Real applications and Anonymity

Hi guys, it’s me again trying to understand the potential and limitations of this interesting project. Let’s suppose I own a physical shoe store and want to create a website within SAFE Network to sell my products. Customers who bought my products would need to inform their addresses to me. Would this compromise the anonymity of those customers? Or it is possible that they will create a specific account on my site so that I can never know the connection between my site x SAFE Network account?

The same logic applies to social networks. If I want to have a real profile in a social network within SAFE, will that compromise everything I do within the SAFE Network?

People who want anonymity will likely have multiple IDs in the one account

If they need to use their real details for say buying stuff to be sent to their physical address then one ID will be used for that.

Then another ID for anon surfing of forums.

And they could have more IDs if they want. Maybe in the technical forum they might use one ID and give it a science sounding name associated with the ID. Then for movie forums etc they might have another ID and associate another name to it. And so on

The IDs have no relation to each other unless the user informs others of said association. Eg they say they are known by ??? in the movie forums. Then the 2 IDs can be associated by others.


When you say “multiple IDs” you mean that the user needs to create multiple SAFE Network accounts? Or are you saying that the IDs of the websites/applications have nothing to do with the SAFE Network account? That is the point I would like to understand.


Its multiple IDs in the one account.

Basically everything has an ID, the account, the coin balances, the user ID being used.

So when you join a site you would use a ID. One that is generated by the safe site or one that your client UI would create when you ask it to. Could be created by the SAFE browser too I suppose.

So really ID could be one stored in your account or one the SAFE site assigned when you create a profile for it.

Now the principle would be that the ID is the one the user supplies to the SAFE site to allow the user to have consistent ID across sites and have auto login since the client could automatically counter sign the login proving it is that ID. This allows you to have only one password for your account and secure login to multiple sites with any number of “unrelated” IDs. This is the ultimate password keeper since there is no passwords except your account passphrases or passwords.


For example

Account and under that account we can have

  • ID1
  • ID2
  • ID3
  • and so on

And for web sites the user might use
Site A - ID1
Site B - ID2
Site C - ID1
Site D - ID1
Site E (selling goods) - ID3
Site F (Selling computers) - ID3

So here ID3 is being used for sites where the user has to provide in their profile for the site their real name/address.


Ok, I think I got it, thank you. That means even KYC/AML portals like stock market brokers could exist inside SAFE Network, right?


Yes. There is no reason why they could not since they just demand you give them those details.

But those sites do not need to know your account also visits other sites. By using different IDs there is no tracking.

In theory you could send SAFEcoin using a different coin balance ID each time and thus no tracing via using the coin balance ID


In addition to what Neo has said, if you use a single ID in more than one instance, you have significantly de-anonymized yourself. That is to say, if you’re consistently using “ID3” for more than one thing/site, you’ve given people connectable patterns of behavior with which to deduce who you are. Real anonymity has been essentially dead for quite sometime now.

Part of that is identity-driven; the other part is behavior driven. Most people don’t and won’t spend the energy necessary to make sure there are no linkable patterns in their behavior. There have been interesting papers written over the past decade detailing why only 4 data points is enough to identify someone—particularly if spatio-temporal data is involved.

In short, while SAFE can provide the ability to use multiple IDs and will not of itself identify the user, the user’s behavior may do so.


Just to build off of what @Sotros25 said, I believe that what has been shown in the UI/UX development by Maidsafe is that when posting or uploading anonymously, it is actually a one time throw away anonymous ID.

I would assume once Identity Management is in focus that most people will have a Public Facing SAFE ID (which should still be devoid of today’s excessive online tracking), then some alias SAFE ID for pseudonymous use with the expectation of little tracking or deanonymizing, and then posting with a one time throw away anonymous ID when they require true anonymity.


Ah! You’ve struck on one of my favourite areas of the SAFE Network, Identities and ecommerce. The plans and possibilities are really exciting… buckle in, and I’ll give you my take.

The first thing to note is that a user of the Network only ever needs one ‘Account’ (aka login). That means just one set of credentials to remember—a password and passphrase. Then within this account, they can create as many identities, or SafeIDs, as they need. We know people wear different hats in life, personal, professional, family, hobbies, temporary. All of these different identities can be accommodated and separate, but still allow all the data to be readily accessible, and organised.

