SAFE + [?Tor for external content]

This maybe more a bug than a feature - or is it an opportunity for the future?..

I think it’s important to recognise what SAFE can do and what it cannot. SAFE is secure storage of data and does that well but it is not then the browser or the hardware. Since SAFE websites can trivially draw on external images and since a user would not be aware of that, I wonder there is a risk that needs to be acknowledged and understood.

Scenario would be, for example, a Chinese user visiting tiananmensquare.safenet where that site links to a clearnet image. While the user can see content from SAFE that they perhaps would not otherwise see, their privacy perhaps would be compromised by the direct request from them to tiananmensquare.jpg.

So, a solution I wondered would be to look at SAFE websites with Tor browser but it’s not so simple and I could get it to work.

Manual proxy configuration for the http proxy to become localhost:8101 or alongside Tor SOCKS proxy, did not work.

Neither did fixing the pac by replacing DIRECT with the Tor Proxy.
tor.pac I tried was then:

function FindProxyForURL(url, host) { 
    if (shExpMatch(host, "*.safenet")) 
     return "PROXY localhost:8101"; 
    return "PROXY localhost:9150"; 

Nor did putting that tor.pac to the system and suggesting to the Tor browser that it use system settings.

and I tested those options alongside a vanilla browser that was seeing the safenet well enough.
The error via Tor browser was typically that it could not find proxy server.

So, Tor Browser perhaps is fixed to ensure that its proxy isn’t not working for Tor’s purpose… but what option to ensure that users are able to browse SAFE websites privately?

1 Like

I wonder a bad fix would be to push everything through SAFE but that’s fiddly for users to switch their proxy to and from that. I’ve not tried this to know how SAFE proxy reacts to other content requests but expect it would be null response to those.

I guess that would be then a .pac of the form:

function FindProxyForURL(url, host) { 
     return "PROXY localhost:8101"; 

Better option will be through I2P. But…What is the purpose of using
safe through tor/i2p anyways? Safe is uses xor addressing, making it
more anonymous.

Edited: Oh you’re talking about tor browser.

Nevermind then.

Just noting the solution to this mixed content risk, is described at