Upon first connect to safenet are ips discoverable?


Have a quick newb question?

Upon launch does the browser connect to some main ip’s that could become blacklisted by counties attempting to filter by dns?

How will safenet bypass this issue so we may have a censor free internet?

For a completely new installation then yes there are seed nodes predefined. There after there is a cache on your machine of nodes that it can connect to.

In a country with those seed nodes blacklisted then the person you got the copy of safe from would most likely also have a list of nodes that you could use. Thus solving the issue. If you don’t have a list then I am sure you can obtain them from friends online/offline who could give you such a list.


Is there anything special about these seed nodes (similar to TOR exit nodes?), or can any node be used as a seed for a new entrant to the network?

When starting the network from scratch then the seed nodes are special. Node one is started then node 2 is started with node 1 as a seed node and node 3 is started with node 1 & 2 as seed nodes and so on until there are enough nodes operating.

For a network operating and is what I was referring to, there is nothing special and only used the word seed for want of a better word. So any node can be the node needed to connect to.

This means when I want to connect to the SAFE network my client only needs one IP address of any node. To join as a node (vault) then my machine also only needs to know one machine.

The socalled seed nodes list will be a few nodes since at any time particular nodes maybe off line and so by having a few (maybe 16) node addresses this gives the best chance of joining.


Thanks for the reply’s,

I would hope the initial seed node list would be encrypted and a list of all nodes will not be publicly available or decrypted / readable without the ability to get the private encryption keys from any programmer etc in order to boost the protection of the network true “autonomously” ?

With the main point of worry being if someone can decrypt the entire node list they can block the entire network in one automated script, then users may be forced to use a vpn, then they are targeting via massive bot scans ips to blacklist that host vpn’s on 1723 in some strict countries. Always some method of attack to plan for ahead of time and looking to see safenet as the leader in the defense of open internet for all.

The idea is, the initial list becomes irrelevant to users who have previously connected to the network. I suspect the list will be rotated to prevent blocking attempts.

Moreover, many community lists could be maintained. It doesn’t have to just be Maidsafe dictating this (or getting blocked).


The node (in the sense of IP addresses) list isn’t encrypted because every peer must have knowledge of the nodes which are connected to it so that reliable connections can be formed. This applies not only to bootstrap contacts but any contacts which join the network and are closer by xor distance to the others. You’re right that theoretically this list of closest nodes could be extracted in order to mount a denial of service attack however bare in mind that such an attack is not feasible if the protocol is secure (the right protocol will simply ignore any message it doesn’t understand), so you would also have to assume that the protocol the nodes use isn’t safe.

1 Like

Yes we will have bootstrap cache to remember all the Endpoints (and Public Keys) we could directly connect to (without NAT Traversal) last time so that next time we give those the priority and have many nodes to proxy off into the Network instead of just the hard-coded ones (the seed nodes). That way the seed nodes can then even go away and the Network wouldn’t care. Also the Endpoint is encrypted while the overlay is helping Crust to establish connections so that intermediate nodes/snoopers don’t know what these are, only the concerned parties. This reduces IP abuse even more. Then you have random ports (know via overlay) so that no one can say that it’s just port X MaidSAFE runs on, so let’s mass attack that, and no one can infer someone is communicating to SAFE Network (as ports are random and known via cache or via overlay as you discover/relocate nodes)


For the original poster their concern was that the authorities could take the seed nodes (initially) and add them to the GFC to block everyone behind it from joining. Then the authorities grab other nodes to block by seizing PCs and copying any public lists and block those nodes’ IP addresses.

Of course this would mean eventually that the GFC is blocking perhaps millions and millions of IP addresses in an attempt to stop SAFE.


ah yes, there would be many that would spawn due to random nature of endpoints it would be difficult to block everything once the network is huge as most of those Endpoints would be all over the world ideally - plus the ones that go offline and spring up again on a different port etc. So that would make blocking everything without affecting normal Internet usage difficult as you point out