Reserve pages for companies when Safe Network goes live?

I’ve been following the Safe Network development for some time. I finally decided to make an account and ask some questions . My first question is about the equivalent of ‘domain name registration’ on the Safe Network. In the USA (and I’m sure other places as well) there are laws on the books about domain name squatting. This works all good and well in the centralized WWW of today where there is a real person you can go sue, but if anyone can register any page they want, someone with some SafeCoin on the day the network goes live could register google, facebook, etc. Once it is created, they own it, there is nothing anyone can do unless they transfer it. Personally, good for that guy for registering those domains and holding those companies hostage… but I think this could be a good opportunity for the Safe Network.

My proposal here is that when the network goes live, MaidSafe the company pre-registers a boat load of these types of domain names. Things that exist on the old web and companies that exist in the real world. Mind you, there is no way to get everything, but a pretty solid list of medium to large companies shouldn’t be too hard to identify. These could be classified as ‘premium’ domains that need to be ‘purchased’ (with Safe Coin of course!) for a small ‘registration’ fee from MaidSafe the company. As a prerequisite to transferring the domain, a meeting needs to be setup to discuss the terms of the deal as well as what the Safe Network can do for them. This would give a sense of legitimacy to companies/governments that are used to dealing with rules and regulations. It would also be a great marketing opportunity for MaidSafe to show just how amazing this system is.

I envision when the network goes live, it will be a bunch of techies that get it going, underground so to speak, sort of like bitcoin. It will take several years for word to spread and be recognized by the corporate world. So when it takes off, these companies will realize that their ‘space’ was saved for them, ready for them to develop their application or sell their product. At the same time, your retail internet consumer will finally hear about this new “internet” and hop on. The first thing their going to do is go to their favorite search engine and social network site. If these exist with the names they’re used to, it will feel more like home.

What do y’all think?

I think this is your best point. I’m not sure we should do those big tech companies any favors but to your point it would be a safer environment and to the benefit of the network and users of those apps but with more control of their data and less spying. These companies would have to entirely restructure though and these Goliath’s probably won’t want to change so willingly. We would likely have more success just trying to provide the same services as best possible, also for free, but without the spying or siloing of the users data.

I suppose I’m impartial on the subject but I’m glad to see you starting a conversation!

It’s not only or even mostly about doing the companies a favor, it’s all the regular users who would go to those domain names, see a page that looks authentic and type in their existing password when the page offers to ‘transfer their account to the new safe network’ or whatever claim the domain squatter comes up with, at which point the impostor has the users credentials and can high-jack their account back on the old internet.

So getting a list of the top 1000? most visited domains and setting aside the safe network version before launch would prevent all kinds of scams, fraud, and privacy breaches.

Those companies / sites could then contact Maid Safe to get the domains transferred if they were interested but that would really be a secondary benefit.

Scary vision. That kind of stuff is quite bad for people and a PR nightmare for a network that is supposed to be safe.

In general the name Safe Network sets high expectations and can easily turn against itself if those expectations are not met . And those expectations are based more on the general meaning of the word safe - not on the knowledge of the spesifics of Safe Network.

That would be horrific, agreed and also a hard lesson learned that there are no passwords on the network besides your network login. I would hope there would be a bit of a campaign to educate on network wide sign ins, best practices etc, right from the Safe Browsers home page. That might be useful. cc @JimCollinson

Would suggest top million… lists available for most of those and then a simple proof of owner by posting confirmation on their unsafe domain.

A count of those mapping across would be nice to see.

Perhaps should hold for a few years option on this, expecting reasonable time to catch on importance of securing the safe name.

I think these are valid concerns and similar ideas have been discussed at length of course.

I’d love it if we could build a place where everyone will be Safe, free of scams and where everyone is free. I don’t think that’s possible.

Just suppose we could solve this one, there will still be an endless number of other ways to trick naïve users, just like now.

Risk is one of the necessary features of freedom. The freedom to operate in bad faith as well as good, so I think that we are going to create a range of things that will include Safe spaces and freer more risky spaces. New brands, more decentralised and more variety, and it will be an opportunity for those who want to bring out the goodness m humanity to make sure the things we want exist and can be found.

For DNS, it is indeed troubling because it’s easy to see some of the downsides, but it is not solvable at the network level AFAIK. While at the same time it is something that anyone can solve with their own namespace which others can then opt into, or which we can all come together to solve.

I think there’s an opportunity for us to build new ways to tackle this such as a networked index that works better than a fixed DNS. I think that’s very exciting and I’m glad people like @david-beinn have got their teeth into this and have ideas for how to do it. Possibly also @Seneca will have input into this area, and others of course.

but the key is to empower the user. So, there is a question perhaps how or what can be done to support awareness.

I don’t know if some registry would help that paired with a unicode confusables resolver, would help avoid at least url names not being mistaken. A registry perhaps, just a route to confidence and to be seen what is possible for trusted assessment of content and the like. That could be an application rather than anything network of course.

I think the network isn’t ready to have a domain naming system until it has smart contract capabilities.

I think the OP is basically an argument for multiple (many) TLD namespaces instead of a single global namespace.

afaik, domain squatting is much less of a thing now in regular internet with the 100+ TLDs that exist than back when it was basically just .com, org, .gov, .edu, with .com the most favored.

