I don’t think you are wrong, but I kinda hope you are. I suspect we will be in the scene and maybe defacto become what you state. Our intent though is to search as hard as we can for more decentralised/trustless solutions. Perhaps a community ranking etc. but as we all know, that’s not easy. We can look though.
[edit, I should add your comments are very well thought out and very much appreciated]
I honestly think your underestimating the risk and resources being thrown at attacking privacy netwroks. As we are talking websites and not Safe Network, even if you do host the backend on the safe network that would not stop malware being served through your website in order to de-anonymize the Safe Network indirectly through the back door. The more popular your website the worse the damage to the community would be. Even if you are a good actor do you really want to hand attackers an easy way to take down the Safe Network by just hoping it will be Ok?
Me too ;-). Safe Network is some amazing tech. If it truly cannot be compromised from the inside then the attackers will attempt to go around. Centralised website(s) serving Safe Network software and applications will be the Achilles heel and where they will hit. As simple as a national security letter (or other coercion technique of choice) and a malware payload to be served up. Obligatory xkcd 538: security.
I hope this hasn’t lost its flavor: When Safe Network is launched we gotta set sail and stay where its Safe.
But then someone’s gotta tell the tale to the conventional internet and responsibly; like wikileaks does etc; can you help? @krnelson I’d say you already have by bringing this up 
and thanks, certainly.
Totally agree and used the same argument in regard to this forum/modding in another thread. All websires with this fundamental relationship to the Network/Community should be owned/operated by the Foundation or Community. You can’t in Principle have everything rest on either 1 person or one small unappointed group. Whoever has the app store with Safe Net could just switch to a malware version or fork or something, couldn’t they?
I don’t get all the concern about security in other areas, but apparently very little in this area.
I am certainly no security expert so this is just my 2 cents: I don’t think such a web facing Safe App serving website it has to be too elaborate or complicated, at least at the beginning. I think it is far more important that something is setup from the start and run by a geographically distributed bunch of Maidsafe and community members with no single point of failure. If that is a tall order at the beginning due to time and resource problems then it could be a longer term goal. The main win in getting it going from the beginning is that such a website would hopefully become the go-to place for new Safe network users that search google for Safe Network and Apps, minimising the risk of high numbers of users joining the network with compromised clients through shady hubs (and so compromising everyone else on the Safe Network). Alternative App websites run by others help make the website facing Safe App ecosystem as distributed as it can be on the www of course, but the bar for security and integrity would have already be set high by the Maidsafe Safe app web server.
In the end it is a hack work around compared to just “setting sail and stay where its Safe” (I like that ) leaving the insecure www behind.
@krnelson Keith, I agree with your concerns and hope someone will address them. I think it’s difficult for MaidSafe to do this, on top of everything else, because they have so many important things to do.
So I think their wish is that secure solutions arise with less rather than more responsibility and effort from them. So for now it’s not their focus, but I know they have given it thought and that they have at least some options available if nobody else deals with it.
One is to provide and encourage “SAFE hosted Apps” (which load and run directly from a network share), which David mentioned. BTW, the inspiration for me to start SAFEpress was to provide exactly the same but for web apps (meaning apps that load from SAFEnetwork and run directly in the browser).
That will do for a start, but only once people have the client (launcher), and we’ll still need secure App sources in the future.
I think the community are mostly aware enough to select suitably trustable sources, but there is a bigger risk once the network takes off - mainly from dodgy SAFE apps, and SAFE client / vault downloads from www (much less so from SAFEnetwork). The browser add-on should be safer due to people already knowing to use reputable browser add-on sources - still an issue, but less so. Except for state actors - particularly if MITM were employed.
However, I think the risk of mass infection by www is small. I believe it would only be viable for targeted attacks, for the same reasons it is currently (for technical, operational and political reasons), and avoiding those is going to remain the responsibility of individuals.
So I suggest we need:
The above is just the start, but well within MaidSafe’s capability I think. We then need secure trustable App sources. Such as:
Everything is doable, though will never be 100%. It is the list immediately above that I’m most worried about because it requires a lot of work to set up in a truly trustable form, and we don’t know anyone in a position to commit to these kind of solutions. These though are more to do with on SAFEnetwork, whereas your are highlighting the risks on www.
