Public Notice - How to hack SAFE Browser Plugin users

Yes, I was talking about the SAFE Launcher as-is (provided by MaidSafe).
The changed approach cuts you off the Web as I observed earlier.

As I mentioned in the superlong topic about the beginning of this test, they didn’t organize this well and this confusion about which part does what and how has been more than evident.

That’s the worst part of it, that the gates were opened to all without clear instructions. Anyone who followed them (and the less technical users certainly used the default proxy settings) and setup a iwantdemocracyinX.safenet with some YouTube links could now be in trouble. And the fact that no such links were posted on the forum doesn’t mean that no such sites have been set up.

Another thing to point out is that this oversight, while most likely not deliberate, is a sign of things to come. It’s going to take a while (years?) until subtle security issues are understood (and of course they won’t be known immediately - I don’t expect governments to start competing for SAFE security bounties anytime soon).

Thanks for this great post

It just proofs that we shouldn’t trust on the current internet (clearnet).

We really need hackers.

1 Like

someone had emmited a warning on the test announcement thread :

I have to admit that I have been quite surprised by the fact that there was no notice about this by the Maid Team. I presume things were quite fast and hard to organise under the pression of a very awaited release. Maybe the fact that this was just a test, not the actual birth of the network, too.

I didn’t go reading the ( really nice btw ) safenet pages people posted without a condom, in the form of having everything routed through the launcher, having RequestPolicy turned on and Javascript off in Icecat.
I was surprised by the number of pages that linked to external regular web content, either images, videos, google fonts…

I have been wondering if people didn’t care about the consequences, deliberately created attacks, or innocently imaginated that the Safe network would act as a sealed bunker.

Maybe these concerns should be clearly emphasised in future documentation and release annoucements.

To me this is a clear evidence that a hardened dumb browser is needed for anyone whishing to really securely benefit of the amazing privacy and anonymity features of the network. To me something looking like a “Links” fork, with only text, links and images, zero script and zero access to regular web would do the job. It could be called “Boring Secure Browser for Paranoids” .Maybe only a handful of people would feel a need for this. I’m trying to figure out if I can write something like this.
In parallel, another browser or plugin solution, with much more ease of use and adoption, fancy features and all shiny stuff, is also something needed, in order to create mass adoption.

2 Likes

All of the above.
If a fool could post leaky pages, the NSA could too.

That’s only because you’re not familiar with the matter.
I explained why at the first topic that I linked in this topic.

Your idea about a hardened dumbed down browser: MaidSafe cannot prevent anyone from using any browser. Faced with two choices (FF/Chrome or Dumb Browser), what do you think our dumb user would choose? (Another funny scenario is where a less stupid, but still stupid, user visits a leaky SAFE site created by the averagely stupid user - what would he see?)
If you want a hardened browser, use Tor Browser, or cut yourself off clearweb.

Good thread. I warned for this as well in the discussion about the web proxy idea to support all major browsers:

Even though it hampers adoption, I still think I’d be in favour of requiring a dedicated browser rather than compatibility with existing browsers. We risk losing all the extra popularity and then some when tons of user’s browsing history becomes compromised.

9 Likes

Good to know I’m not the only one concerned with that.

2 Likes

We risk losing all the extra popularity and then some when tons of user’s browsing history becomes compromised.

You also lose 95% of the Web because people don’t want to start (they can install, but won’t run it) a second browser.

You probably have 2-3 browsers on your system, and you know how many you run at the same time.
(I have like 5-6 and I run up to 3-4 at the same time, but I assure you the average FB user does not.)

I said it (when dyates asked about it here: De-anonymization / IP leaking when using the Firefox plugin - #3 by janitor) a long time ago: Tor Browser. But because this issue (and overall security challenges) has been underestimated, the MVP site directed users to FF, with privacy and security consequences that have become obvious to me on Day 1 (when I changed my browser settings manually and tried to see if I could get to the server(s) hosting the PAC file).)

I didn’t look at referrer info from leaky SAFE sites but I imagine that leaky sites (referrers) appear as “localhost” (client) to referred clearweb sites. Still, it doesn’t take much to connect the dots. Anyone who plans to use SAFE for serious anonymity, privacy and security should wait or at least use Tor Browser.

1 Like

This is a very inspiring discussion for sure !

What happens when our user types :

http://really.compromizing-stuff.safeney ← notice the typo ?

in their URL field, and is returned either “Firefox can’t find this page” , or even better a nice list of google results of really compromizing pages ?

In the first case their weird DNS request is logged by the nice ISP, transmitted to their nice government secret services for being a reader of weird stuff.
In the second case , all the above applies, plus our user is logged by google and all their nice friends for being a weird digital citizen. Nice opportunity for google to make a bit of cash selling this information !

