SAFE Network Fundamentals: Context

There are certain principles that have driven every stage of the design of the SAFE Network ever since the project started in 2006. In that time, the SAFE community has grown and we’re delighted to see just how many people and projects have come to recognise the vital importance of a global, secure and private decentralised platform for storage and communication.

A few weeks ago, we shared the SAFE Network Fundamentals with you. Each of these statements is necessarily wide so today we’re adding a little context around each to help communicate the scope of the vision to everyone, regardless of background. We’ll be adding these to in the next couple of weeks so please feel free to ask any questions in the meantime if any of this is unclear.

1. The Network will allow a person to create an account and login anonymously and without intervention. Creating a new account and logging into the Network will never require a third party. Those processes will always be carried out directly between the User and the Network. It is worth noting that (for technical reasons) account creation may require the presence of Safecoin in the user’s account in certain circumstances (if this, for example, minimises the possibility of one entity creating millions of new accounts to attack the Network).
2. The Network will allow Users to securely and with no controlling intermediaries share information and messages. The SAFE Network will never have any third parties who have the ability to either read or store the information sent by a User (unless that user consents in some way).
3. The Network must allow the transfer of Safecoin to any User free of transaction costs. Each User will be able to use any of their identities as a wallet address in order to be able to send and receive Safecoin.
4. The Network will allow Users to anonymously create and share data worldwide. The Network will always ensure that the User has the ability to send transaction messages and posts with a temporary and single-use ID that is not linked to any known identity on the Network.
5. The Network will allow anyone to browse content anonymously and free of charge. It is crucial that the new decentralised web is without barriers. One of the most important foundations for a global, collaborative platform is that anyone can access public content for free at any time without the need to create an account.
6. The Network will allow Users to associate multiple identities to their account. Each Client Account manages information about the User which will include several identities. These identities are likely to be cryptographic keypairs.
7. The Network will allow users to use any of their identities to send/receive Safecoin. Each individual must be able to use any of their identities as a wallet address in order to be able to send and receive Safecoin.
8. The Network will store data in perpetuity. All public/published data on the Network will be immutable and available on the Network in perpetuity. In exactly the same way as the Internet Archive stores versions of website that were published with mistakes, it will be impossible to delete any data from the Network after it has been uploaded. That does not mean that you won’t be able to change data - you will be able to make append-only changes, i.e. historic, earlier versions of data will always remain stored on the Network (whether they are accessible or not).
9. The Network will never require passwords to be stored on the Network or on the machines used by the Clients to access the Network. The Network itself will never hold passwords as this is a common cause of data loss. Instead, a User will only ever be required to enter a password locally on the device which they use to access the Network.
10. The Network will allow any User, on any machine to access the network and leave no trace of that User on the machine. The Network must ultimately be accessible to any User on any device. When that User logs out from the Network and leaves that machine, there must be no evidence (other than any software downloaded to access the Network, such as the browser) that shows what activity the User undertook on the SAFE Network.
11. The Network will scrub all Client IP addresses from Hop 1 of the overlay network (i.e on SAFE). After a User has started to communicate directly with anyone else after the first SAFE Network node that it connects to, the User’s IP address is scrubbed and untraceable. For clarity, we are using the phrase ‘Hop 1’ to refer to the transfer directly after that connection to the first SAFE Network node (not the hop that may take place from your computer to your home WiFi router, for example).
12. The Network will only accept more Vaults when it needs them. Like any species or group of organisms, unbounded growth leads to demise. The SAFE Network could be attacked by a bad actor simply adding millions of nodes and then closing them down (or worse). To help prevent this, the Network will only allow new nodes to join when it needs them. This also nicely slows any attacker and dilutes them with good actors also trying to join. The Network can then balance supply and demand as it sees fit as opposed to relying on external controls.
13. The Network will increase farming rewards when it needs more resources (Vaults) and decrease rewards when resources are plentiful. If the Network simply accepted any Vault that wanted to join, it would likely either be targeted by a botnet attack or an attacker might attempt to set up an overwhelming number of malicious nodes initially whilst the Network size is small at launch. The Network must be able to balance this supply of Vaults itself to avoid there being a large number of nodes that have very little data, as this would push the farming rates down.
14. The Network will rank nodes over time and increase trust in higher ranked nodes. A crucial part of Node Ageing (one of the ways by which the SAFE Network prevents Sybil attacks) comes from the fact that the Network is designed to only permit the most trustworthy nodes within each of the Close Groups to vote on the decisions in the Network.
15. The Network will not have servers (according to the usual definition of servers). The SAFE Network will never rely on Servers (as the term is traditionally understood) as to do so introduces a third party weakness that undermines the entire Network.
16. All transactions on the Network will be signed digitally. By ensuring that all transactions are digitally signed, the Network is able to ensure that the transactions have been authorised in accordance with the rules of the Network.
17. The Network will ensure that client-to-client direct messages are free. The Network will charge however for client-to-client messages involving traversal through the SAFE Network. Clients are software programs that allow users to connect to the SAFE Network. There will never be charge levied by the Network if messages are sent directly between two Clients. However, any indirect messages that are sent between Clients that involve travel across the Network will carry a cost.
18. The Network will never use time as a network tool (although nodes may use local durations). There is no concept of time in a decentralised network such as SAFE unless it reaches out to centralised servers and services. SAFE uses a completely event-driven paradigm to circumvent the need to try and synchronise and then use time periods as valid tools on the network. These periods require magic numbers which would need to be set by developers and this is something the Network avoids with rigour.
19. The Network will only ever use encrypted services and encrypted traffic. Services or traffic must be encrypted if they are to be used by the SAFE Network.
20. The Network will allow real-time upgrades in a secure manner (i.e the Network will refuse upgrades that could break it). The Network must be able to roll out improvements which are compatible with at least the previous version of the Network software, in order to ensure that the new iteration is an improvement in practice. As this will require significant effort, each node may run upgrades in parallel to existing working code before upgrading.

