Public Notice - How to hack SAFE Browser Plugin users

this is way too complicated… just make a modified version of mozilla like tor has that just doesnt go outside of the network.

Project SAFE is brand new software. You can’t expect it from day 1 to be safe. Even if there was no link to the good old internet and all it’s cookies and trackers I would be very curious to expect your data and the network to be safe. We had warnings that our data might get lost. But next to that, normal internet browsers aren’t made to protect your privacy. It’s actually the opposite if you use Chrome for example. So why all these warnings in an MVP? There might me a security risk in the protocol as well, even if you would use a dedicated browser for the project. I think we are quite safe, but we’ll know more and more about our safety in the coming months when we see updates and more testing. And btw. the folks from Ethereum are live for months and only yesterday they removed their security warning saying the network was still un-safe. Creating P2P-networks like this is very complicated. So just understand that we are all testing the software and won’t be 100% safe for sure in the coming months.

I understand this but I am a regular here and did not understand how browsers worked until reading about it here.

I like everything you said and would appreciate it if @Ross would just copy and paste it onto his update under an inbolded warning section. Or just do like Ethereum and put somewhere in bold that this project is still un-safe and use at your own risk.

@polpolrene you have a lot of valid points. However, I think it’s less intuitive to an internet-dweller what features the SAFE Launcher does and does not currently have.

Ethereum’s warning message is fantastic, and I sincerely hope we mimick it in some capacity.

It’s all about managing expectation.

I like how firefox does it. When you go in private more, it informs you exactly what you are safe from. The safe launcher should make the same effort the set the right expectation, a simple list of “safe” / “unsafe” would do the trick. Once the expectation is set, it becomes the responsibility of each users to take the necessary measure to achieve the level of privacy they seek.

And I don’t think the ability to be totally anonymous will be the feature that will attract the mass to Safe. So if people mix clearnet and safenet it’s really not a problem, as long as its clearly understood.

Over time we’ll see community based Safe certificate. Open source applications and websites that run only on Safe would get certified by the community and people who wishes to stay only on Safe will be able to look for these product.

So yeah, just add a few lines of text to the launcher explaining what to expect from it and everything is fine.

I think this is even more important for a project like Maidsafe than Ethereum. Unless you are deep in the cyrptocurrency world, Ethereum will means nothing to you. But if you tell someone that Maidsafe is building a whole new internet to provide privacy and security for everyone, you need say more. They get it. Let’s just help them look before they leap.

Tbh, this all seems pretty harsh on the devs. Who was going to trust their secure data and identity of on the first, basic, test release?

Was it really necessary to create such a strongly worded notice, when there was little expectation of security in this release in the first place? New people are going to come to the forum, see this, think safe net is insecure and leave. No need for all that at this point.

I am extremely pleased that the devs released what they did, when they did. Let the devs work away and assume it is warts and all.

agreed. seems very much like attention seeking to me.

I can not speak for other peoples motives but I think the dev team is great and David is my hero. I made my suggestions in an attempt to protect them from the real attention seekers.

The dev team trust this community to fill in the gaps as they work away at one of the toughest things to ever be done. @Powersign did his part by posting this notice which I’m glad got my attention by the way it was worded. Just doing my part by asking @Ross (who has been designated for customer service vs coding) to take some time to put a short warning in the MVP announcement thread. IMO newbies will not be coming to this thread but they will more likely go to MVP announcement thread considering it is pinned. If they do come here they will be that much more informed and that is a good thing.

FYI - @Ross, I think you’re great too and love your updates. Just a suggestion I’m sure you’ve already considered since the MVP. However, if you thought about it before the MVP release and decided against it I would love to know the reasoning.

Well it’s not easy, but it’s possible (maybe not even be hard with Tails), for example:

1. Setup Tor gateway for all outgoing HTTP traffic
   OR
2. Run Launcher as a separate user ID, and create app-specific or user-specific rules to

• Prevent this user/app going out through 80/443
• Allow everything else
  OR

3. Use a smart proxy to create a similar combination of rules

Lately I’ve been setting up my home network to route some traffic through Tor, partially in order to prepare for these and other testing I need to do. Currently I route some traffic through a Web Proxy + Tor SOCKS5 server (some through the both) for incoming and outgoing connections. (It’s complicated and I’m not sure it’s worth the trouble and time, but who wouldn’t want to blow his weekend on such nonsense?)

Related to your claims that safe_launcher.exe makes those connections on its own: I looked and it’s true that it attempts to go out to the internet on its own. I don’t know whether I didn’t notice this before, or perhaps tamed its behavior using my outgoing Tor SOCKS5 proxy. But I messed around with the settings because I couldn’t connect yesterday so I don’t know what they were before.

Those who have Windows firewall could prevent safe_launcher.exe from accessing outgoing ports 21, 80, 443, 8443 and such (let it access the rest).

Ideally the Launcher should be fixed.