This was an expensive typo !

I really agree with this[quote=“Seneca, post:24, topic:7540”] :

A single dedicated browser has many security benefits as well. Using the same browser for both the regular web and the SAFE web practically guarantees cross-contamination and security issues.
[/quote]

3 Likes

ObamaSAFE: yeah, let’s have the project spend its money to fix your irresponsible decisions with regard to your browser settings.
Some people are simply beyond help. You can throw $18tn on the problem and it still won’t work.

It would be nice to know how the proxy on localhost 8101 actually works, or, why there is a need to allow traffic from localhost:8101 to everything. Preventing traffic to flow outside of the safe network DNS would prevent these leaks.

Circumventing the MITM for the pac can be achieved by using foxyproxy addon, available for firefox and chrome. Just add one additional (http) proxy with 127.0.0.1:8101 and .safenet/ as the whitelist entry and you don’t need the pac file anymore.

Maybe it would better to set up instructions for using foxyproxy and instructions on how to set up the specific proxy. To prevent usage of the clearnet, people would’ve to switch proxies everytime they want surf the “other” web.

2 Likes

I pretty much wanted to reply this:

Rather than compromising the experience of all in an attempt to take care of the hopeless, I’d rather see us first taking care of the security of the not-so-hopeless. Like people who care enough about their privacy to make the effort to distinguish two different buttons.

4 Likes

To your point when I recognized the proxy problem I said (here: SAFE Network Client Testing Commences - #400 by janitor) that the testing was rolled out without regard for the clueless.

It would be nice to know how the proxy on localhost 8101 actually works, or, why there is a need to allow traffic from localhost:8101 to everything. Preventing traffic to flow outside of the safe network DNS would prevent these leaks.

I said the same at the link above.

The reason is visible from the rule, to not make your FF .SafeNet-only.
It didn’t have to be that way. But it could have been explained, if attention was paid to comments and suggestions from last November. Then people could have used Tor or adjusted the rule if they wanted to.

The existing rule can be adjusted manually entered in the browser and narrowed down to send everything to localhost:8101. Then nothing outside .safenet would work.

A simple workaround for the less tech savvy is to use Tor. That’s probably all that needs to be done. Tor can also anonymize DNS lookups if I remember correctly.

Have you actually tried that for yourself?

Try entering localhost:8101 as your proxy with the launcher running and then try to access a normal page, it still works (at least for http, but not for https).

That’s why I said it would be nice to know how the proxy on the launcher actually works…

1 Like

I haven’t because I used SOCKS5 as my proxy (I run a separate instance of Tor/Privoxy on a Linux box).
If MaidSafe Launcher proxied users traffic independently of the rule set manually in the browser, that’s even worse than I thought.

EDIT : yes, that passed through if I modified the rule then didn’t restart icecat. Restarting icecat with 127.0.0.1:8101 as unconditional proxy prevented me from browsing regular web adresses

1 Like

Maybe @dirvine, @ross or @Viv can shed some light on this issue.

1 Like

After reading you and @Powersign go back and forth, I am more confused then when I started. So I think for now, this dissident will let you techies test the MVP until that ready to go button that @goindeep and @Seneca was referencing to is ready. Thank you both for the warning.

Edit: Thanks for the Tor suggestion @Janitor but I don’t want to take the time to figure out how that works. I have enough on my plate trying to figure out Maidsafe. I’m hoping that Maidsafe can appeal to the masses beyond the current darknet community already familiar with Tor.

2 Likes

Its really quite simple. For this test release

  1. retrieving the .pac from the internet has a small security risk if MAID’s site is hacked and the .pac file is changed

  2. You have the same risks as you did before surfing the normal web, because you are using your browser with its current settings.

  3. SAFE web sites can link to the ordinary web and your browser will grab that content or bring up the web page if a link

  4. The launcher/proxy is only providing a way to access the SAFE protocol if you use .safenet

  5. There is no added security past the launcher/proxy ↔ Browser/PC interface.

TL;DR At this time you have the same security risks with or without the launcher while surfing the web or SAFE network. (Except extra possible risk of the .pac file being hacked/corrupted)

3 Likes

@nice: Are you using http or socks as the proxy? I tested it on two different machines with the same conclusion. Using localhost 8101 as http proxy works for http sites.

@Neo: That is not the issue/question that I have.

It boils down to: Why is the launcher allowing connections to anything outside the safenetwork? the local port 8101 is forwarding to any destination, regardless whether it is located on the safenetwork or not. I’d like to understand the reasoning behind this.

I was under the impression that there is a clear cut, but I’m probably missing something and I’d like to understand what :slight_smile:

Anyone had success with manual proxy setting on Windows?