SAFE Network Client Testing + Tor

Did anybody managed to view SAFEnet sites on Tor? It doesn’t really work for me, not even if I put the pac file on my desktop.

You still need the Launcher to connect you to the .safenet. The Launcher proxy listens on localhost:8101 if you start it and if you have Web Proxy flipped to enabled (Launcher > Settings). This is what was very poorly explained and what I commented on couple of days ago.

For Tor routing, see my comment here:

You’d have to force safenet_launcher (with .exe, in Windows) to use Tor for all 80 and 443 traffic for all non-.safenet domains. It’s too much hassle to deal with it for average users, and as you can see (a comment at my link above) David said they’ll change that behavior in a future version so it’s also pointless unless you want to learn about that stuff.

There are tools that can do that, but it’s not easy. If anyone wants to experiment with a user friendly tool, this one may be fun until Safe Launcher is fixed (free 30 day trial).

http://www.proxycap.com/tor.html

You could force safe_launcher.exe (executable on Windows) to use Tor for outgoing ports 80, 443, see if that works. As far as I can tell from my analysis 'safe_launcher` uses port 5xxx to connect to the SAFE network.

3 Likes

Not related but… I still haven’t worked out Tor after all these years. Points to SAFE so far lol…

2 Likes

That’s why I would suggest to wait until MaidSafe fixes the launcher. It’s not easy.

By the way, if your proxy (whichever you use) directs all .com|.net|.org.|.etc to the Web and the Launcher directs all requests to .safenet to SAFE via localhost:8101, you still have a situation where:

  • links to clearweb on .safenet sites send your requests to those sites
  • DNS lookups (which happen even if clearweb is blocked) still happen, so your DNS provider could see you’re asking for the IP of spysite.com and even if your proxy blocks you from accessing .com, you’ve proven (to the DNS provider and your ISP) that you visited a .safenet site which is the only location that had a GIF link to https://spysite.com/linked-only-from-test-dot-safenet.gif.

A proxy + tor combo that performs delegated DNS lookups can deal with the both issues, whereas a plain proxy can’t. In fact spysite.com doesn’t even have to exist to prove that you visited test.safenet com - your DNS query proves you did.

I see this beautiful jellyfish being put through a meat grinder and then magically reconstituted. Above I get the impression that its not that easy and my not be necessary or have much allure at a later date. Is there any sense of how much of a difference this paring would make at launch (if practical) and how necessary such a paring might be for the best in anonymous speech if SAFE proves out?

Let me rephrase. You’re mixing two systems that weren’t designed to work together to improve the magic shell game, its more latency and more in the way of other problems but how much of a difference might it make if it works to the the practical best we have right now? I do understand that we have trouble ruling out hardware trojans and the benchmark for this is not perfection.

In another other topic yesterday someone official-sounding or a mod said the leaky apps (that run on the client and send IP info to the mothership) need a stopgap solution for the next 12-18 months.

Don’t know what’s up with that. If there is no proprietary browser, what else can be done than Tor?

1 Like

Thank you. That helps.

If you use Linux (not sure if available for windows) you might try to run safe through ‘proxychains’ with proxychains configured to use Tor. Proxychains is a program that will force all network connections of an app through the proxy specified in it’s config. Don’t have any clue if it will work though as base connectivity between the app and Tor have to be compatible and I think Safe uses r-udp and Tor uses socks … doubtful that’ll work.

1 Like

If you use Linux, setting up transparent proxying over Tor for the user running Safe may be the best option: https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
This way you can avoid any leak to clearnet. This is more sure than using socksify solutions, which may still leak e.g. DNS queries, or other UDP traffic.
Of course if the safe launcher depends on anything but TCP connectivity this is not going to result in a connection. But then it’s impossible to run it over Tor in the first place.