It’s not so much about trust as discrimination and convenience or ease of use.
An xor URL carries no useful information, cannot be recognised and is impractical to copy or remember for repeated sharing.
An NRS URL gives clues about the probable origin, likely result etc. and can be typed, recognised as sensible or suspicious etc.
I think people are using urls in the following ways (off the top of my head):
Readibility important:
Readability not important:
Scenario 1
Let’s say I am in a chat room. If I share a bit.ly shortlink I might get kicked or banned, as they will asume it is either spam or some kind of a drive-by malware.
However if I share a well known domain such as youtu.be, they may let it pass because everyone knows it will be a harmless video.
Having a recognizable and readable domain helps to build reputation, and for those who have a keen eye will be able to realize if someone is attempting to phish with misspellings for example.
Scenario 2
I am at a networking event but I didn’t bring my business cards. I want to tell people my personal website. Makes sense to tell them to go to safe://piluso/ rather than memorizing a random string of numbers and letters.
Scenario 3
I am operating a banking app or a corporate network accessed from the SafeNetwork.
How will the user know or verify that they are not accessing into a phishing site? We can’t expect people to be able to memorize a random string.
I can tell the difference between yahoo.com and yah0o.com
But how will I be able to remember alksdlskfdjsfd894843rnjsl from xyehaldj628hahkkd5284j ?
Scenario 4
I just want to go to that funny website, I remember the name and I type it. It is easy mnemonics.
Random strings to remember my favourite website, no way it will happen.
I honestly thought NRS was always self validating, it also makes it easy to receive payments and emails imco. Would it not be possible to have a combination of both deterministic addresses and NRS?
I kinda get the feeling that we prefer trusting things and ease of use over security.
Taking ```https://fluffycosycorp.com`` to always be fluffy and cosy (maybe they tell us “do no evil”) seems to be a preference over trusting things from folk you know of things you can verify.
So NRS seems to be a must have or network death scenario, but I am not convinced personally.
However it is possible to have many versions of NRS and also deterministic addresses too. NRS can be fully client side and if we trust the client implementing it then perhaps all of the above comes true.
Perhaps the key is to allow NRS (we cannot deny it anyway) and let people decide to use one or the other and trust one or the other and also trust the domains underneath it don’t get taken over or become evil? Maybe it’s not much different from trusting people?
I find it fascinating though, either way. Utility or security, metadata plus a url or try to encompass metatadata in the url, it’s all interesting to me. I wonder if an xor url with metadata is enough, can folk trust the metadata, they will trust the filename by the looks of it, maybe because the TLD is trusted at some point.
I need to think much more on this one as I feel utility over security is something people would go for quickly and that is likely true given the current Internet.
Sleep beckons though 
//still brainstorming
/still thinking
Think how today people don’t memorise phone numbers, they link the number to a known name (contact) in their phone. Phone numbers themselves today are unmemorable strings. We link these strings in our own vault (phone) in ways where we name them what we want.
I wonder is that it, NRS or DNS is a global mapping of strings to names? We all accept that mapping as it’s done for us. (thinking)
Phone numbers are a maximum of 10 digits. It’s easy to record, then assign a memorable name to. If you could keep url’s (NRS) down to that manageable size it might not be an issue. But could you?
Yeah, wasn’t there a proposal a few years ago about something along that line? About locally storing domains or bookmarks? I forgot what it was called…
But I digress, my worry is that if there are only xor urls, wouldn’t that force people to adapt to a new way of doing things? That could cause friction, and if the objective is to incentive adoption (as in adopting it in their existing workflow)
After decades of doing things in certain way, it could be shocking for the layperson to have to add extra steps to do something that used to be simpler in the clearnet.
Look, for example, getting new Bitcoin/Eth addresses from new people adds some stress because I must check the characters AND check the network before saving it to my contacts and AFTER saving it to my contacts. This last step is necessary because there is a malware out there that took advantage of this inconvenience by switching Bitcoin addresses in the clipboard when you paste it, and many people got robbed this way, because there is no way to know if it got switched at first glance unless you are painstakingly reverifying everything.
Once it is saved it is easy to just click on it, but it is a royal pain in the butt to get to that point.
This is why some crypto exchanges are now offering to create a personal link to receive payments (between users of the same exchange) to replace the need of using crypto addresses.
Argentinean banks also are using aliases in lieu of the bank account numbers (instead of carefully typing 16 digits, I can set up two or three words that will identify my account. If no one else is using that combination of words, the bank links it to my bank number. If someone asks for my banking account, I could instead tell them to send it to the alias apple.mango.juice)
So instead of random looking strings, these were easily recognizable words, you wouldn’t even need to be comparing, checking, and double checking, you can visually realize that something is wrong if you made a mistake. If I am copying chase.com and when I paste it it says wix.com you can immediately realize something is terribly wrong.
I wonder why the NRS in the Safe network a security risk? Why would a “global mapping of xor urls to aliases” be controversial?
BTW one thing to consider, if NRS is implemented, it would be great if something could be done to prevent homograph attacks.
