Sandbox that has access only to safenetwork and safe apps cannot share sensitive/private data

@maidsafe or any other dev we need this:

rough first idea

maybe safe network should use a “Safe” closure for apps that get access to data that are open-source and are audited that they dont scrap users data, or make it publibly available outside of safe network!

it would allow people to feel safe of using an app to lets say edit their data.

such a feature would be a killer feature!!! imagine that you have a photo of your ID.

you search for an app to change the resolution.

you find an app that is “verified safe app” that means its open-source and audited which leads to your ID not being leaked or scraped by the app!!!


going wild here, if safe network is mainstream we could make a open standards device that has a safe OS that would ensure through open-source and auditions that you are 100% safe!


If that is the main concern then maybe a good solution is a sandbox App that allows you to run the Safe Apps and the sandbox prevents any network activity apart from Safe Network activity. That way your data being accessed in the Safe App cannot go anywhere else.

Then the Safe permissions will allow you to specify that the Safe App also cannot store data outside of your Safe account (ie data is always owned by you)

This way then we don’t need to rely on audits and updates to the App breaking this trust and you can run almost any App secure in the knowledge that even if it wants to send your data to a web site, or NNTP or email it cannot


awesome! my rough idea made simple (like safe network philosophy) by you!!! I really like your take on this!!! will edit the OP and quote you for people to see!

The sandbox idea has been suggested before, but cannot remember if this was its intent. But it should be an easy option to include and you can select or deselect it at will.


Wouldn’t apps run in the browser already be effectively sandboxed in this manner?

You can also add in another sandbox i.e. firejail, for the browser, but probably unneeded as browsers already isolate web-apps.

Perhaps I’m not understanding, but this seems like a solved problem.

If the browser is set that way then yes, it becomes the sandbox.

But there will also be native Apps that use the api and run as a normal program on the computer and this is the concern more so than the browser Apps. But of course it is something that needs to be included in the browser

EDIT: Typically graphic editors would be a case where its a native app using the apis


I believe that a safe network firejail profile could be developed (firejail has profiles for a variety of apps already), and then each native app could be firejailed to only be able to use the safe network.

Then this would be a sandbox app if configured the way I mentioned above.

My concern is that firejail may not be able to understand the operation of the Safe protocol and be able to allow it while preventing all other network activity. Its more concerned with protecting your Linux&PC from having its security breached and if it allows the Safe protocols then its lack of understanding Safe Protocols will allow other packets to be sent/received.

A sandbox app to prevent all other network traffic is rather a simplistic sandbox since it already understands the Safe protocols because it uses the Safe APIs (ie passes the acceptable ones to the client) Not all (forms of) the APIs should be allowed if one is trying to guarantee no leakage anywhere.

1 Like

I suspect there is no way to guarantee that a native app is going to be sandboxed to use only the safe network. Unless it’s obtained via a trusted provider. Firejail as a universal tool does offer some protection here though for all apps, if you set-up firejail to sandbox all apps on your system (this is a set-up option with firejail).

Running apps through the browser would be the preferable choice in any case here I expect. People running native apps will need to take responsibility for their results - particularly if the origin of the app is questionable.

For those taking such risks, then perhaps using QUBES linux would be a way to maintain hard limits.