When using identities on the network, there are four main modes of operation:


This is a way of using your regular IRL identity on the network, so you are discoverable by friends, or readily identified professionally, for example.

SafeIDs allow this via a unique handle, such as @JimCollinson, plus a Name which need not be unique, plus a fully customisable profile.


The ability to create new SafeIDs whenever you wan, allows you to use the Network pseudonymously. This could be through persistent a pseudonym, or through throw away ones. So if you want to separate our different parts of your life, or have different identities when using different apps or sites, we’ve made that very straightforward.

These identities are not linked to your ‘Account’ or to other identities in way that is readily discoverable by other users or apps, but as others have pointed out, that could possibly still be inferred through a pattern of use.


Should you need to publish or edit data anonymously, then we give you the ability to do that. It’s done in such a way that there is no identity associated with it, so the identity could not be reused by mistake.

Data that you publish anonymously can still be accessed and organised by you at an account level though; you’ll be able to see a history things you’ve edited anonymously for example, all in one place, it’s just that this is only available to you, and not anyone else.

This is the mode you find yourself in by default but the way, many users will choose not to create an identity at all, and that’s fine.

Also just a reminder that browsing and reading data from the network is always anonymous. There is no way for this to be tracked, monitored, or monetised. You don’t even need to create an account for this.

Anonymous Data Drop

And should you want to—and admittedly this is a bit more of a niche use case—you can also just drop data on the network anonymously, with no identity, nor with it even being accessible via your own account login. In essence it would just ‘appear’ on the network at a random unique URL. What you would then do with tis URL would be up to you.

So this is a way to, say, whistleblow data onto the network without the susceptibility to—and I’m sorry for the grim reference here—a rubber-hose attack.

One thing thing about SafeIDs and the identities you use on the SAFE Network that gets me really amped, and it’s not always immediately understood, is that they are not siloed in apps, or, sites or services: they span the entire Network. That’s the awesome sauce that a decentralised internet, and the power of linked data provide! Just a few (but by no means all) of the upsides:

  1. I won’t need to create an account or identity for each new site or app I use
  2. I can choose to use as few or as many identities as I want, yet I can have access to them all in one place.
  3. I can interact all over the network, but see all replies in one place should I choose. I’m not confined to a single UI.
  4. I can be tagged with my SafeID (by someone typing @JimCollinson) anywhere on the network, and I can be notified about it, leap in to see it in context, or just consume it via a feed or UI on my choice. Again, no siloing of data here. And again, joy-upon-joy, we get this whole thing network-wide, with conversations started in a channel desired by the sender, and with a context appropriate for the recipient.
  5. We get global—network wide—contacts management, that’s always up-to-date. So If I update something about my Identity, like me street address for example, then this gets updated for everyone.
  6. As a consumer, on the network, I can verify sources across multiple sites (e.g. news outlets) and have them all referenced in a single timeline.
  7. As an app developer, I don’t need to worry about dealing with people’s private data any more… no more login screens, password handling or GDPR to worry about. That’s all taken case of by the network, with personal data handled by the users themselves, I don’t deal with that any more. All I need to be concerned with is creating useful software.
  8. The list goes on!

And since you are mentioning ecommerce I should mention what gets me excited there—did I mention I was excited?

Of course in your example you are asking about anonymity and physical shipping, which is always going to have it’s concerns, when crossing the boundary between the online and meatspace. But… there are reasons to consider why the SAFE Network could be really transformative for ecommerce, and in particular for small and independent traders, as well as shoppers too. And that is down to network wide Identities and the secret sauce of linked data. Picture this with me:

First of sending and receiving Safecoin is super easy. I have a nice, human readable identity for myself, like @jimcollinson, and send and receive Safecoin from that address, privately. No fears of losing things, worrying about who does what with the secret key.

It’s as easy as Pay @jimcollinson 100. That’s it.

And if I wanted to do this anonymously, that’s doable too. We’ve created a mechanism where an intermediate one-time wallet is created for you. Simple.

So, apart from just the raw usability of this Safecoin itself, the amazing thing is what Safecoin and the other features of Safe Network combine to enable. For traders and individual websites, it’ll be really easy to enable commerce and accept payments for my wares, it’s all built in to the network…

…and as a shopper I can go on a shopping spree network wide, with a single shopping basket, in a really easy way, not have a million logins. When I’m ready to check out, I click once to pay, and all these disparate traders get paid, with no middlemen involved.