Keith, have I addressed any of your concerns over www? Or do you still think those are a big concern?
Most certainly great comprehensive overview thank you. The only thing I do not agree with is this:
With each whistle-blower leak, what used to be the realm of conspiracy theory has unfortunately turned not only true but much worse than anyone previously imagined. Mass indiscriminate surveillance and collection is the norm, and the Safe Network will be a high profile target once it takes off. Some recent examples:
Tor attack I referenced previously (emphasis mine) :
…They ran this attack for five months, and potentially de-anonymized thousands of users. Users who depend on Tor to protect them from serious harm.
“…they captured all of the traffic collected… tens of billions of records are stored in its database”
Privacy networks like Safe are high profile targets:
“Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search,”
Crime gangs getting in on the act:
Cryptography expert and author Bruce Schneier said some of the techniques the NSA used to hack routers are starting to be seen in criminal cases, amongst other attack types. Indeed, from compromises of much used but vulnerable mobile applications, to spying on people through their web cams, dark web dealers were already using the same methods as the NSA. “Today’s secret NSA programs are tomorrow’s PHD theses and the next day’s hacker tools,” he added.
I would only add that the Safe Network is only as strong as it’s weakest link, so a relatively trustworthy www onramp for new users appears to be to be fairly important priority. It would be a shame if the network is de-anonymized en-mass as tor recently was simply because thousands (millions?) of new users join the network via one or more shady www Safe App hubs that only get serious traffic because there is no real maidsafe/community approved contender that has taken decentralisation steps necessary to be (more) robust against these kind of website attacks.
Is it really difficult (especially compared to the risk of not doing it)? To start: addons.mozilla.org source is available. Set it up on apps.maidsafe.org with minimal re-branding, assign X system admins on X different continents (say 3+). Any website changes are cross referenced with github mozilla source and auto-verified by all the admins independently using scripts to reduce risk of serving malware from the webpages. Also reduces need to locate server in any special jurisdiction (but there are still better places to locate name servers and dedicated hosting). Sign up as many fairly prominent community members as possible to moderate apps. Unmoderated apps sit on the experimental list with a big warning until they can be reviewed as addons.mozilla.org appears to do.
Far from perfect but it is a quick relatively straight forward start that can be improved on going forward. Most importantly however it gives the community its first fairly trustworthy place to send their friends over https to view Safe Apps that we think they might like enough to try the Safe Network. As it would be the first and most well known right from the start then it will most likely enjoy the network effect and rank first/high on google searches.
Keith, I don’t disagree with that they’d like to collect it all. I think the difference between us is about what they are likely/able to do, and therefore where the greater risks/priorities for mitigation are. I think it could be useful to continue that discussion and clarify the kinds of threat that will be faced, attempt to quantify & prioritise, and then ways to mitigate. There’s an invitation, but by all means decline and stick to advocating how to create an App Store - I certainly think that’s a positive and support it.
The broader discussion is though going off-topic, so if you want to have that too, we can leave this thread for discussion of the App Store solution, and spin off a new topic such as “Types of Malware Risk For Those Joining SAFEnetwork” or something like that. What do you think?
Thanks @happybeing I will defer to your judgement on whether new threads are worth opening for the community to discuss and whether that will help out the Maidsafe team or not. I have probably already said more than was required on the main topic of this thread (i.e. making a case for Maidsafe to set the lead on an App website to mitigate malware threats at Safenet onramps) but will be happy to speak up in any further discussions if I feel I have something useful to contribute. I appreciate the core team is work overloaded atm so any calls to add new responsibilities at this stage are probably not viewed as too helpful - I mainly did so in this case as the first mover usually takes all when it comes to websites like this (this very forum being an example).
It’s not MaidSafe but by Blockstack, though SAFE Dapps lacking any visibility in there for sure!
Would love to see loads of SAFE Dapps in there. Let take it over with the best Dapps going (I’m still learning to make them haha… so hoping to see all your Dapps in there)!