Edit: I forgot to mention another unusual thing I was doing: I wouldn’t set the system default proxy as official instructions say - I’d only configure that proxy localhost:8101 in Firefox, and I did that not to protect myself from the launcher but because I simply found that more convenient (as I could browse “normally” from my other browsers)…

I didn’t see anybody mention: serving the PAC file through HTTPS would solve this for now. Or, you can just download it, check if it’s correct, and then point the browser to the local copy.

I’m sure these things will be done differently in the final version, and I’m even more sure it’s not going to be done by accessing the public internet; wouldn’t that be ironic?

I personally think it is better to be straight up about topics like this than being quiet about it. I don’t think anybody discussing this topic in this thread is actually expecting complete privacy at this point of the development. Better they see a discussion like this directly at the beginning then finding out about it after a couple of weeks.

For me, this is the purpose of this release. Figure out how it is all coming together, discussing issues we think are important and coming to a conclusion. I don’t think this topic is hostile, I think everyone here has the best intentions.

Not replying with an opinion on the discussion but want to say that I absolutely agree with this quote and I’m very glad that we have got a community who can discuss this in their own house :).

No and it does not at the moment [edit - I need to clarify these points as they can be confused ] This is the confusion, the launcher currently will proxy everything you want, it contains a proxy server and proxies SAFE traffic (your browser will get local dns etc, but it is all configurable) . It may always allow that for folks who want that bridge and say, I have nothing to hide, I don’t care etc. etc.

There will also (very likely) be a Stay SAFE mode which may well have it’s own browser (I suspect this will happen pretty soon) to not use the proxy like this at all but to only recognise SAFE protocols.

My feeling is that as folk switch, like currently folk going to TOR are then we will see more folks who decide to stay SAFE, sorta like incognito mode but actually incognito. It will be interesting to see how far it can go into current browsers, but to bundle a browser would not be a huge issue. Some have a small enough footprint to start doing this, like Brave so lets see.

Hope that is a bit better, shout if not though. It’s worth getting ll this right.

[Edit, maybe we should do a post that clarifies exactly what the proxy is, what the pac is and how you get both clear and SAFE traffic and links. We will do this step by step and make sure everyone is comfortable though and when there is a STAY SAFE button then we will poke it like mad for any vulnerabilities]

In your view this is strongly worded. In my view it’s not. It’s reality and devs should not be affected by these comments which are insignificant realities of life. I know you’re coming from a good place - your heart - and that’s cool, if you’re at a dinner party, but here its business. The business of building software and a product. Where men run wild and sheep are scared. Devs should’nt be reading comments from the cheap-seats anyway. What do we know? If we were so smart we be in Troon or on GitHub. GL

Just as a side note if it can help regular web browsing in firefox:

go to about:config in firefox / icecat

search for “keyword.enabled” , and toggle its value to false.

( more info : Search the web from the address bar | Firefox Help , scroll to “Turning off the web search in the address bar” )

This will disable the so called “smart bar”, and make it a dumb URL bar. A mistyped URL won’t trigger google ( or whatever engine you have set ) search. You’ll have to either use a dedicated search field, or go straight in your search engine web page to trigger a search.
To me the “smart bar” “feature” is nothing but a logging trap, and while I would not be surprised that Chrome has no option to turn it off, I was sad when Mozilla made it on by default in Firefox.

while you are at it :

browser.urlbar.autocomplete.enabled and
browser.urlbar.autoFill

could go to FALSE aswell…

I don’t particularly agree here. Not only might you have to fork to disable certain things, but you would also have to maintain an update channel the same way the regular evergreen browsers do. Granted there is not a much better way to handle this. I mentioned in my post above that you can combine Electron w/ CSP headers and protocol interceptors to provide a decent webpage viewer but you lose the extra browser stuff like bookmark mgmt, download mgmt, etc.

If the devs had set out to deceive or had released a final release version, I would share your opinion. However, this was an initial, heavily experimental, test release which is still work in progress and should really be received as such.

It’s not even the MVP, it’s more like: yo guys check this out, it actually kinda works!

Agreed, for the informed. Unfortunately there are a lot of uninformed out there who will come back and accuse the devs of deception. This is what we are trying to prevent.

These same uninformed may not even read our warning but at least we can point them to it. We are not asking for much. In Ross’s recent update he had a small line that said [quote=“Ross, post:1, topic:7567”]
if you have privacy concerns it may be better waiting until this phase has been completed.
[/quote]

That made me very happy to see. I think that the devs were so excited to release the MVP that the announcement had a bug in it. Think of what we are doing as reporting that bug but on the nontechnical side.

I appreciate this thread because it helped me to decided not to continue testing not just because of privacy concerned but because I realized that my contribution at this stage will be limited and may even hinder the more technical of the community to focus on the bugs. Once the testing is more advanced I will begin to help test again to give my opinion on the front end user interface experience.