1) “homograph attacks” (“sạfe://” instead “safe://”) 2) download false safe components 3) IP leaking when using the Firefox plugin (the original topic)
and that’s my 2 cents to these topics:
1) good point @19eddyjohn75, but I don’t think this will happen. To a “sạfe” protocol work, you’ll need to install some extension to deal with. But then, why an attacker would create a fake “sạfe” protocol (which you can notice), if he can override the official “safe” one and you’ll never know?
2) at some point you’ll need to download safe software from the normal internet. The software can be compromised, of course - this is easy to do: your provider can do this - by government coercion or not, I can break the provider router on the street and compromise it, I can break your home router and replace its firmware remotely, and so on. But as pointed by @janitor, we already have a well tested mechanism to deal with this: it’s the md5 hash.
3) 2 ways to mitigate this concern were proposed here: a) to show some warning: my recommendation is to use the extension’s “welcome page” (<homepageURL>), which is displayed after you install the extension, to display a warning that the extension by itself doesn’t provides anonymity.
b) the other solution was proposed by @neo, which is to automatically disable http/https connections. I hope that I’m wrong, but there’s a big chance that extensions can’t do this. In this case, as a workaround, maybe the extension can generate a proxy entry to nowhere (“null route”, “blackhole route”) and switch to this proxy on “safe” pages - this way all http/https traffic will be disabled.
[quote=“dyates, post:21, topic:5996”]
I don’t think this will happen
[/quote] What we see/think/believe can be funny
In the future we might be fooled by opticode illusion. If you redirect the naked url http://maidsafe.net to http://safenetwork.maidsafe.net, which can show up in the browser as safenetwork.maidsafe.net. How will a normal or new user know if they’re on the SAFE Network, when right now some people on the internet don’t even know what a url is?
When we talk about apps, things like url/protocol simply fade away, but what will ensure us that we are where we think/hope we are, on the SAFE Network?
I just hope that browsers like Firefox & Tor will support the SAFE protocol, then we don’t have to play around with plugins. Let’s encrypt got a great response from all major browsers, hopefully the Maidsafe Foundation can work with the EFF/all major browsers to do the internet the best way possible.
Hehe, in order to be packaged, the s/w has to be written first. Also you wouldn’t want to install a signed package (even though it’s signed) by a person you don’t trust. The assumption is that you’d trust the signature of the people who wrote the s/w (MaidSafe) and once the s/w is deemed ready for mobile (power consumption-wise) I’m sure they’ll package it.