Uhh yeah totally. I need a walk me through take me by the hand step 1 step 2 tutoroial for when farming goes live. Will be hard because of different hardware and software but we’ll see how that goes.
1 Like
PAC files are something close to our heart as they are the core of PacketFlagon.is but the point needs to be made that PAC files can be quite dangerous especially if served over plaintext and hosted somewhere that malicious actors can seize.
When we re-acquired https://Immunicity.org after the City of London Police seized it we found that 33,000 people were still using the PAC file. The Police could have been proxying their traffic and if a malware distributor had acquired the domain instead of us then that’s 33k botnet hosts for the taking.
We are working on a small GoLang based local HTTP server that can serve a PAC file tailored to the users threat model and would suggest that the MaidSafe launcher do something similar by having a simple http listener to serve the PAC file locally with differing PROXY / SOCKS statements.
E.g. we’ve published https://brasshorncommunications.uk/safe_proxy.pac for our members to use which will use the MaidSafe launcher for *.safenet and then attempt to use the standard Tor daemon SOCKS port (9050), failing that the Tor Browser Bundle SOCKS bind port (9150) and then finally the normal Internet connection (DIRECT).
function FindProxyForURL(url, host) {
if (shExpMatch(host, "*.safenet"))
return "PROXY localhost:8101";
return "SOCKS localhost:9050; SOCKS localhost:9150; DIRECT";
}
The MaidSafe Launcher served PAC could have a simple slider;
- SAFENet only
- SafeNet + Tor SOCKS
- SafeNet + Tor SOCKS (failback to DIRECT)
- SafeNet + DIRECT
4 Likes
First off, welcome to the forums!
Second off, that’s a very interesting story, and your company seems to have strong morals.
Why use PAC files at all for your service? You mentioned the London police could have easily been routing those user’s internet traffic.
(s)he understands.
Tor is a simple solution and as I’ve said on countless occasions, doesn’t require a single minute of engineer time of MaidSafe engineers.
- If you want to stay SAFE, use properly done SAFE sites. Just like you wouldn’t visit spyware infested pr0n sites (unless you have to)
- If you can’t resist, use this approach
- If you don’t give a damn, use direct access to clearweb
The solution can’t save fools from their own foolishness so naturally there will be continued calls for a SAFE-made browser even at the cost of engineering resources that should better not be wasted on any non-core activities.
We relaunched the service “as is” because that’s how people were expecting to use it. But also because the PAC files in the PacketFlagon system only send URLs you explicitly add (e.g. the ones your ISP has blocked) through our proxies, all other URLs go over your normal Internet connection. This saves us bandwidth and ensures your non-censored browsing isn’t at risk of evesdropping by our proxies.
The relaunch(es) ( The Art of Unblocking Websites Without Committing Crimes * TorrentFreak / Takedown Resistant 'Hydra Proxy' Launches to Beat Censorship * TorrentFreak ) were more about standing up to what we perceived as an overreach by law enforcement than building a better product.
The original owner of Immunicity handed over the domains voluntarily, we however would not and the Police can no longer route that traffic as we have complete (legitimate) control of the domain now. The domain is with a registrar that will not surrender the domain in violation of ICANN rules and the domain does not break any laws.
1 Like
I was thinking about how backwards thinking it is to consider targeting clear net websites while on SAFE. There’s no sense enabling that is there? @janitor I see your point from previous posts about how nsa whatever can share resources and de-anonymize users potentially and completely defeating the purpose of SAFE.
1 Like
Just noting here that normal users, might be put off ‘hacking’ and ‘patching’ something they don’t understand.
Easier perhaps would be to have the MaidSafe Proxy Setting webpage suggest two alternates clearly.
Choose one:
- A pac file that allows access to SAFEnetworks and normal internet.
- A pac file that allows access to only SAFEnetworks.
That second pac, I expect would be:
function FindProxyForURL(url, host) {
return "PROXY localhost:8101";
}
1 Like