting up a bunch of malicious proxy nodes and then logging all the IP’s that request the hashes associated with ‘illegal’ content?

Surely using an attack like this it’d be fairly easy for an agency like the NSA to apply a broad brush approach by finding a hash relevant to each webpage, setting up a large number of proxy nodes and then tracking our movement across the web.

If they want to then let them.

They do not choose the proxy’s address in the SAFE network, nor the clients they proxy. So even if what you suggest was possible they maybe logging English, USA, Australian clients. And maybe one from Turkey.

Now can they even do the search for the hash. NOPE. The data flowing through a proxy is encrypted from the last hop node to the client. The proxy does not get to know the data or hashes or anything because it is encrypted to the proxy.

4 Likes

So the proxy can see the IP address but not the hash request, and the vault can see the hash request but not the IP address?

That’s brilliant! By separating request from the identity the network is enforcing excellent privacy and security be default.

4 Likes

An older post that really helped me and I recommend is:

Some particulars have evolved, but the basics of the post are solid.

2 Likes