Public Notice - How to hack SAFE Browser Plugin users

agreed. seems very much like attention seeking to me.

1 Like

I can not speak for other peoples motives but I think the dev team is great and David is my hero. I made my suggestions in an attempt to protect them from the real attention seekers.

The dev team trust this community to fill in the gaps as they work away at one of the toughest things to ever be done. @Powersign did his part by posting this notice which I’m glad got my attention by the way it was worded. Just doing my part by asking @Ross (who has been designated for customer service vs coding) to take some time to put a short warning in the MVP announcement thread. IMO newbies will not be coming to this thread but they will more likely go to MVP announcement thread considering it is pinned. If they do come here they will be that much more informed and that is a good thing.

FYI - @Ross, I think you’re great too and love your updates. Just a suggestion I’m sure you’ve already considered since the MVP. However, if you thought about it before the MVP release and decided against it I would love to know the reasoning.

2 Likes

Well it’s not easy, but it’s possible (maybe not even be hard with Tails), for example:

  1. Setup Tor gateway for all outgoing HTTP traffic
    OR
  2. Run Launcher as a separate user ID, and create app-specific or user-specific rules to
  • Prevent this user/app going out through 80/443
  • Allow everything else
    OR
  1. Use a smart proxy to create a similar combination of rules

Lately I’ve been setting up my home network to route some traffic through Tor, partially in order to prepare for these and other testing I need to do. Currently I route some traffic through a Web Proxy + Tor SOCKS5 server (some through the both) for incoming and outgoing connections. (It’s complicated and I’m not sure it’s worth the trouble and time, but who wouldn’t want to blow his weekend on such nonsense?)

Related to your claims that safe_launcher.exe makes those connections on its own: I looked and it’s true that it attempts to go out to the internet on its own. I don’t know whether I didn’t notice this before, or perhaps tamed its behavior using my outgoing Tor SOCKS5 proxy. But I messed around with the settings because I couldn’t connect yesterday so I don’t know what they were before.

Those who have Windows firewall could prevent safe_launcher.exe from accessing outgoing ports 21, 80, 443, 8443 and such (let it access the rest).

Ideally the Launcher should be fixed.

Edit: I forgot to mention another unusual thing I was doing: I wouldn’t set the system default proxy as official instructions say - I’d only configure that proxy localhost:8101 in Firefox, and I did that not to protect myself from the launcher but because I simply found that more convenient (as I could browse “normally” from my other browsers)…

1 Like

I didn’t see anybody mention: serving the PAC file through HTTPS would solve this for now. Or, you can just download it, check if it’s correct, and then point the browser to the local copy.

I’m sure these things will be done differently in the final version, and I’m even more sure it’s not going to be done by accessing the public internet; wouldn’t that be ironic? :joy_cat:

2 Likes

I personally think it is better to be straight up about topics like this than being quiet about it. I don’t think anybody discussing this topic in this thread is actually expecting complete privacy at this point of the development. Better they see a discussion like this directly at the beginning then finding out about it after a couple of weeks.

For me, this is the purpose of this release. Figure out how it is all coming together, discussing issues we think are important and coming to a conclusion. I don’t think this topic is hostile, I think everyone here has the best intentions.

4 Likes

Not replying with an opinion on the discussion but want to say that I absolutely agree with this quote and I’m very glad that we have got a community who can discuss this in their own house :).

4 Likes

No and it does not at the moment [edit - I need to clarify these points as they can be confused ] :wink: This is the confusion, the launcher currently will proxy everything you want, it contains a proxy server and proxies SAFE traffic (your browser will get local dns etc, but it is all configurable) . It may always allow that for folks who want that bridge and say, I have nothing to hide, I don’t care etc. etc.

There will also (very likely) be a Stay SAFE mode which may well have it’s own browser (I suspect this will happen pretty soon) to not use the proxy like this at all but to only recognise SAFE protocols.

My feeling is that as folk switch, like currently folk going to TOR are then we will see more folks who decide to stay SAFE, sorta like incognito mode but actually incognito. It will be interesting to see how far it can go into current browsers, but to bundle a browser would not be a huge issue. Some have a small enough footprint to start doing this, like Brave so lets see.

Hope that is a bit better, shout if not though. It’s worth getting ll this right.

[Edit, maybe we should do a post that clarifies exactly what the proxy is, what the pac is and how you get both clear and SAFE traffic and links. We will do this step by step and make sure everyone is comfortable though and when there is a STAY SAFE button then we will poke it like mad for any vulnerabilities]

15 Likes

In your view this is strongly worded. In my view it’s not. It’s reality and devs should not be affected by these comments which are insignificant realities of life. I know you’re coming from a good place - your heart - and that’s cool, if you’re at a dinner party, but here its business. The business of building software and a product. Where men run wild and sheep are scared. Devs should’nt be reading comments from the cheap-seats anyway. What do we know? If we were so smart we be in Troon or on GitHub. GL

2 Likes

Just as a side note if it can help regular web browsing in firefox:

go to about:config in firefox / icecat

search for “keyword.enabled” , and toggle its value to false.

