Is this right? Thoughts please

I saw this in Facebook group and I would like to know if there is any truth in it.

SAFE Network currently also requires you to trust the developers. It’s not
provably secure although Rust is much more easy to secure than C++. I
have not done any static analysis or other tests but the chance for a
zero-day does exist even if it’s minimal. You also have the very strong
possibility that there could be ISPs colluding to target certain people
or that governments can make law enforcement nodes like thery do with
So if you ask me, I would say assume every
hardware electronic device may be backdoored by an intelligence agency
or several. Assume every piece of software which you run which has not
gone through the correct by construction formal verification process to
be a black box which anything could be going on.

Turing complete is not a good thing for security. Centralization of hardware
manufacturing and the lack of Trusted Foundries only makes it worse. You
have to secure the entire supply chain, avoid Turing complete, and
follow the correct by construction development paradigm.

C++ would have taken maybe millions of lines of code and would have still
been very buggy. Rust is a lot less buggy so the risk levels are
reduced. Formal verification and correct by construction reduces risk
levels even more. Fully functional dependently typed programming
languages decrease risks the most on the software side because then
everyone can know exactly what the software can do.

My opinion is SAFE Network will give you a magical sense of security and
will be able to evade law enforcement for a time, but that time will
eventually run out and the determining factor will be based on how much
law enforcement is willing to spend on countermeasures. If SAFE Network
is abused and seen as a tool of evil then law enforcement will easily
demonize the whole tool and then build countermeasures to it just as has
been done with Tor.


It is pretty much all true… for any piece of software ever written.

So a more useful question IMO would be: how does SAFE Network compare to alternatives?

Well, it vastly reduces the amount of code that needs to be reliable and secure: not least by eliminating all the vulnerable spots that exist for everyone using the conventional internet infrastructure - which must amount to tens or hundreds of millions of lines of code much of it closed source, and running on computers and routers that you don’t own and can’t check. SAFE uses much of the same infrastructure, but in a way that all but eliminates security and other (eg DDoS) risks from compromised routers and servers.

The very small (relatively) amount of code that operates the SAFE network protocol is written in one of the safest security oriented languages available, all open source, and so very much easier to trust than anything that relies on http/ftp/dns etc.

As for not trusting the machine you’re running it on, well of course.

Nothing will ever be 100% secure, so the question is what is the most secure, and what is the appropriate level of security for your purposes. For most people, SAFE Network provides a really simple way of moving from a system (the internet, web and centralised storage and control) which is terribly insecure, to something that by comparison is bullet proof.

As for it being demonised, well we can all use it until then, and as long and it remains a viable option.


It is an opinion and valid as an opinion I would say. Formal software verification is multi faceted from SPARC like languages with provers to audits by humans ( not so much formal logically but adds something). For me reduced code base, easily readable and well documented goes a very long way. I would like to see tests more formal over time and complex tests to have their own test suits. MySQL does a good job of testing to oblivion for instance. I think it is trust those who have viewed the code as well as developers. A great thing will be to make those developers a huge team and many anonymous, we already pay for code fixes anonymously via BTC And do not want to know names of contributors unless they tell us. That extended would be nice, of course code review is paramount as well as only accepting small pull requests.

Making good use of a strong type system with traits or concepts (generics really) also helps a huge amount. We have recently fired rustformat to keep format consistent (important for eyes on checking) and also a new library in rust called clippy. We run this in pedantic mode to at least try to ensure fewer bugs and malpractice. None of this is conclusive, but then again look at the whole industry and even glibc at the moment (that is a much bigger problem that currently realised I feel).

So the best we can do is great documentation, easy to read code and also again (I repeat this a lot) no ego, so when mistakes are found we attend to them openly. We have had a few bugs caught by community members so far.

I feel as the system rolls out there will be even more validation of the code base and improvements we have not seen. We, ourselves, have many things we want to achieve and we will over time.

So in essence I would say this is a decently presented opinion and whilst true of any project it is also valid critique of SAFE and it’s apps and app builders. Great thing with open source is we see these improvements and bugs, find them and fix them.

In terms of the political part of government shut-down etc. then I tend to not get into that, can be a bit WMD in many cases.


Here is another thread with some great info on security…


I would say the implications implied by this statement is at best overstated. Only a couple of countries have prosecuted a TOR exit node, the rest seem to understand what a TOR exit node is.

Also law enforcement will get less information out of controlled nodes of SAFE than they would out of TOR. A lot less. They would likely have more success by visiting every house in the country examining each computer. But we know how difficult that would be.

With a lot of things there is always risk, but one has to examine how likely is that risk. ISPs colluding? It would take the majority of ISPs in a majority of countries to expect any reasonable success in hijacking anybody’s SAFE. But how likely is it to get the majority of ISPs in any country, let alone 5 countries, and a lot less to get a majority of countries. I am more likely to be killed by a shark bite, or a Tasmanian Devil bite.


“A great thing will be to make those developers a huge team and many
anonymous, we already pay for code fixes anonymously via BTC And do not
want to know names of contributors unless they tell us. That extended
would be nice, of course code review is paramount as well as only
accepting small pull requests.”

Perhaps Code Valley would be a good fit for some of the work you need doing. It looks like an interesting project to me:


Hey, this was very helpful, informative and honest. I like the point regarding comparing alternatives. I will relate these comments to my friends and colleagues.
Cheers for taking the time to respond.


I am not coder myself so I can only follow it up to a point, however, I will relate your words to my Facebook colleague who the wrote this opinion. I am an artist/illustrator myself with some tech knowledge and I am a big believer in the SAFE idea and have been promoting it to all my friends and colleagues, some of whom are coders of whom seem skeptical so I will relate your reply to them. I appreciate you taking the time to respond.


Hi, yeah your comment make sense to me, in fact some of what you said I more or less relayed the same to the guy who wrote the opinion. (especially about the visiting every house in the country)
Thanks for taking the time to reply,
your comments were rather comforting and reassuring and I will relate them to my friends and colleagues whom I am trying to persuade into coming over to the SAFE idea.
I love the shark bite analogy by the way