A hybrid system could also be possible. Eg, reserve say 1000 short top level names at launch. At some point (initially or later) make them available for subname use. There would still be a gold rush for TLDs, but at least it offers a path forward for companies to claim a matching name under one of the short reserved names.

I believe this was all discussed/debated previously, but I wasn’t around for those discussions, so I’m not quite sure how we ended up with a single global namespace.

Interesting thread about icann TLDs on hacker news today, including list of all of them.

https://news.ycombinator.com/item?id=24436717

Welcome! Great first post!

I’ve argued for this position in the past and I think it is absolutely a good idea, for 2 main in reasons:

1. If Maidsafe don’t do it, someone else will.
2. If someone else does it, Maidsafe will not get the financial gain or ethical control over these key names.

If there was a code of ethics around releasing the names (maximum cost, release upon corporate request, money reinvested into the network, etc), few would see it as profiteering. If the money was spent on the network, it would seem like a virtuous process in general.

To make it less opaque, the maidsafe foundation (non-profit, charity) could hold the domains to foster future growth and protect the names and the network from abuse.

Failure to take this step will see an immediate interest from squatters, who will race snap up all the names, in the hope of extracting big money for themselves. It is inevitable. This would not benefit the network, as many companies would be put off for good (or until a distant future). The money would also not go towards network improvement.

I know Maidsafe don’t want to be involved with this stuff, but it is for the health and prosperity of the network in a multitude of ways.

This is hugely important too! 100% agree.

Folks need to be able to trust the network. There is no point having layers of encryption, anonymity, etc, if people just get conned the old fashioned way on day 1.

I think we have to look from the user’s perspective. The average person is going to type in google, facebook or whatever. They may even type www.google (as they have been trained to put www in front). Perhaps they will throw in a .com on the end, as they are used to that too.

If a squatter registers all these combinations, for pennies, they are going to catch a lot of people out. Slap up a login screen and they will be gathering access credentials with very little effort. There won’t even be a wonky padlock in their browser to save them.

As much as we want to decentralised everything, transitioning may take time. A hybrid which helps people to navigate safely on the early years will vastly improve the user experience, imo. It is also an opportunity for reinvestment into the network, which will surely be needed.

Average user, yes, but I could also see myself doing this, if having two browsers open, one for Safe, one for Old. You know, a bit in hurry, you are typing, someone interrupts with something, you continue… oh, what did I just do?

I’d like to see a proof of concept for these apps using the new APIs because I don’t think they are feasible in the way it is being suggested. Safe is designed to prevent apps doing stuff like this, so we could use this example as a way to test this theory, and the network’s design.

Who’s to predict if the top X are still the top Y in a years time?

At what point does Maidsafe stop reserving domains automatically?

Why does company at position X+1 get to get squatted?

This all seems to heavily favour the incumbents.

If we’re talking user protection, this could be done without reserving domains. NRS is essentially application logic anyway. It is not baked into the network.

Perhaps a warning “This may not be the google.com you know and love” may be sufficient?

Perhaps a registry of pointers that bounces forward to whatever is the true mapping from unsafe domain to new safe domain.

Or like browsers now that you set your search site that the browser uses. The browser can then have a default search that is used when installed and then the user can add a preferred search engine.

That seems to be the major issue.

The search engine used can also have a mapping so when the user want www.popular.site then the search engine used can map that to safe://XOR for the corresponding site. That requires a trust of the search engine. A mid way to a 3rd party DNS

I’m late to this thread after a day off, so I know you’ve already touched on some of these things, but let me circle back a little and mention a few things that might not immediately be obvious for newcomers, and also give you my perspective on solutions to the OP’s concerns.

First off the Name Resolution System (NRS) for the Safe Network, as it’s currently proposed, works slightly differently from the clearnet, in that there are no TLDs. If you own the Public Name, e.g. google then you can create as many subnames on the front as you want search.google real.google safe.google etc.

So if a scammer wanted to try and phish by mimicking a clearnet site, then they’d probably want to snag Public Name that replicates a TLD, e.g. com net gov etc.

So if MaidSafe were to pre-register anything, it would likely be to snag all the existing Ican TLDs, and maybe just lock them out for good. Although once new TLDs are introduced on the clearnet, the issue crops up again.

This is how the NRS works at the moment. However, to take you into another parallel discussion there is another proposal that it works differently, addressing other UX issues, which I would favour.

If we go down that path then the issue around pre-registering Public Names for brands comes up again. But to me, this goes against the grain of creating a permissionless decentralised internet, creating a form of centralised authority from the off. And there would be a lot of burden and risk for MaidSafe to administer this… how do we authenticate people, what if there are disputes, do we turn into ICANN?

It’s just got a bit of a bad smell about it to me.

But hold on!

The Safe Network has got a bunch more tricks up its sleeve when it comes to getting a user to the right content, namely Linked Data.

A site you visit, or any name you put in the browser, will have a bunch more information surrounding it than simply the URL. It will have a SafeID profile, a history, and other metadata which can be socially linked; so if a bunch of my friends, or a certain group I associate with, or a list I subscribe to, are comfortable visiting and using the site, then I can feel safe doing so too.

This can also allow the flexibility for a Pet Naming system down the line too, socially powered. So if most people, or all my friends, call a site google then that’s what it’s called, and what I can type in the address bar.

So really, a URL is only one element of what makes a site findable, and verifiable, and it may not even be the predominant one.

(if you’ve got the time for it there is a mega thread over here, that discusses many of these issues and ideas too).