|A.|Safecoin is the unique incentivisation mechanism built into the SAFE Network. All Safecoins are recycled when they are paid to the Network in exchange for resources. On launch, Safecoin will be distributed as follows: (1) Pay the creators of the Network (MaidSafe shareholders) 5% of the total Safecoin; (2) Pay the 2014 crowdsale investors of the Network 10% of the total Safecoin.|
|B.| Safecoin will be distributed on an ongoing basis: (1) Pay Vaults for providing service (85% of rewards); (2) Pay developers who produce apps that people use (10% of rewards); (3) Pay the maintainers of the Network code (5% of rewards)

Note: whilst the above explanation is a handy approximation of the split, the rewards will in fact be dynamically adjusted according to the Farming Rate determined by the Network:-

  • Farmers who run the Vaults are paid at 100% of the Farming Rate for all GETs on the Network - i.e. 86.95% (100/115) of all rewards .
  • Application Developers are paid at 10% of the Farming Rate for all GETs on the Network (that relate to their applications) - i.e. 8.695% (10/115) of all rewards .
  • Maintainer Developers are paid at 5% of the Farming Rate for all GETs on the Network - i.e. 4.348% (5/115) of all rewards .

Edit (01.02.19): We realised that the original no.19 (The Network will not use any clearnet service) is actually already covered by the original no. 20 (The Network will only ever use encrypted services and encrypted traffic). So we’ve removed no 19 from the list. The result is that 19/20/21 now become Fundamentals 18/19/20 as from today’s date - i.e. 20 Fundamentals in total.


For no.17 would the free messages sent between clients be sent on the clearnet? And the charged messages sent on the safe network?

1 Like

Should we mention PtP??