( more info : Search the web from the address bar | Firefox Help , scroll to “Turning off the web search in the address bar” )

This will disable the so called “smart bar”, and make it a dumb URL bar. A mistyped URL won’t trigger google ( or whatever engine you have set ) search. You’ll have to either use a dedicated search field, or go straight in your search engine web page to trigger a search.
To me the “smart bar” “feature” is nothing but a logging trap, and while I would not be surprised that Chrome has no option to turn it off, I was sad when Mozilla made it on by default in Firefox.

while you are at it :

browser.urlbar.autocomplete.enabled and
browser.urlbar.autoFill

could go to FALSE aswell…

1 Like

I don’t particularly agree here. Not only might you have to fork to disable certain things, but you would also have to maintain an update channel the same way the regular evergreen browsers do. Granted there is not a much better way to handle this. I mentioned in my post above that you can combine Electron w/ CSP headers and protocol interceptors to provide a decent webpage viewer but you lose the extra browser stuff like bookmark mgmt, download mgmt, etc.

1 Like

If the devs had set out to deceive or had released a final release version, I would share your opinion. However, this was an initial, heavily experimental, test release which is still work in progress and should really be received as such.

2 Likes

It’s not even the MVP, it’s more like: yo guys check this out, it actually kinda works!

2 Likes

Agreed, for the informed. Unfortunately there are a lot of uninformed out there who will come back and accuse the devs of deception. This is what we are trying to prevent.

These same uninformed may not even read our warning but at least we can point them to it. We are not asking for much. In Ross’s recent update he had a small line that said [quote=“Ross, post:1, topic:7567”]
if you have privacy concerns it may be better waiting until this phase has been completed.
[/quote]

That made me very happy to see. I think that the devs were so excited to release the MVP that the announcement had a bug in it. Think of what we are doing as reporting that bug but on the nontechnical side.

I appreciate this thread because it helped me to decided not to continue testing not just because of privacy concerned but because I realized that my contribution at this stage will be limited and may even hinder the more technical of the community to focus on the bugs. Once the testing is more advanced I will begin to help test again to give my opinion on the front end user interface experience.

2 Likes

Uhh yeah totally. I need a walk me through take me by the hand step 1 step 2 tutoroial for when farming goes live. Will be hard because of different hardware and software but we’ll see how that goes.

1 Like

PAC files are something close to our heart as they are the core of PacketFlagon.is but the point needs to be made that PAC files can be quite dangerous especially if served over plaintext and hosted somewhere that malicious actors can seize.

When we re-acquired https://Immunicity.org after the City of London Police seized it we found that 33,000 people were still using the PAC file. The Police could have been proxying their traffic and if a malware distributor had acquired the domain instead of us then that’s 33k botnet hosts for the taking.

We are working on a small GoLang based local HTTP server that can serve a PAC file tailored to the users threat model and would suggest that the MaidSafe launcher do something similar by having a simple http listener to serve the PAC file locally with differing PROXY / SOCKS statements.

E.g. we’ve published https://brasshorncommunications.uk/safe_proxy.pac for our members to use which will use the MaidSafe launcher for *.safenet and then attempt to use the standard Tor daemon SOCKS port (9050), failing that the Tor Browser Bundle SOCKS bind port (9150) and then finally the normal Internet connection (DIRECT).

function FindProxyForURL(url, host) {
    if (shExpMatch(host, "*.safenet"))
     return "PROXY localhost:8101";

        return "SOCKS localhost:9050; SOCKS localhost:9150; DIRECT";
}

The MaidSafe Launcher served PAC could have a simple slider;

  • SAFENet only
  • SafeNet + Tor SOCKS
  • SafeNet + Tor SOCKS (failback to DIRECT)
  • SafeNet + DIRECT
4 Likes

First off, welcome to the forums!

Second off, that’s a very interesting story, and your company seems to have strong morals.

Why use PAC files at all for your service? You mentioned the London police could have easily been routing those user’s internet traffic.

(s)he understands.

Tor is a simple solution and as I’ve said on countless occasions, doesn’t require a single minute of engineer time of MaidSafe engineers.

  • If you want to stay SAFE, use properly done SAFE sites. Just like you wouldn’t visit spyware infested pr0n sites (unless you have to)
  • If you can’t resist, use this approach
  • If you don’t give a damn, use direct access to clearweb

The solution can’t save fools from their own foolishness so naturally there will be continued calls for a SAFE-made browser even at the cost of engineering resources that should better not be wasted on any non-core activities.

We relaunched the service “as is” because that’s how people were expecting to use it. But also because the PAC files in the PacketFlagon system only send URLs you explicitly add (e.g. the ones your ISP has blocked) through our proxies, all other URLs go over your normal Internet connection. This saves us bandwidth and ensures your non-censored browsing isn’t at risk of evesdropping by our proxies.

The relaunch(es) ( The Art of Unblocking Websites Without Committing Crimes * TorrentFreak / Takedown Resistant 'Hydra Proxy' Launches to Beat Censorship * TorrentFreak ) were more about standing up to what we perceived as an overreach by law enforcement than building a better product.

The original owner of Immunicity handed over the domains voluntarily, we however would not and the Police can no longer route that traffic as we have complete (legitimate) control of the domain now. The domain is with a registrar that will not surrender the domain in violation of ICANN rules and the domain does not break any laws.

1 Like

I was thinking about how backwards thinking it is to consider targeting clear net websites while on SAFE. There’s no sense enabling that is there? @janitor I see your point from previous posts about how nsa whatever can share resources and de-anonymize users potentially and completely defeating the purpose of SAFE.

1 Like

Just noting here that normal users, might be put off ‘hacking’ and ‘patching’ something they don’t understand.

Easier perhaps would be to have the MaidSafe Proxy Setting webpage suggest two alternates clearly.

Choose one:

  • A pac file that allows access to SAFEnetworks and normal internet.
  • A pac file that allows access to only SAFEnetworks.

That second pac, I expect would be:

function FindProxyForURL(url, host) { 
     return "PROXY localhost:8101"; 
}
1 Like