Maybe by detecting Unicode homoglyphs and converting them all to ASCII (or just blocking Unicode altogether) and maybe only allowing lowercase so there are no attempts of using O/0 and I/L to spoof names.
yeah, I’m not convinced NRS is necessary for launch myself either. I was going to comment about that earlier, but then I thought about this trusted-owner-curation issue, and decided to post about it instead.
it’s fun to play devil’s advocate, both sides. So here’s some arguments against launching with NRS:
I agree, this conversation has been terrific so far and my underlying feeling is that we have an opportunity for a new way. Instead of abdicating the responsibility for owner controlled data sets we have individually addressable data and can instead promote globally accessible data.
However the arguments for DNS type controls are compelling, but I feel some are this is how we do it and we cannot change. Other arguments about the physical utility of finding stuff are also compelling, but again we cna find that stuff if the owner of the DNS name does not decide we no longer can.
The arguments regarding readability or ability to remember an address are also compelling. Again though, we can call these files anything we want, we can even include metadata to default a file name to a thing we can easily read and remember if we want (I don’t know how to remember the names of files with so many files now available to us).
So I agree @danda this NRS/DNS is interesting and getting to the bottom of what it means is interesting.
First time for a while I wakened at 5 and was thinking hard about all of this. I wakened to think, well the Internet before DNS was a bit like I am talking about, then DNS came, then web sites, then explosion of use cases. Again though the WWW was based on documents with a root and links to the rest of the content under that root (of course links to other document on the web too). For SAFE each bit of content is directly addressable. So the WWW had no choice really but I wonder if we do? Is there a better way?
What I mean is this.
I have safe://davidirvinesmusic it’s great and folk get my collection of music and love it. Then I get a VC on board and monetise the site. An access page is created and … the usual.
In SAFE that is not so bad as long as we did not rely on the Irvine chap to remember all the file names for us as any of us can recreate the whole site in a. few clicks, keep it open. But we had to remember the files and not abdicate that responsibility to David. Why would we do that when it’s simple for our computer and software to remember all the files?
Maybe the difference is content addressable new network being compared to a document root based old WWW ?
Of course in SAFE we could go to any version of the DNS And we can get back to the free stuff, but humans being humans will choose the easiest path and the new DNS (registers entry) I feel. So SAFE does mitigate the gatekeeping with a little work form the user in choosing the register entry for that “site”
Do I trust my friends will help me when needed? YES
Do I trust a bit.ly/something link from my friends? NO
Do I trust Google is the good guy? NO
Do I trust youtube.com/something link is not porn? YES
Same as security, trust is not an on/off switch, it is a process of evaluating situation and reacting to it, and to make right decision you need information. DNS is not a perfect web of trust, but it is useful tool because it gives at least some form of trust/information.
I believe safenetwork can be fine without DNS, but we need other sources of trust, “I know that guy” is definitely not enough.
I agree. I think it’s more than that, some kind of graph structure, more than web of trust though.
FWIW I think this estimate is significantly off. I think we can count it in months rather than years.
It’s important to be building to meet the the threats—and proving the benefits of an alternative—right now. Waiting for until it’s visible we’ve gone over the tipping point and it will be far to late.
We’ve already had that happen with privacy as it relates to corporate control… let’s not make the same mistake twice.
BTW, the NRS or no NRS question I think is a bit of a distraction.
We can all see the benefits of such as system.
The question is: is it a requirement for launch of the Network? Is it needed even in an MVP?
And the answer is no. We can do great things without it, and provide value. And then allow further enhancement later on.
I would say the risk already there for few years. As soon as any server/service/database is big enough it is actively scraped from many entities. Nobody cares about legality, corporations are either building AIs already or hoarding data for future use. Good example is the recent uproar about rate limiting on Twitter, but it happens everywhere on the internet.
I feel this is the timescale we are talking about, if not already on us.
My sense is that NRS goes hand-in-hand with the browser (although could be useful for other applications). Given the browser is not necessary for launch, in that context NRS could come later.
The focus on launch is clear and obvious.
Is there a technical challenge with implementing NRS with the new network tech, or is this really more about time and resource which would be a distraction from launch?
I’m sure there are legitimate questions about whether services and applications such as NRS and a browser should be handled by Maidsafe, or left to other developers. I believe Maidsafe could provide the necessary standardisation, and already has the skill and experience.
My feeling (I’m mostly replaying comments previously made by others over the years) is that post-launch, the following would be a welcome addition to the functioning network:
As with everything, the Maidsafe team always find new ways to surprise and delight, so looking forward to where this thinking ends up. I know it will end up better than can be imagined.
I think you will be delighted and excited. I know I am.
Can you clarify “it” because I think there’s a big difference between a personal AI service, even a self hosted AI and something that is consistent with the fundamentals of Safe and accessible to the masses.
I’m sure there will be lots of ‘personalised’ AI services, maybe in months maybe not - but are they relevant?
I don’t currently see a path for the masses to using personalised, decentralised AI (consistent with Safe fundamentals) so if you do I’d be very interested. This is one of David’s side projects isn’t it?!