Thanks for a good, succinct explanation of the thinking behind the network. This post does the job pretty well as far as I can tell.
The only point I’ve always been puzzled by is number 8. Is keeping all the data necessary to secure Safecoin and the network?
Someone just told me the other day that the CO2 emissions of all the world’s data centres now exceed those of all the world’s flights. I know many aspects of the Safe Network will significantly help to diminish this burden, but we’re producing data at such a rate now, and keeping it all, including that which is no longer accessible, does seem somewhat wasteful, and possibly unsustainable.


Hey @scottefc86, no the client-to-client direct messages take place on SAFE


@Nigel as I know you’re aware, there’s been many discussions around PtP over the years with a number of well-argued views on both sides - so given that history, it felt like a topic that we’d probably be best to return to in the future - as opposed to stating it today as being a Fundamental in this doc. Hopefully that makes sense!


Great stuff! Really good to have this sort of thing distilled down succinctly! :clap:


Sorry if I’m being a bit simple but what would be the difference in a free message and a message that would carry a cost?

I’ll leave others to run through the tech reasons why permanency of data is achievable. But looking at it from the highest level, this is a key point for what we’re all working towards. We obviously need permanency to avoid revisionist/technological failures - whether that’s removing the possibility of employment for any future Winston Smith or simply ensuring that human knowledge and research can’t be lost (whether by mistake or technical failures) so that it can unleash citizen science etc. We need to let people build on top of work that’s been carried out so far - there’s no guarantee that hard research that didn’t generate results in the year that it was carried out won’t be useful again in the future and be the kernel of some great breakthrough in the future etc. If we throw out/lose knowledge, we miss that chance. Sorry, off on a bit of a tangent there - but you get the point :wink:


Thanks! I guess the 1984 point is enough really!


Something maybe to clarify: this gives the impression you need an account to browse (just had somebody outside the project read it that way).


Maybe we need to make that point explicitly in no. 5


With free messages, you can talk to friends, relatives and they know your IP address. Paid messages are totally anonymous and your ip address is not visible to the other party


Here’s an example that @nbaksalyar gave internally to answer the same question:

"This can be compared to sending a message over the clearnet (the Internet of pre-SAFE epoch). If you send an email message to me over GMail, Google then will make sure the message will be delivered to me, as I will connect to their server to retrieve it. That will be an indirect message travelling over intermediaries (the Google server, etc.).

Now imagine I have my own email server, at my home computer: if you connect directly to it, using my IP address, and send me a message, it will appear right on my home computer: I wouldn’t need to connect to any third-party servers to retrieve it. That will be a direct connection. Almost no one does that anymore on the clearnet though because setting up your own home email server is too much hassle.

On SAFE it’s very different technically, of course, but the conceptual idea is similar: if you connect to me directly, you won’t be charged for messages. Examples could be having a VoIP call (like on Skype), or direct file transfers (like on BitTorrent), etc.

I hope that helps!


If the data isn’t accessible isn’t that wasteful? Can we devise a way for the network to know that data is no longer linked to and therefore of no further use?..DELETE!


Maybe, but the problem is the cost of keeping track of that, and more importantly it could compromise privacy.


Think I understand now thanks :+1:t2:


There is no concept of time in a decentralised network such as SAFE unless it reaches out to centralised servers and services. SAFE uses a completely event-driven paradigm to circumvent the need to try and synchronise and then use time periods as valid tools on the network. These periods require magic numbers which would need to be set by developers and this is something the Network avoids with rigour.

I think there should be a concept of time as a service. It will be very handy to work with time even if the core logic does not use it. Implementation could be as simple as implementing a gettime call that asks the other nodes in your group to vote on what the clock is, and an average is returned. I believe something like this could easily become the default NTP service of the internet.


I think many would agree, but the network itself shouldn’t depend on it, just the apps that run upon it.


I thi k it is important to point out that negotiating the direct connection is also improved on SAFENetwork. No need to rely on third party certificate registrars to confirm identities. No need to pay for certificates either. P2P communication should become much more secure and simpler as a result.