Plus, now with linked data, their contact information, and my shipping information is always up-to-date, not siloed all over the place. If I have ordered from 50 different merchants on the way, I just update my address on my own profile, and they all have it instantly. And of course, that’s only accessible to the merchants I choose to share it with, and I can turn off the tap to that data at any time I like.

I could go on! Did I answer your question there?


This sounds really great, Jim. Thanks for clarifying the basics. Just wondering: Do you think the average user of SAFE Network will need some coaxing along the way, because of the learning curve? In other words, is there a plan to allow the onboarding (is that a word?) of someone in a gradual, non-technical way so they are not overwhelmed by the possibilities before even getting started? I think that would accelerate the widespread adoption of SAFE if it could be accomplished.


Linking this earlier idea for anonymous physical shipping


Oh yeah, that’s what we’ve been working on for many months. I made a video about our process for designing the initial onboarding to the network. It doesn’t cover the creating old an identity, just the bit before that… but I can give you some idea of what the experience will be like. It’s harder and more complicated to explain these concepts than it is to actually use the thing, as most of the UI patterns will seem pretty familiar.

Once you’ve grabbed yourself an account—as per the video—you’ll be prompted to create a SafeID should you wish it. It’s pretty easy:

Each identity you create will have a history accessible to you only, together with payments sent to/via it, and you can also see (and customise) your public facing profile for that identity.

And you can access all your identities, and create new ones, in one place too:

Sending payments will be pretty straightforward. All you really need it the recipients SafeID…

(Or event faster if you check out the ‘action menu’ approach shown in last week’s dev update.)

Plus doing things anonymously is simple too, an one-time wallet is generated for me on the fly, and the funds are then bounced via that from/to my wallet:

This is the very basics, and the practical mechanics of the ecommerce I haven’t gone in to here. But you could think of it as a site owner including a small snippet of code alongside the product they are selling, with the browser handling the shopping cart and instigating the payment via the identity selected by the customer. Although that won’t form part of the initial UX we are building, but I’m keen to get it working as close to launch as we can.


Thank you very much! It helped me to increase the list of advantages of the Network as well.


I wonder one problem that I haven’t seen addressed is the way that nature forgets.

I don’t know if there will be merit in some applications that retain association for a time and forget those later. More fluid relationships from that might be useful?.. perhaps not based on identity but activity.

Just a thought and not a well formed one even but perhaps from such nonsense something grows?



Could you explain a bit more about what you mean, or give an example?

You’re a wizard, Jim, a wizard I tell ya!


lol … I really can’t! It really was half a thought. It’s an aspect of physics that I wonder about on occasion that quantum mechanics perhaps allows for loss of what is knowable.

Just for something based on nature, it’s sometimes worth wondering what parallel there might be.

The other, less than half thought, I had was wondering what kind of analytics might arise from SAFE activity… and how whatever those are could ever be useful.

Filed under “wtf is that” and “return to later if I have a better thought”…

What I first thought you meant (and just wanted to clarify) was giving an app access to a piece of data for a limited duration; to which the answer is of course yes! We’ve built this in to the permissions manifest system, it’s covered in this video.

But if course, in the concept of apps, on the Safe Network, we aren’t talking about other eyeballs, it’s just you manipulating your own data with a given app. In fact, we are renaming permissions to capabilities to help make this clearer.

But when it comes to sharing data with another individual or business, such as sharing a shipping address, then we haven’t designed the full flows for this yet, but it would work in a similar way. I could perhaps add a duration rule of “until my product ships” to your address data.

Of course, you can’t get people to unlearn something once they know it, but at least you wouldn’t be creating a persistent link to this data, so the wouldn’t be able to see any future updates to it.

Perhaps that can help with the thinking… I’m keen to hear any other scenarios or points-of-view to help inform all these design when we move on to it.


Yes, I was coming at it from Privacy.

I don’t know if there’s use for time limited signatures; so, subscribing to something as a hold or grasp on it, that requires being reconfirmed after a time. I guess voting is of that class; perhaps then options on distributed politics, where perception needs to be checked on occasion??.. but unclear if there is benefit over more traditional ideas of distinct data in an application… and what is time, is a problem for this too…

Half thought solutions where there is not a problem lead to rambling :slight_smile:

1 Like