ok. im wrong could you please explain the difference so i can understand it
1 Like
also could you please tell me if vaults relay can also be a relay.
1 Like
The client relays GETs, PUTs, etc through a relay node that gets sent to a ClientManager for verification and execution.
You, @ifindproblems, want to be a relay node.
Relay nodes are vaults with that specific “relay” persona. They relay those GET/PUT requests that the client initiates to act as a sort of VPN. So it’s like you’re getting the client to use your VPN service.
Keep in mind that you’ll be working with rUDP packets (eventually - not sure if that’s implemented in the alpha) and crafting one that would give you a usable attack vector would require that the packet be accepted by the software that’s using that port.
That’s where you need to know about the data. As a relay node, everything that’s passed through you is encrypted with the client’s public key. So unless you want to pass junk packets - that would reflect poorly on your vault/node - you need to figure out what they’re expecting and pass that to them.
OTHERWISE you’re just looking to gpather residential IP addresses and match your skills against a commercial router. I don’t particularly feel like discussing that with you…on the clearnet.
P.S. Instead of posting 2-3x in a row, try editing your post instead. This forum is realtime so all edits will be seen as soon as they’re saved.
3 Likes
Vaults just connect and route messages. No relays. So your Vault tries to connect to the network. Other Vaults assign you an address in XOR and allow you to become part of their group. You can’t choose your own address or group. Several of these Vaults know your IP-address. That sounds like a weak spot but there’s a catch.
When you connect to the network as a client (wanting to browse websites, stores some data) you connect to a group of Vaults but through a relay_node. Think of it as a proxy. So the proxy knows your IP but can’t understand the data you exchange with the client_managers. And the client_managers see your request for chunk “XYZ” but they only know your XOR address.
Jump in this topic to learn more. And in this one. Also search the forum as there’s quite some info how this stuff works.
1 Like
Great. What i would suggest then is a minimum level of security for any one joining the network. Basically meaning that when you install the software a test is run on your network, and if there are vectors it displays them and you have to accept to decline so that the user knows the consequences of joining with weak security.
So…you’re giving up on pentesting the protocol and only going after user’s residential IP.
Called it.
Remind me never to join your IRC server.
1 Like
you start with the weakest point first. so yes thats what i’m doing.
and im sure you know irc severs are alot more secure than home computers
> @smacz has left the thread
3 Likes
these things are important, but that’s PC security and is not really specific to target SAFE. That point could be made for BitTorrent and Bitcoin users as well. When you have the IP’s of the 8 nodes you’re connected to on Bitcoins you could portscan their systems as well. In the hope to steal their wallet.
Ensuring the safety of users computers would be my main priory. i don’t use torrents for that reason. frankly if this was to be adopted by the masses any vulnerability on a users computer could spell disaster. If you want to operate on the same principle as bit torrent that’s ok. I though this was meant to be a step forward in privacy and security.
its seems a’lot of people only care about the data.
Yes it is. So if you see any weak spot in this system, point them out and we can discuss. It’s great to have a lot of eyes on this project. But just pointing out the users PC as a weak spot isn’t really helpful IMO. let’s say you entered my PC after some port scanning and weakness. What would you find that compromises my ID on the SAFE network? You might find a running Vault but that’s not really interesting as it’s not linked to my ID or data. So what would you do?
1 Like
I do understand that, but its the software which is making the connections. If it wasn’t installed there wouldn’t be that fear. You cannot vet every user that joins the network. Its not like someone going to youtube.com. The person your connecting to isn’t a business. There lively hood is not dependent on the security.
Then the only option is to never connect to anything 
. If you look at both BitTorrent and Bitcoin then you might find out things about people. So both the data and coin transfer isn’t really secure. In SAFE you are safe even if your router is compromised as the data only is decrypted on your computer. And with no ledger of the transactions that took place it’s more safe than Bitcoin. So very big step forward. but there always will be compromised computers in both the OS or the hardware. No software project can fix that.
1 Like
Imagine if a youtube sever was compromised, the damage that would do is probably unthinkable. Now obviously not every computer on SAFE will be compromised. and not every computer will be connecting to another but as the network expands this will become more of a problem. And just because the network is small atm and its a low possibility dosn’t mean it should be laughed at.
Because of the way the network is designed a minimum level of security should be top priority
No, more nodes will make the network and data more secure. Each chunks is stored on several systems, so if one node doesn’t provide a chunk a new node is found to take over it’s role. And at the same time another nodes already delivered the chunk. Here’s your minimum level of security in a nutcase.
I think there is a misunderstanding here of how the network works.
If you are able to get into a single computer via either some sort of hypothetical flaw in the SAFE launcher or any other software/attack, this would not give you access to the users SAFE credentials, the users SAFE network data or information on any other users who are connected to the SAFE network.
I do not see how getting into one machine can pose a systemic risk to the network…do you have a hypothetical example as to how this would be possible?
1 Like
Again im not looking the data. Its the fact that residential computers are acting like web severs. They may not be technically web severs but in essence that is what they are doing. to say that it goes through a few relays is not the point im making that last relay is still acting as the web sever. opening connection to users computer. never mind the fact the relays are connecting to each other.
Some one finds a vulnerability in a well used application. any one on the network with that installed is now compromised… If safe wasnt installed and the vulnerability was still there it would be a hell of alot harder for someone to connect
Correct, the vault is storing and serving encrypted data, but not whole files, so if I get into a computer and can look at the vault activity, the most I can do is say “Well that is kind of cool…but now what…?”
At this point, what action could a malicious user take?
Yes, this is true. But when you do look at the data you would notice it’s encrypted. That’s one of the ideas behind SAFE. Servers are hard to protect so let’s focus on securing the data. So please come up with an example or something on how you would hack this thing. Otherwise it’s just a conversation going in cirkels.
2 Likes
Some one finds a vulnerability in a well used application. any one on the network with that installed is now compromised… If safe wasnt installed and the vulnerability was still there it would be a hell of alot harder for someone to connect