I have a new idea for an alternative to “safe:” for helping browsers with a SAFEnetwork add-on, to access SAFE URLs.
This follows on from the discussion about URL handling by the safe browser plugin, where we were suggesting ways to deal with the problem that not all browsers can intercept the original idea of using “safe:” instead of “http:”
@neo and others made some good suggestions such as in the following post (refer back to see the other ideas floated)…
During the discussion, I liked the second idea of @neo’s above, more than the others, but I’m now suggesting something else.
The reason is that I think it’s important to do as much as we can to make it easy for people who don’t know about SAFEnetwork, and don’t have the SAFE browser add-on installed, to access it.
I take the 19 likes that this post got as at least in part due to support for that to be a priority :
Using A Real Domain We Own
My suggestion is that we use a normal domain, such as safenetwork.net (or maybe something shorter), so that a safe URL would look exactly like a normal URL: for example “http://safenetwork.net/happybeing” would be used to refer to the SAFEnetwork “DNS” of “happybeing” etc
Behaviour would then be as follows…
- user with SAFE browser add-on: browser add-on intercepts the URL and displays the content from SAFE domain “happybeing” - this behaviour is exactly like the other schemes such as “safe:”. Content is served directly from SAFEnetwork by the browser add-on.
- user without SAFE browser add-on: the website on the old internet at safenetwork.net is accessed and displays a page informing the user “You are trying to access a resource on SAFEnetwork, a new public secure internet for everyone. Before you can access this secure anonymous website, you must install the SAFEnetwork add-on for your browser from the official Chrome (or firefox etc) add-on repository. This is necessary to ensure anonymity and end to end encryption, by accessing the website through SAFEnetwork rather than the existing internet, which has inferior privacy and security. If you are concerned about this, you can read more about SAFEnetwork here: http://safenetwork.org. Or to visit the repository and install the SAFE browser add-on click here”
The above is just an illustration, and applies to accessing a website URL. The output can be tailored to reflect the browser being used, and point directly to the appropriate add-on. We would need to handle embedded resources (eg images) that appear within an existing web page differently - or perhaps just ignore them.
The advantage here is that users without the SAFE browser add-on will be told about SAFEnetwork and directed as to how to access it. Whereas, with all the other schemes they would just get a “site not found error” when trying to access a SAFE website, and give up.
It then makes sense for us to share SAFE websites widely, and for them to be linked to and used interchangeably with existing website URLs - including in press releases, articles, tweets, facebook shares…anywhere!
The first three replies below do not apply to the above proposal, so I’m adding this clarification:
The website does NOT serve up SAFE content. If you have the SAFE plugin installed, the website is NOT visited.
So: no central point of failure, no place to do surveillance etc.
The website will be visited only if someone doesn’t have the plugin. To access the SAFE URL, the user is encouraged to install the SAFE browser add-on, but nobody will know if they did or not, so any surveillance is of little value and the website can of course use SSL/https - so just like visiting a normal website like safenetwork.org. There’s no way to block access, or spy on those who have gone on and installed the add-on.
Privacy Concerns v Privacy Benefit from Mass Adoption (edit)
IMO we’re not creating significant additional risk here - but we are introducing many more people to SAFEnetwork by instead of showing them a “Website not found page”, showing them a page that helps them install the browser add-on, and vastly increases their privacy and security by doing so. And, very important, making rate of adoption much faster, benefiting more people, and increasing the chances of SAFEnetwork being successful.
The biggest risk to people is if SAFEnetwork fails to be adopted widely and becomes another Tor, used by very few, easily sidelined and demonised etc. Or that the individual tries a SAFE link and didn’t get the chance to learn about SAFEnetwork and install the SAFE browser add-on.
How Important is Widespread Adoption?
I’m curious to hear from the community about this question: is widespread adoption a priority for you, or not?
I think widespread adoption of SAFEnetwork is the way to improve people’s security much more than if we get stuck trying to build a perfect system, and far less people use it as a result!