Heyhey - stupid question because of a discussion that I had/have
I remember that the safenet browser is meant to block clearnet calls because cross site scripting is evil (?) so what precisely is blocked/meant to be blocked?
Can I write a web app in Javascript that executes bitcoin transactions? Can a web app get information from a clearnet rest api or do I need to implement a standalone relay for service for all clearnet information I want to use? (couldn’t ‘the evil guys’ do the same? So blocking clearnet connection doesn’t bring any security benefits?)
I’m not sure if you can communicate outside the browser (eg using sockets) but I hope not, at least not without the users express permission. Probably best not at all.
So I hope and expect none of those things will be possible from a web app in SAFE Browser by default, though some things might be opt in.
There’s nothing to dp stop a desktop app doing those things, which is one reason the browser will probably be the recommended way to access the network. It is much easier to secure, and the desktop is vulnerable anyway.
Well - this really is makes it harder to to create a web app that…e.g. Wants to use the current $/Safecoin rate from a source in the ‘outer internet’
And without signaling in place it in addition to this costs you if you want to provide this service to yourself …
Ps: with signaling in place and a ‘standard relay server for rest calls’ this would not be a real hurdle-just means a service provider needs to run a server (while at raspberry would be enough for some relays) - but was signaling on the horizon atm?
My point of view is that if a Safe app , or safe web app can query a clearnet server, the server can identify the machine that sent the query. Then it takes 10 minutes scripting to correlate that with a safe ID and defeat the whole Safe purpose, or at least the privacy part of it.
I suppose if we want to have information like Safecoin price available inside the network, it takes a machine that polls that from clearnet, and publishes it to the safe network, so that the safe users machines don’t have to.
Absolutely - but you do see that if safe doesn’t Natively support clearnet relays this eliminates many possibilities/creates the need for running relay nodes for service providers… And if I need to run a relay node for all requests my users do this is 1. Information I don’t want to have 2. A burdon I would like not to to have…
I didn’t mean a relay, I meant a machine somewhere, lets call it “A”, keeps polling the safecoin price, or the temperature in London, or whatever, and it writes it to a public Safe file every 5 minutes. Then the safe apps look into that file when they need the info, without asking the “A” machine.
So you don’t end with info that you don’t want to have. But, it remains that it is a burden and a cost to keep it working.
thinking out loud : what if it was distributed ? Say, Bob’s safe app needs to know the temperature in London. It writes a request to a safe shared file : “we need http://londonmetoffice/londontemperature.txt available in the Safe Network”. Alice’s machine, one of the millions machines of the safe network, is connected to clearnet too, and is idle at the moment, so it looks for some job to do for the safe community, and parses the safe file of useful things to do. It picks the london temperature, and writes it to the safe network shared file. Then Bob’s machine can read the temp from the safe file. Bob is happy, and Alice can be rewarded some coins because she helped the community. Her IP is showing in the london met office logs, but she looks pretty much like a casual clearnet user.
EDIT : problem n°1 : Alice can write whatever silly things she wants to the safe file, and make you think it is freezing in london when it is not
Problem n°2 this would be like a Tor exit node and come with the same implications for Alice
I like the approach - and I think there needs to be a plan for getting clearnet data but not sure right now how this could look like
(edit: and I think if we don’t come up with a well usable solution someone else will offer one we surely don’t want and which is worse than just letting apps issue their own calls)
I don’t think it is possible to prevent apps to make clearnet calls, I don’t even see how it could be done, but I think it is important that the browser can not, so that if you are sure you are using the “official” browser, you are safe. So if you are using an app outside the browser , you are on your own, if you are using a web app within the browser, you are covered.
(while at raspberry would be enough for some relays) - but was signaling on the horizon atm?
